der(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000480000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x80, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x65, &(0x7f0000000040)=0x40, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:02 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', 0x0, 0x392, 0x1, &(0x7f0000000140)=[{&(0x7f0000000100)="8ddf84a259bcfaf57f178052e48b83474389f56d833af6020746f0a185", 0x1d, 0x3}], 0x200800, &(0x7f0000000540)={[{@gid={'gid'}}], [{@uid_gt={'uid>'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/binder#\x00'}}, {@dont_measure='dont_measure'}, {@dont_hash='dont_hash'}, {@uid_eq={'uid'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}) 14:11:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xd000000, 0x0, 0x0, 0x0) 14:11:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000005000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000004c0000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:03 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000100)="8ddf84a259bcfaf57f178052e48b83474389f56d833af6020746f0a185", 0x1d, 0x3}], 0x200800, &(0x7f0000000540)={[{@gid={'gid'}}], [{@uid_gt={'uid>'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/binder#\x00'}}, {@dont_measure='dont_measure'}, {@dont_hash='dont_hash'}, {@uid_eq={'uid'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}) [ 777.598534][ T755] binder: 750:755 ioctl c018620c 20000440 returned -1 [ 777.629218][ T755] binder: 750:755 ioctl c018620c 20000440 returned -1 14:11:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xe020000, 0x0, 0x0, 0x0) 14:11:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getresuid(&(0x7f00000000c0), &(0x7f0000000100)=0x0, &(0x7f0000000140)) getresgid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) r3 = getegid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000380), &(0x7f00000003c0)=0x0, &(0x7f0000000480)) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f00000004c0)={{}, {0x1, 0x2}, [{0x2, 0x2, r1}], {0x4, 0x3}, [{0x8, 0x3, r2}, {0x8, 0x7, r3}, {0x8, 0x0, r4}, {0x8, 0x4, r5}, {0x8, 0x2, r6}], {0x10, 0x7}, {0x20, 0x6}}, 0x54, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) 14:11:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000006000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000600000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 777.744975][ T764] hfsplus: unable to parse mount options 14:11:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x20000000, 0x0, 0x0, 0x0) 14:11:03 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x200800, &(0x7f0000000540)={[{@gid={'gid'}}], [{@uid_gt={'uid>'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/binder#\x00'}}, {@dont_measure='dont_measure'}, {@dont_hash='dont_hash'}, {@uid_eq={'uid'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}) 14:11:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 777.826421][ T772] binder: 767:772 ioctl c018620c 20000440 returned -1 14:11:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000007000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000680000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 777.883040][ T778] binder: 767:778 ioctl c018620c 20000440 returned -1 14:11:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x20100000, 0x0, 0x0, 0x0) 14:11:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 777.960597][ T784] hfsplus: unable to parse mount options 14:11:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000a000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0xfffffdac, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:03 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={[{@gid={'gid'}}], [{@uid_gt={'uid>'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/binder#\x00'}}, {@dont_measure='dont_measure'}, {@dont_hash='dont_hash'}, {@uid_eq={'uid'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}) 14:11:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000006c0000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x23000000, 0x0, 0x0, 0x0) 14:11:03 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x400}, {0xffffffffffffffff, 0x10}, {0xffffffffffffffff, 0x1400}, {0xffffffffffffffff, 0x8100}, {0xffffffffffffffff, 0xa0}, {0xffffffffffffffff, 0x5000}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x201}, {0xffffffffffffffff, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 778.145710][ T798] binder: 794:798 ioctl c018620c 20000440 returned -1 [ 778.154204][ T799] binder_alloc_new_buf_locked: 53 callbacks suppressed [ 778.154215][ T799] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 778.183480][ T799] binder_alloc_new_buf_locked: 53 callbacks suppressed 14:11:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x28010000, 0x0, 0x0, 0x0) [ 778.183494][ T799] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000012000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 778.216648][ T801] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 778.245751][ T801] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 778.261310][ T803] hfsplus: unable to parse mount options 14:11:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) getsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000040), &(0x7f0000000080)=0x4) 14:11:03 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x400}, {0xffffffffffffffff, 0x10}, {0xffffffffffffffff, 0x1400}, {0xffffffffffffffff, 0x8100}, {0xffffffffffffffff, 0xa0}, {0xffffffffffffffff, 0x5000}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x201}, {0xffffffffffffffff, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 778.313946][ T801] binder_transaction: 54 callbacks suppressed [ 778.313964][ T801] binder: 797:801 transaction failed 29201/-28, size 24-8 line 3148 [ 778.334118][ T810] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3f000000, 0x0, 0x0, 0x0) [ 778.356875][ T810] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 778.368501][T27606] binder_release_work: 54 callbacks suppressed [ 778.368508][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 778.400959][ T810] binder: 809:810 transaction failed 29201/-28, size 24-8 line 3148 14:11:03 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:11:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000740000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x40000000, 0x0, 0x0, 0x0) [ 778.416450][ T814] binder: 811:814 ioctl c018620c 20000440 returned -1 [ 778.445983][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:03 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x400}, {0xffffffffffffffff, 0x10}, {0xffffffffffffffff, 0x1400}, {0xffffffffffffffff, 0x8100}, {0xffffffffffffffff, 0xa0}, {0xffffffffffffffff, 0x5000}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x201}, {0xffffffffffffffff, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000020000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 778.480250][ T814] binder: 811:814 ioctl c018620c 20000440 returned -1 14:11:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x40030000, 0x0, 0x0, 0x0) [ 778.526942][ T824] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 778.564868][ T822] hfsplus: unable to find HFS+ superblock 14:11:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 778.576400][ T824] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 778.600980][ T824] binder: 818:824 transaction failed 29201/-28, size 24-8 line 3148 [ 778.617001][ T829] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:04 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x42534658, 0x0, 0x0, 0x0) [ 778.640613][ T829] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 778.665697][ T832] binder: 831:832 ioctl c018620c 20000440 returned -1 [ 778.673898][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:04 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 778.698418][ T829] binder: 826:829 transaction failed 29201/-28, size 24-8 line 3148 14:11:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000007a0000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000000000)=[@exit_looper, @request_death], 0x60, 0x0, &(0x7f0000000040)="c3683a0a8b70348a3774f3937aa53ba3a3377809959dc349abf6ac0cd309693dbf3d4522f7b059ec252905f6f4620f68720b02fd90adab2c08485a423174f6bb28c49d52355d810ebbdc506328e9f18aec1929501b158778e58d0bbbcfa02a5f"}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)) 14:11:04 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 778.739489][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x48000000, 0x0, 0x0, 0x0) 14:11:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000048000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 778.838869][ T838] hfsplus: unable to find HFS+ superblock [ 778.844579][ T845] binder: 841:845 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 778.852911][ T844] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:04 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 778.880132][ T845] binder: 841:845 ioctl c018620c 20000440 returned -1 [ 778.895834][ T844] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:04 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:11:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4c000000, 0x0, 0x0, 0x0) [ 778.923694][ T845] binder: 841:845 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 778.923711][ T850] binder: 841:850 ioctl c018620c 20000440 returned -1 [ 778.941786][ T849] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 778.950546][ T844] binder: 840:844 transaction failed 29201/-28, size 24-8 line 3148 14:11:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 778.978657][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 778.986385][ T849] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000300000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 779.032926][ T849] binder: 847:849 transaction failed 29201/-28, size 24-8 line 3148 [ 779.070806][ T855] hfsplus: unable to find HFS+ superblock 14:11:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x58000000, 0x0, 0x0, 0x0) 14:11:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000004c000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 779.084132][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 779.110560][ T861] binder: 859:861 ioctl c018620c 20000440 returned -1 [ 779.126380][ T862] binder: 859:862 ioctl c018620c 20000440 returned -1 14:11:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 779.163084][ T865] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x3) socket$pppoe(0x18, 0x1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) 14:11:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x58465342, 0x0, 0x0, 0x0) [ 779.205028][ T865] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 779.245622][ T865] binder: 860:865 transaction failed 29201/-28, size 24-8 line 3148 [ 779.245719][ T868] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 779.274497][ T868] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x60000000, 0x0, 0x0, 0x0) [ 779.295420][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 779.327786][ T876] binder: 871:876 ioctl c018620c 20000440 returned -1 [ 779.336088][ T868] binder: 866:868 transaction failed 29201/-28, size 24-8 line 3148 14:11:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000500000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x21f, 0x1200, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 779.385336][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 779.423691][ T877] binder: 871:877 ioctl c018620c 20000440 returned -1 14:11:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000060000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:05 executing program 2: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) 14:11:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}, {r0, 0x1000}], 0xa, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 779.520942][ T885] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x62000000, 0x0, 0x0, 0x0) [ 779.613519][ T885] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 779.645466][ T888] binder: 886:888 transaction failed 29201/-28, size 24-8 line 3148 [ 779.654431][ T885] binder: 881:885 transaction failed 29201/-28, size 24-8 line 3148 14:11:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$key(0xf, 0x3, 0x2) [ 779.671436][ T893] binder: 889:893 ioctl c0306201 0 returned -14 [ 779.697715][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x64010000, 0x0, 0x0, 0x0) 14:11:05 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000068000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 779.717054][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000600000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(0x0, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 779.817837][ T900] binder: 896:900 ioctl c018620c 20000440 returned -1 [ 779.870256][ T900] binder: 896:900 ioctl c018620c 20000440 returned -1 [ 779.888316][ T907] binder: 902:907 ioctl c0306201 0 returned -14 14:11:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x68000000, 0x0, 0x0, 0x0) 14:11:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000006c000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:05 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000700000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(0x0, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0xfffffffffffffcc8, 0x0, 0x0}) 14:11:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x6c000000, 0x0, 0x0, 0x0) 14:11:05 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 780.104987][ T919] binder: 913:919 ioctl c0306201 0 returned -14 [ 780.118708][ T920] binder: 914:920 ioctl c018620c 20000440 returned -1 14:11:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000074000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(0x0, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000a00000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x74000000, 0x0, 0x0, 0x0) [ 780.287651][ T929] binder: 925:929 ioctl c0306201 0 returned -14 14:11:05 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000007a000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000001200000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}, {r0, 0x201}], 0x9, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 780.352653][ T932] binder: 930:932 ioctl c018620c 20000440 returned -1 14:11:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 780.477242][ T940] binder: 937:940 ioctl c0306201 0 returned -14 14:11:06 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000100000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x76000000, 0x0, 0x0, 0x0) 14:11:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}, {r0, 0x8000}], 0x8, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 780.572560][ T944] binder: 942:944 ioctl c018620c 20000000 returned -1 14:11:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000002000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:06 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffe) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000000)={0x3e1, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7a000000, 0x0, 0x0, 0x0) 14:11:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000200000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 780.690231][ T952] binder: 950:952 ioctl c0306201 0 returned -14 14:11:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}, {r0, 0x5000}], 0x7, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000004800000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) write$FUSE_INIT(r1, &(0x7f00000000c0)={0x50, 0x0, 0x6, {0x7, 0x1d, 0xbca, 0x204080, 0x6, 0x7713, 0x0, 0x7}}, 0x50) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, 0x4, {0x7, 0x1d, 0x8, 0x206080, 0x0, 0x8001, 0x6, 0xfffffffffffffffd}}, 0x50) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000140)={0x1, 0x0, {0x2f, 0x7, 0x5, 0x2, 0xb, 0x5, 0x4, 0x9b, 0xffffffffffffffff}}) 14:11:06 executing program 3: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x80010000, 0x0, 0x0, 0x0) 14:11:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000300000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 780.846850][ T966] binder: 962:966 ioctl c0306201 0 returned -14 14:11:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}, {r0, 0xa0}], 0x6, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000004c00000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 780.887089][ T968] binder: 964:968 ioctl c018620c 20000440 returned -1 [ 780.919417][ T972] binder: 964:972 ioctl c018620c 20000440 returned -1 14:11:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x80020000, 0x0, 0x0, 0x0) 14:11:06 executing program 3: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000400000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 781.020563][ T980] binder: 976:980 ioctl c0306201 0 returned -14 14:11:06 executing program 2: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) accept$ax25(r0, &(0x7f0000000040)={{0x3, @null}, [@default, @rose, @bcast, @remote, @default, @rose, @rose, @null]}, &(0x7f00000000c0)=0x48) r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x1000000) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x802) 14:11:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x80969800, 0x0, 0x0, 0x0) 14:11:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000006000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}, {r0, 0x8100}], 0x5, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000500000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 781.147966][ T988] binder: 984:988 ioctl c018620c 20000140 returned -1 [ 781.172752][ T988] binder: 984:988 ioctl c018620c 20000140 returned -1 14:11:06 executing program 3: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x8cffffff, 0x0, 0x0, 0x0) [ 781.204388][ T994] binder: 989:994 ioctl c0306201 0 returned -14 14:11:06 executing program 2: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x800, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000080)={0x5e90000000000000, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x24}}}}, 0x88) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2000000802) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000000000000600000006f4ffffb97900000800000000020000000000000d0000c00000000005a06b00000018ef00000900000000000000fedc888a979bfe44c6f4da07981481a508b5a3b6139822a5ebaac77ea1e032ad0cf5abc27b84ab756eb5eed646dad5c1394de335b112d0de5e73d717c7ffbe9a12b47c9f8101465e07ad32ec03ab73442ea76b9745da638a605f3c011c0d763546a3a9824cfc81ecec8b7edb03647e072edf281c4432e0c778dc2180fc9f0d85a4"]) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x20000, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14) accept$packet(r2, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000200)=0x14) setsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f0000000240)={@multicast2, @local, r3}, 0xc) 14:11:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}], 0x4, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000006800000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000600000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, 0x0) [ 781.366532][ T1006] binder: 1001:1006 ioctl c018620c 20000440 returned -1 [ 781.381375][ T1008] binder: 1000:1008 ioctl c0306201 0 returned -14 14:11:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x9e000000, 0x0, 0x0, 0x0) [ 781.410104][ T1006] QAT: Invalid ioctl 14:11:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000700000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, 0x0) 14:11:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000006c00000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 781.439915][ T1012] QAT: Invalid ioctl [ 781.448948][ T1006] binder: 1001:1006 ioctl c018620c 20000440 returned -1 14:11:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}], 0x4, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:07 executing program 2: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xf4, 0x200) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="c3000000520153375f4a06f233693f4575f0bcf7f976ce4fdd88239c7e477ec908ef38e97859ceceffff6d691fe523c4029210b49403db24fdb670242ba37ba9e98bcb85877d03918d6af15233485ac6d521a89dde0e706f618a591b5584b8109b488f8be7f9131348d1219d8f662bca6ab3605f514e1529a69709c1f3a7c3cf1a4f8a7a6b96489cab4f7855ef228ddae243f9897758e16c62124dcbda2311c47251e622f687a599c486c40a89ea1a8ec11ae6ddfbb038089ef7e64d2e0471337c0fcd030bc1bc"], &(0x7f0000000140)=0xcb) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000180)=r1, 0x4) sendto$x25(r0, &(0x7f00000001c0)="789deaf3ab87a3ce353b91811fb8bad04372063c267308af8a6fd68fa84473b1ac725a97d93d3c03879332ca6cdaef71", 0x30, 0x10, &(0x7f0000000200)={0x9, @null=' \x00'}, 0x12) 14:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000007400000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000a00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xae000000, 0x0, 0x0, 0x0) 14:11:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, 0x0) [ 781.602650][ T1023] binder: 1022:1023 ioctl c0306201 0 returned -14 14:11:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}, {r0, 0x1400}], 0x4, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x2) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000001200000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xb8010000, 0x0, 0x0, 0x0) 14:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000007a00000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:07 executing program 3 (fault-call:1 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 781.789798][ T1042] binder: 1038:1042 ioctl c0306201 0 returned -14 [ 781.801172][ T1039] binder: 1036:1039 ioctl c018620c 20000440 returned -1 14:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000002000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}, {r0, 0x10}], 0x3, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000000)={0xffffffffffffff93, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xc0ed0000, 0x0, 0x0, 0x0) 14:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000010000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004800000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 781.941747][ T1063] binder: 1059:1063 ioctl c0306201 0 returned -14 [ 781.952834][ T1064] binder: 1060 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 781.952846][ T1064] binder: 1060:1064 ioctl c018620c 20000000 returned -22 14:11:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}, {r0, 0x400}], 0x2, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xc4000000, 0x0, 0x0, 0x0) 14:11:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='vegas\x00', 0x6) 14:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000020000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 782.100601][ T1073] binder: 1072:1073 ioctl c0306201 0 returned -14 14:11:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x4}], 0x1, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004c00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 782.169996][ T1079] binder: 1076:1079 ioctl c018620c 20000440 returned -1 [ 782.206720][ T1079] binder: 1076:1079 ioctl c018620c 20000440 returned -1 14:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000030000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xc8030000, 0x0, 0x0, 0x0) 14:11:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:07 executing program 2: r0 = shmget(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/188) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev_snmp6\x00') connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e24, 0x76da, @empty, 0x7}, 0x1c) 14:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 782.276430][ T1086] binder: 1082:1086 ioctl c0306201 0 returned -14 14:11:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080), 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xe2030000, 0x0, 0x0, 0x0) 14:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000040000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006800000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0x43a) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/mcfilter\x00') ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000040)) [ 782.481361][ T1102] binder: 1099:1102 ioctl c0306201 0 returned -14 14:11:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xf6ffffff, 0x0, 0x0, 0x0) 14:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000050000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080), 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006c00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 782.587453][ T1110] binder: 1107:1110 ioctl c018620c 20000440 returned -1 14:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000060000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 782.642559][ T1117] binder: 1107:1117 ioctl 40046205 43a returned -22 [ 782.650482][ T1118] binder: 1111:1118 ioctl c0306201 0 returned -14 14:11:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080), 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xf9fdffff, 0x0, 0x0, 0x0) 14:11:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007400000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 782.704019][ T1110] binder: 1107:1110 ioctl c018620c 20000440 returned -1 [ 782.704114][ T1117] binder: 1107:1117 ioctl 40046205 43a returned -22 14:11:08 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prlimit64(0x0, 0x0, 0x0, &(0x7f00009c4ff0)) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000070000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 782.852279][ T1129] binder: 1126:1129 ioctl c0306201 0 returned -14 14:11:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007a00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xff0f0000, 0x0, 0x0, 0x0) 14:11:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x4}], 0x1, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000a0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000180)='/dev/usbmon#\x00', 0x6, 0x80500) r2 = getgid() ioctl$TUNSETGROUP(r1, 0x400454ce, r2) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x165, 0x80) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000040)=[@enter_looper, @release={0x40046306, 0x4}], 0x90, 0x0, &(0x7f0000000080)="2d26bfb579382a916f33995ee516b541a0818ec111f2891f2151e8016956e9ce441d1da686aed4518478ab4c18fb4f83273e5ef030dc4e227009d2e52e64b9654c61d68138137ea8ccf8886e12862cc99ea19bc33d54f9367110c101a21b89ffec2f9ec0270759e4e2e889f0c2730e2f3f9f1390c94d48f81f6c19c856d4838cb31e2de46d7fee745e93d3b112af14f4"}) 14:11:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000001000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000120000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x4}], 0x1, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 783.040189][ T1149] binder: 1144:1149 ioctl c0306201 0 returned -14 [ 783.048305][ T1145] binder: 1143:1145 ioctl c018620c 20000440 returned -1 [ 783.068033][ T1151] binder: 1143:1151 ioctl c018620c 20000440 returned -1 14:11:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xfffffdf9, 0x0, 0x0, 0x0) 14:11:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x239, 0x0, 0x0}) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x129041, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000100)=0x4) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000080)="deee64421eef41a69275e863990e2b80", 0x10) [ 783.161455][ T1154] binder_alloc_new_buf_locked: 54 callbacks suppressed [ 783.161466][ T1154] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xffffff7f, 0x0, 0x0, 0x0) 14:11:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 783.218018][ T1154] binder_alloc_new_buf_locked: 54 callbacks suppressed [ 783.218033][ T1154] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 783.239626][ T1162] binder: 1160:1162 ioctl c0306201 0 returned -14 14:11:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xffffff8c, 0x0, 0x0, 0x0) 14:11:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000002000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 783.266904][ T1164] binder: 1161:1164 ioctl c018620c 20000040 returned -1 [ 783.274215][ T1158] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 783.287147][ T1158] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 783.308793][ T1164] binder: 1161:1164 ioctl c018620c 20000040 returned -1 14:11:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x4}], 0x1, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) 14:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000200000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4002, 0x0) setsockopt$inet_dccp_int(r1, 0x21, 0x1, &(0x7f0000000080)=0x3f, 0x4) 14:11:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 783.417167][ T1182] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 783.446398][ T1185] binder: 1181:1185 ioctl c0306201 0 returned -14 14:11:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xfffffff6, 0x0, 0x0, 0x0) [ 783.463148][ T1182] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 783.497047][ T1182] binder_transaction: 55 callbacks suppressed [ 783.497062][ T1182] binder: 1174:1182 transaction failed 29201/-28, size 24-8 line 3148 [ 783.497144][ T1186] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 783.513684][ T7653] binder_release_work: 55 callbacks suppressed [ 783.513691][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000003000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 783.549826][ T1190] binder: 1187:1190 ioctl c018620c 20000440 returned -1 [ 783.564521][ T1186] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 783.584126][ T1190] binder: 1187:1190 ioctl c018620c 20000440 returned -1 14:11:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setrlimit(0x9, &(0x7f0000000000)={0x5, 0x4080000000000000}) [ 783.600959][ T1186] binder: 1178:1186 transaction failed 29201/-28, size 24-8 line 3148 14:11:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5ab6aab717, 0x0, 0x0, 0x0) 14:11:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000480000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 783.654496][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 783.671919][ T1198] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 783.682064][ T1199] binder: 1193:1199 ioctl c0306201 0 returned -14 14:11:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5ab7f26320, 0x0, 0x0, 0x0) 14:11:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f0000000100)={0x3}, 0x8) [ 783.744463][ T1198] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 783.744796][ T1204] binder: 1201:1204 ioctl c018620c 20000440 returned -1 [ 783.772206][ T1198] binder: 1196:1198 transaction failed 29201/-28, size 24-8 line 3148 14:11:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000004000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 783.820781][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 783.841231][ T1208] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:09 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x10000, 0x0) ioctl$VT_ACTIVATE(r0, 0x5606, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x802) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 783.872536][ T1208] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 783.893127][ T1208] binder: 1205:1208 transaction failed 29201/-28, size 24-8 line 3148 [ 783.907314][ T1212] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 783.916590][ T1212] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 783.940467][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 783.956107][ T1213] binder: 1211:1213 ioctl c0306201 0 returned -14 [ 783.963570][ T1217] binder: 1216:1217 ioctl c018620c 20000040 returned -1 14:11:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000004c0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5ab9300e97, 0x0, 0x0, 0x0) 14:11:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, &(0x7f0000000100)={0x3}, 0x8) [ 783.968519][ T1212] binder: 1210:1212 transaction failed 29201/-28, size 24-8 line 3148 14:11:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000000)={0xa9650551976c7853, 0xe2, "2da45e48564521e8442c15519bf5a747701fc3a9cd1f15230ec0465147c1c92f56f48dac7e17bf6212298f1e1c29a3e251e6c5190e927041c687173ef55c4c7e2bb9c010352f04d88f4b4a1a2799be637d755fe89e3c32a2f1904b43e58160b83b9aea643b9424d508ec1e67192f8f5bbd503831ec1e47161bd855d089fa6d6ad3ee0cfdda88d3def5f66af820c851fbc79983e90e797ca1c6fac58f2bed6033cb0acdc5e52b5233b6758833319a8fb070b19f540ef664ee9d3837fd9163b0e0f3e558b93764bb3ffc064d544404b7b69513775ba3040edb3d71819d9884bbf594c6"}) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f00000001c0)='./file0\x00', 0x0, 0x18}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r1, 0x50, &(0x7f0000000240)}, 0x10) r2 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x620, 0x2) write$ppp(r2, &(0x7f0000000180)="382eaad807a02380da94bbd73a6c0ca1ed8b2eeb6495c9ddfbe0f613c4747b20dcab931425d8a3123b6223e0", 0x2c) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x79, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000005000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 784.040822][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xedc000000000, 0x0, 0x0, 0x0) [ 784.107804][ T1226] binder: 1222:1226 ioctl c0306201 0 returned -14 [ 784.118131][ T1228] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 784.129420][ T1225] binder: 1224:1225 ioctl c0046686 20000000 returned -22 14:11:09 executing program 3: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x218002, 0x0) ioctl$KVM_SET_XCRS(r0, 0x4188aea7, &(0x7f0000000040)={0x2, 0x5, [{0x9, 0x0, 0x1000000}, {0x7fff, 0x0, 0x3f}]}) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) [ 784.164375][ T1225] binder: 1224:1225 ioctl c018620c 20000440 returned -1 [ 784.180856][ T1228] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 784.190032][ T1225] binder: 1224:1225 ioctl c0046686 20000000 returned -22 14:11:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1000000000000, 0x0, 0x0, 0x0) 14:11:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f00000001c0)={0xffffffffffffff56, 0x0, 0x0, 0xfffffe80, 0x0, 0x0}) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1, 0x40000) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000040)=0x4, 0x4) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000140)={0x8000000000000bf, 0x0, [{0x2, 0xffffffffffffff91, &(0x7f0000000080)}, {0x4, 0xfffffffffffffd07, &(0x7f00000000c0)=""/115}]}) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0) [ 784.227340][ T1233] binder: 1224:1233 ioctl c018620c 20000440 returned -1 [ 784.235463][ T1228] binder: 1220:1228 transaction failed 29201/-28, size 24-8 line 3148 [ 784.244079][ T1231] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x440, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000040), &(0x7f0000000080)=0x4) 14:11:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000600000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 784.280904][ T1231] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 784.293193][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 784.310760][ T1231] binder: 1229:1231 transaction failed 29201/-28, size 24-8 line 3148 14:11:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffd) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2000000000000, 0x0, 0x0, 0x0) [ 784.361076][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 784.394228][ T1245] binder: 1244:1245 ioctl 6685 0 returned -22 [ 784.456748][ T1250] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 784.460750][ T1245] binder: 1244:1245 ioctl c018620c 20000440 returned -1 [ 784.487050][ T1250] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 784.497384][ T1245] binder: 1244:1245 ioctl 6685 0 returned -22 [ 784.497507][ T1252] binder: 1244:1252 ioctl c018620c 20000440 returned -1 [ 784.520561][ T1250] binder: 1246:1250 transaction failed 29201/-28, size 24-8 line 3148 [ 784.542066][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 784.550401][ T1250] binder: 1246:1250 transaction failed 29201/-28, size 24-8 line 3148 [ 784.562947][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, &(0x7f0000000100)={0x3}, 0x8) 14:11:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000006000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:10 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/mcfilter6\x00') bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={r0, 0x50, &(0x7f0000000040)}, 0x10) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:10 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4000000000000, 0x0, 0x0, 0x0) 14:11:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x800, 0x0) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000100)=[0xffffffffffff6561, 0x1]) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40000, 0x0) socket$rds(0x15, 0x5, 0x0) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000040)=0x6, &(0x7f0000000080)=0x1) 14:11:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000680000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 784.951186][ T1258] binder: 1255:1258 ioctl c018620c 20000440 returned -1 [ 784.953689][ T1257] binder: 1256:1257 transaction failed 29201/-28, size 24-8 line 3148 [ 784.973091][ T1258] binder: 1255:1258 ioctl c018620c 20000440 returned -1 [ 784.992021][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000006c0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 784.997030][ T1266] binder: 1265:1266 ioctl c0306201 0 returned -14 14:11:10 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xe000000000000, 0x0, 0x0, 0x0) 14:11:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000007000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x224, 0x0, 0x0}) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x498000, 0x0) setsockopt$packet_buf(r1, 0x107, 0x0, &(0x7f00000000c0)="a993c847f5c4e20f126d6a59ea7688b19ee5be9853ce94b85c3f8d8803e8df218cc6fb755595cf8a79e1f17fb1febceddacce76b265c4e76cd6c380108d2764a9057c4ba40fdfb369429198f62b0bce73e7e29e1bfe0a96fdce108280f58ff161ae976e6f107a0730ec6140bad0da2", 0x6f) r2 = open(&(0x7f0000000040)='./file0\x00', 0x145000, 0x0) ioctl$VIDIOC_DBG_G_CHIP_INFO(r1, 0xc0c85666, &(0x7f0000000140)={{0x4, @name="4f8647b52d8151aa9c39e76653013958ea7016f09963428f9701936264d7e5af"}, "5568700a3877a3057de6538e5fc183a5638129751a896de7e6aad8b2992778e0", 0x3}) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 14:11:10 executing program 2: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) execveat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=[&(0x7f0000000080)='/dev/binder#\x00', &(0x7f00000000c0)=']userselinux\x00', &(0x7f0000000100)='eth1vboxnet0\x00'], &(0x7f0000000340)=[&(0x7f0000000180)='1}\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='.wlan1-wlan0-)\x00', &(0x7f0000000240)='/dev/binder#\x00', &(0x7f0000000280)='/dev/binder#\x00', &(0x7f00000002c0)='&selinux\x00', &(0x7f0000000300)='/dev/binder#\x00'], 0x1d00) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86) 14:11:10 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x100000000000000, 0x0, 0x0, 0x0) [ 785.117109][ T1278] binder: 1276:1278 ioctl c018620c 20000440 returned -1 [ 785.146717][ T1278] binder: 1276:1278 ioctl c018620c 20000440 returned -1 14:11:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, &(0x7f0000000100)={0x3}, 0x8) 14:11:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000a000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x8000000000000) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x248280, 0x0) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB="09008900decde028809c5ef74f617861648b598a1bb27604e32c3f6a06eedb79073585dda9f1658b398e747c75192bcf860000ffa7c40476b607d310abb07c156678fe53c526901fc881b085c4152a9ef2e4264efb508005ce68a672d4efe88fceb3284b757fca66a8709143a05ac30b76e38385e964a7c45c85b380e98f5ab065af04d91d20dc33304ec8f56260989f2e8e"], 0x91) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/conn_reuse_mode\x00', 0x2, 0x0) epoll_wait(r2, &(0x7f0000000040)=[{}, {}], 0x2, 0xfffffffffffffffd) 14:11:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000740000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:11 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x200000000000000, 0x0, 0x0, 0x0) 14:11:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000008140)='/dev/snd/pcmC#D#c\x00', 0x1, 0x20000) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000008180)={0x0, @in6={{0xa, 0x4e22, 0x400, @dev={0xfe, 0x80, [], 0x13}, 0x4}}, 0x5, 0xffffffff}, &(0x7f0000008240)=0x90) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000008280)={0x0, 0x80, 0x3, 0x4258, 0x200, 0x5}, &(0x7f00000082c0)=0x14) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000008300)={r2, 0x3, 0x40, 0x1, 0xfdc7, 0x100000001, 0x4, 0x10000, {r3, @in={{0x2, 0x4e20, @multicast1}}, 0xece, 0x7, 0x5, 0x3, 0xffff}}, &(0x7f00000083c0)=0xb0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:11 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x300000000000000, 0x0, 0x0, 0x0) 14:11:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000007a0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000012000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x7) [ 785.865503][ T1288] binder: 1287:1288 ioctl c018620c 20000440 returned -1 [ 785.899182][ T1295] binder: 1294:1295 ioctl c0306201 0 returned -14 14:11:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x400900, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000400)=[@timestamp, @window={0x3, 0xec6, 0x8001}, @window={0x3, 0x80, 0x100000001}], 0x3) r2 = syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x1, 0x4000) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000240)=ANY=[@ANYBLOB='nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000009c0ad3810767e8e3b69fd42072db00000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0xe8) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000340)=""/136) ioctl$EVIOCGABS20(r1, 0x80184560, &(0x7f0000000080)=""/211) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:11 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x400000000000000, 0x0, 0x0, 0x0) [ 785.984479][ T1307] binder: 1306:1307 ioctl 40086602 20000000 returned -22 [ 786.005577][ T1310] binder: 1306:1310 ioctl 40086602 20000000 returned -22 14:11:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 14:11:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000fffffdfd0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000020000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:12 executing program 3: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x40000, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x001', @ANYRES16=r1, @ANYBLOB="100025bd7000fbdbdf250700000008000400080000000800060005000000"], 0x24}, 0x1, 0x0, 0x0, 0x4810}, 0x1) r2 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000040)={0x10000, 0x5000}) 14:11:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000140)={0x43, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x200201, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)) 14:11:12 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x500000000000000, 0x0, 0x0, 0x0) [ 786.727093][ T1322] binder: 1317:1322 ioctl c018620c 20000140 returned -1 [ 786.755853][ T1322] binder: 1317:1322 ioctl c018620c 20000140 returned -1 14:11:12 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x600000000000000, 0x0, 0x0, 0x0) 14:11:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x2cf, 0x0, 0x0, 0x21d8be6a600dfbb8, 0x0, 0x0}) r1 = dup2(r0, r0) ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000040)) 14:11:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000fdfdffff0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000048000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 786.782345][ T1329] binder: 1327:1329 ioctl c0306201 0 returned -14 14:11:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0xfffffffffffffe48, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0}) r1 = dup(0xffffffffffffff9c) r2 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x80000000, 0x100) ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000480)={"f94cdf8443b614f918647d8ec31f1189ad7cf5b05607ae9295a732e9bc46c06b4734fb35d87f7a75c4c94239f26048e19e8c1a7f861f330c63b21d8ffc4cc458fa87774b88b478515ceb38ee5ac956dd6e5857e76bfa360779dccbd1f14deb0220931d882f289deb46ec8570a1e1c13b7de9f6bb1d44080b2588faca565c3b795fc2d43de2d690a0ebf6d9ccaab8c688b01383a5bc22f026f61593821447a48de75db053b34e81d0dbda32004d358ed7b0e8d0991630ca01d123513c59fe52eb5a6c00fef6df29ffa5c15a18aeb6e274cebc4d0fe4111b3641ad8ff6141286b2191bbf61732f74f5482e73bd66423b5d8397d247399158a739ab9bdffff0e6e8c3b5d1d3b586d3188ed8ea2ff0e0eaef058ff01157ebd1b399dac1877059f2b4ca41d84d98f33ebf2f17f3ce785eba02f4d366de3070b225baa8a06613416f009eafa624526aab43c9b4b7f376633f65f05d3cf84ddcce1fae82ea3c2a97e5617eee65a8b969bd38834630ab8937b0c7b5849fa657a00f5741139f217b7562c9a265ccac5bf1647ae6310bc93fa0c46473d18026b7db9deb1feb66aa1d67e84e48c98cbaa208f57680f81d10ece43c733040a553a56d3735ee53c94e0c08576aba7a3de53bd257c07746a348fde714837b0cb741d734816204936c6f471b3715cb7a82879326cfc6c8951e56d9e3bf0aeac23f728c501a903258bf2788d85322733897ddcb0bc9cbcc7112dcceb9b2c53c52f4f5eed3faf0a371c537895f11c36b3d9c5248eb3f4421f9e6d2bbc01ecba42b92dfbb6d14f8dd63942f6aa1d5fbe25e7bd046f2105372322388043f2029ec464e3fea9a257da613ffa1c5dae739b2cfe180ae61d5e7832b11ae5c3b2192dd739fbbaf67fb53dfb530edf14aa3f7fcb0ba7825d116d420844d9281c3560056bde552cc8ffdc82c03c1081603f8bfebea1c09db302df9d758dac173744456a7a0b1f7b5d8106e524cca0e5dd7e65d064dc9d47b42597d2173c46b2fce43d453b0365a2a44de7c497111faa5386073454f49991768d46c58de5f17270ea3e8294f203ea9844dc5db5c17329e7d71a6679a15f2c00d21f66a64580d5d17af030a43d1ad0e950c9aee1dae6cdb20a50c323c51ebd417d3a0b2fd8974ee6bd3e07fb94d8064632180f1b1f0fbe5417237e6638d060e2f635d265120fa71a6fe5892b4a6b4629e994aff0d122279eb28e3dfbd1904c6bdb3b3559043ef82b0caecc9a2e1386b80156fc244b381084ef0ebd4b6c138afed272b6ad383a94cac4d97ca628feae8d8f6d17cc0ea61d3f0c4f5affce137bd77d3c67de4f7376c5669e81c28e26ae5a94fdb7bc195045959d5c3450c486a61721193b583f753450e9f9ce2a6f420758a999a91c1943fe09198e63a205d924c8fbfc4ae553b509a6a9dd444c5760175b553f458bf887d7e105dec"}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x7, r2}) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f0000000000)) 14:11:12 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x601000000000000, 0x0, 0x0, 0x0) [ 786.906265][ T1336] binder: 1335:1336 ioctl 127a 20000040 returned -22 [ 786.933647][ T1341] binder: 1337 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 786.933661][ T1341] binder: 1337:1341 ioctl c018620c 20000440 returned -22 [ 786.956972][ T1336] binder: 1335:1336 ioctl 127a 20000040 returned -22 [ 786.977375][ T1341] binder: 1337 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 786.977389][ T1341] binder: 1337:1341 ioctl c018620c 20000440 returned -22 14:11:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 14:11:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000100000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:13 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x700000000000000, 0x0, 0x0, 0x0) 14:11:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000004c000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7, 0x8000) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000040)=0x5) 14:11:13 executing program 2: ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffff9c, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffffff9c}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x450100, 0x0) recvfrom$llc(r1, &(0x7f0000000480)=""/4096, 0x1000, 0x0, &(0x7f00000000c0)={0x1a, 0x1, 0x400, 0x100, 0x4, 0x7, @local}, 0x10) close(r0) r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x8) ioctl$BINDER_WRITE_READ(r2, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:13 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x800000000000000, 0x0, 0x0, 0x0) 14:11:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000060000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 787.652496][ T1352] binder: 1351:1352 ioctl c018620c 20000440 returned -1 14:11:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000200000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, &(0x7f0000000040)=0xf000) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r3 = add_key(&(0x7f0000000100)='logon\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$reject(0x13, r2, 0x9, 0x401, r3) 14:11:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x40000, 0x0) write$UHID_SET_REPORT_REPLY(r1, &(0x7f0000000480)={0xe, 0x9, 0x53, 0x6, 0x1000, "dcaee3a9a991f00537bfffb80d690c6fd3d20791ab0c0918360d897bb7dd1e02ab260ba1fad57b393cd2b188bf2a33e12f3cac38fcff423077973d290ae518c6807acfa444916691bc1d41db76e14fd58b1a928f06022c9cfb7f0c1e09568b523034f560ce758e09bc74db445917733bec8cdb97d0642df93360b25b440d7d248c4c05a79826708f6ec51af1355a71cd81e1ab20d098b0bb461692a814f38982231edd4ae3893b76490d049c40e00fd156f9270ff6af73cdbb4b30aa4f17fc008cca1e33da1055990b771f954499dc03f38781aa7a8a2c93e526e630725c452489d0ab47dffad25c3001014ffef28c81b14b6ee77d9f49410fef33e2b3b27ca08b0120b192dbe18c1005856620162d3fe67973402e5d114ab59db00a30c6d1e5540aa37310f3f83d62775a4a87708f76b1b00028c1d609ac8804c714e857c961700b5e728b8126e43f8116f6d351e1acca763e70d9b7531d1d9d6fa9640aa3ecbf1a8659c41d7550573808012e59b64fa9d2fa0eec1f37cedeab2eaae36d9e044dbf0c08abcc7ca761a9c90ee535e1868ac6c4fcabf5a7c54198c5df41912a93d1e58c606c1e759b9007d32c227e2a8b263f91547a286a63ed483d0d061b98013e7221425640caaab115a252fe2ef6970aa55b591f42cefcdf2a02a7a2fb90dfe2322f99bfd6def3c514d9752e9bf5484e5db0515616d8d972f1c8da294a6bdcb65bb6e4ccd5de1f588e6fc444c03fa0fbba667aff57d59537a44034e2808006b8aad7ba411692bb1a808c0efc8f291270d368ecc0a90ecfa0be9126890cd15adfcac5f9002ef711509c0d50451364001b792da8107737685e2fbea99e29d3bd5aae20e701cabd8bdd1d567c13707976bec6ab3266ce36ab5ee1b3bfdf4d5b6275b473f4e4685874a09034eed4164fcd40f9f70808eefcf43e9ed2d3f4fdfb61015a6a098d118663e283743bc09167b5ae6475926398ba711a9d25dd82add05abf1b9f5fc9083227d8c88d97257957848d1909f2a7833afe0b6470e75f7c5382e30f4df37f90d23dc2fa1b370214c812c08d52ff326f92240a57bced68b71e19672ba793db928c21e6778d08ba381bc2d5dd6aad933fa39a6b8839bedb41c1cb6a1aee418b54f0e10c563985cdbe84748e3a5551456eaa78e200b0fe6a42b4b2e31b1a47e692063fd0a10e9018168d82a64db24398496f0601837ec103c1b4f0023c2abf84f203476ee496dec0cc69b936cdee4e45131572288e278743e455ce81613abc255e0b9823b82b3a306fc30d1276dd35cbee15e07968a41c469d78bfd89f6c83892ed23c765595a525d5a9c6d83fca44c1e12fa401512dd846647d26d034bd39b0d8e912a9229e543738fc7a2db92a8c7f01d710d307737105c37ea4449a22b5bf242b9ba7d472551c4102dd49a70bf9e9265514d688da5dc82ca79af84deebf1ea70b222cde84df6c93434559f87f21bb46f67a6a2485942453395a35f720c0ed5dea54af0dda38edd1d8cb70c6730d845951d00b0ffddb805e9d66a7bdd3142823626f8cbb76df9a608b020f946d715ebe6c7931987c37db84f243dd5d317f197669c7957047c3824261afaa69b62a1659873bebaf19785f41d321640e883065d8ce2ff2b49c23166cf7c6a1e94efa66332dac57b5dfb54601c9a2d8d86fdd63c2ff657c87b9e930aa9e943805477cfbc197316c35ff33cef8930475f927cc0e7e6c0cc257ce4048c0da3ced7b662307e78448f35ce27da1929a722ea1ae0ef4d87678a007f547885490be9e3ba32aa3bc18693a79a8675318a30437b3b1990a6f8a37974ac39bef30e256fe6ddf5258d91925c051bb068c3cee0260f858492aed6dce42f8bbaa0e7bd8c7733ee9c744285bf6b91ff43ab44054bbdabeb9f39e569713cb2746fff049715ef4fabc0583ba486dc749a9de97b879f22eb7274903ebe053f1bfa13770f747c821470ac5bebc10d44fce2f2305430dccc998aa417f073b94912534e737e4b5615bb960ce9e1050b130a3b20766ca1fdbe2bb31348d6c72fd4e6546f8ccd38470f08a1b0827d2c800e9fb48bcabe49ba1d063c5cb6fff0806160214bfff38b2c9d264476ce024f0949be9de11259e8e5b9d28388c811380a8001f9713ed65a0ade80bd679fd09b9efe045233be50014695d0abf2d5976f88fbfcf1fcd3cfcdf7c4302f8727a3a148b89c4220aff6c57b28bbba7902b42ebc2485ea6f33f89b71bbc8b85d84b01fe41d5b569c16d8c201c6195f4a9eb6fc302ca2b74117cb71d9d63e6b7a21af36a6d9ba5850f2c98e369abe3b9dbad8edd744b4b281572dafed2ebaed9e38ffa654b777653c58aa9517cbf4208f822a911bfe22a061df4de0e7e923da62e9bd1d846a38e00b546d54a5c1e2ecd88f10180dc6ca6824d68f1cd2f6f4f2d8ff3f9e6a396ca9c217cbf1762cd2209357f909a5e7131bfcbfe0c93450a878edb25f63af4b52f7b7301d25916d85b95ad45af54e349370df57e1c642f45eb229ebfafc0d75ee0d5dd15b707788657e93a3bfc6f3676992f54e684944c6fa587baeef0a764c4bf03eec6cf0155756acf07f0e746d6e258046bcadaa8452ef1dfaf77af8adf1e2bdc4886d9fbe5bc6b9a79b0c1799f48cbfdf115fe4bbe5704c0986504d9fd7c7392c72a1fbb5551147fc212a42b02b85f41743f0eeee1d78b3511b4c6b49dc60752b55260dc5fcb44f703d1fcc8a843332162416271c5bba9094c207d9fcaded765bb5d499ae93c4c30448433e5a36eea8ef1feb7343f56db345043396e482615851906e2e4fbe69798317ad34cd76238010d19c48739aad7e7c8f18f65ea2ca154c40e0bd95ddeb5c90de3608bcb19e917b357b634b4cf382933bd95608486fc3f73c09df846eb7720b00b32ad0e3da4d8a1b19927f803a260100d04fd5831bf55da38812664b03470f6b9f6f6bd67d87f02267999d4b9bdd7af2be17ce2c0c16a290a5836466d667e61c3f8588bffb53fc9ad2687e3f193e4978369b05ae56c07e3f22967a9c91731190e5d9399cd9b41cfc4099bff574a87fafc2730b5c6db6940e196c0799d7f1c6053a088fdfc6cfa913e097b99ea501c4305d03e9e5dadf48eee617ed35baf53f5bce3806af653e9e1737be7fdcff4ef4a38efa18149f4f9bb89e221e02210b6e2df21aeb9934f2bf7f404b5cfa9bf7b272be01fc44db6fd8cb66a40477bb2cf0971024f481433be49a31d896b9a85e364dfbba72f5a1a9e5d88a21352e39cc11b353e72cd2b0949a7658dcc6896180613a9f1d543d8dac65561c9fcf41a0cd7dfa1a7636f8af18a54e7ccc731ec3e1096edf3ebabede24c80d57f90712f4e6a1c5e7fc4c519cdb6e8466f877b3290053d1083d0b66bd4935480b59e0e3bdacd2094f39f26f314c0ee678676d74e51d12009b5c25858d089079fc65e116a265177e143fe130dcb46341b8adbee6b7c2e9410dd7fa729d8b5806b39ee380484cacc047f6f86695b9f0a8d3a20d6d81b47b8f996e1fcdd881b13012fd139124fb601ef63f159e08a6838c977c4f86c57216aa894bf74c1e6047d58d0638013a1c24c24f48863f86e183fee2830fbf185ffef8711cd2e207aef1c923d07c6b8cbca6898c45f1619e90b9d15bce16a2d18ed0554a38699e3b1234f894988b3002f4981e7f6c9387cdae7e019e903a6cb01d5c96f07919010deb69960c029a6e6b54cf4f679be04950595a43709345fa9598228b2be044bc1594176853fb673f25240116fbd910d5b437645eea8ada1b09bebda25924cd1e549eff96f8eeb270bbe488a1600732931d7d2af80389a18ce41d67d585d25bfd477f5508c51d14855e9def18c68697f5d68a262a6f21de0cce91c4e36b5d955f3713e9134f5e3eaed093456168d2fae981e58df1d9c2e28839949b2292018b8344acb4ace8af0617888b7750a3191bbe1bb774286d46a4dd130e4c81d6392e610edfd07a16dfb8bab457abbd3087bc382095c62977a3bd7baa71602573945a80a12a4947f369d037ae4facd26025d1ae80ea817543f1932727b57756106ba17ee79669e4a59317e589b0b47ccbe4fa6c3cf2859b7e92cc42cc91a2baf9ea8181f33631e474a5c17fc6b74b766248c2f550b01a70352a84c8bf966e90345016ae82299d80eea9cc8ae887b8c818801d6c2709dd6c537bfd7661c55367d02ac610c7d58a82f11aac967395e34fc1d223f8c8a5f3cc014cd03d85a27ee755c1fd454f1bd2317450059bb990ab041d6dbcd69b45fa618abcc313cbf2a3e0bd8e5877e2126f7a57cae984fd4112af6283326847b7fe6d4aa785cdea61cc7538ad9ba94963ce27c750c6fd29bfde9478de9fc41b0f78b41c144d3a7f3fd7451b404584c9d1d5d9168b34d2671a8066649932633734b6d0c442f095b9c4ea361e5771e00ec8b01e8b7bf2dd435c87b69e96ab28507b955c67b552304588b925899ed6f20b2ebbb96beb0e490f632b2f00fb4c1022ad078db28b48a2fea70c85bedbd6fe0785b8bf18c05a87bd57b4edfcc7d7d44cf02b2c1129068ca8351ea93131812b47909fd97efdea58db3104baf3c064166a2228fb263705422e96211f30168e498ce01e57b7687c056186b96ac066a7a18cb36abcbc5e6b1f5a6742f428da7c11658adcf3403d3d8f08449403f7f02175f51d1a7303f957cda255269871be7079d79cc0b38a5f3cd45bc98a92fbc0a372337f8e3d59a56d858eeea339e20e2dd6e80412c8025ac32dddb49140281629d77a47c3bfac09136e76f23d2267e02c871febd1af8fca6a791121159d5f2a158da782f12d55305915db8fde5defccf7b9f830f5ac3c20600687e135e9bd35c6f797c158335d1956b8ba6f889ec35b7bed4a6bf50af782c2f6e2ab797cbb807a67e8990afca0abf7824d24adc559ae36cf7ab6e4d0bf291e903d5cb1da9e3b9dce2ddd2c0e7c3b30a6fa7dec0e957552575c9c069d90e7a6dbf97a1c9357f31bdef9a76053823c213babd026fdcae70529db1a34595688d95397033f5b844636a32b42f7306f3db39f545bac743ebe10f94b7fa00b8da09fcb5395a4e86aa5a7392fdb68c2006a9cc286cab0d054f915e28e05a1028d6f31172639f2b0979ed4c92cd2659d74d57e8f1071a55ede809e1be9d9c22b7a859e10bf8991afa59a58643f0e592c47059854eaeda65e4aead35ee165bab88e1c2d72d5aa14473c8f9112b970e511c0795adf466f365129f2ca80d96daa6ece81fbbdc34ac5ed3805beb311f14cb95df8187cbbdcd197c42d60892098a79678a3893adec4eb4c6bf4d6974b00035c8611695418f6823b79652da8fcd98697f98a84300a15acfcf9e19575046429b928e98aa582f5ffcb6f3ef11364b2567923ecc3ee8350be13b592cb522a063655726d058188a5ac709d15718e33bb2c662e59968ec059169044a2d47b1b746ac64292e2ce5184a4e50ef8ef34294e33102a7c600e49403581370caa9295f8b26d50f88e9b8e693e1b9b13b04a4409c5a5daa25476c3a4859d4efff68329044cc624c2433075d622135e161420010fb1e38b73e9e42e7570a21eee6d06ce7fa3145deba1bc6178e3f6555a667916dc38f76c83973893d7af5e7753ca44d8ad1d4667d1f072a0007d2ddd548cceaef390cc83b87139adc17a20b1d9ab180c11c5fcc6c1b954cabd22db0963aeced830bc4f7cf627e1455ed03f71306cc57a451cd3b140333eaf92b4604875ceefe0f97f214bebd07d410c62bb4bd996d9bc7faef7151b6f0113312607c1ec6236090ee6f58e80fd4"}, 0x100c) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 787.701187][ T1359] binder: 1358:1359 ioctl c0306201 0 returned -14 14:11:13 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x900000000000000, 0x0, 0x0, 0x0) [ 787.796130][ T1368] binder: 1366:1368 ioctl c018620c 20000440 returned -1 [ 787.865932][ T1368] binder: 1366:1368 ioctl c018620c 20000440 returned -1 14:11:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 14:11:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000068000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000300000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:14 executing program 3: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x6d, 0x418901) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000040)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x18) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={r1, 0x1}, &(0x7f0000000100)=0x8) r2 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000140)) ioctl$BINDER_WRITE_READ(r2, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$sndctrl(&(0x7f0000000180)='/dev/snd/controlC#\x00', 0x21, 0x800) 14:11:14 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xa00000000000000, 0x0, 0x0, 0x0) 14:11:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x40000) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:14 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xd00000000000000, 0x0, 0x0, 0x0) [ 788.538508][ T1380] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 788.538519][ T1380] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 788.556357][ T1383] binder: 1379:1383 ioctl c018620c 20000440 returned -1 [ 788.575613][ T1387] binder: 1376:1387 ioctl c0306201 0 returned -14 14:11:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x101000, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000040)=0x9) 14:11:14 executing program 2: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x1eaa, 0x880) ioctl$RTC_AIE_ON(r0, 0x7001) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = msgget(0x0, 0x1) msgctl$IPC_RMID(r1, 0x0) msgsnd(r1, &(0x7f0000000000)={0x1, "9b4d9c1f1af1"}, 0xe, 0x800) [ 788.626020][ T1380] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 788.626036][ T1380] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 788.670837][ T1380] binder_transaction: 20 callbacks suppressed [ 788.670854][ T1380] binder: 1377:1380 transaction failed 29201/-28, size 24-8 line 3148 [ 788.685808][ T1385] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 788.705375][T27606] binder_release_work: 20 callbacks suppressed [ 788.705382][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:14 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xe02000000000000, 0x0, 0x0, 0x0) 14:11:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 788.705499][ T1385] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000006c000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 788.780799][ T1385] binder: 1375:1385 transaction failed 29201/-28, size 24-8 line 3148 [ 788.802711][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 788.838827][ T1401] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 788.859549][ T1401] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 788.859581][ T1401] binder: 1399:1401 transaction failed 29201/-28, size 24-8 line 3148 [ 788.882086][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, &(0x7f0000000100), 0x8) 14:11:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)=0x0) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x4) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x20000, 0x0) r4 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) r5 = open(&(0x7f00000003c0)='./file0\x00', 0x8000, 0x81) r6 = syz_open_dev$sndpcmc(&(0x7f0000001500)='/dev/snd/pcmC#D#c\x00', 0x6, 0x800) io_submit(r1, 0x6, &(0x7f0000001580)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0xfffffffffffffbff, r0, &(0x7f0000000040)="e19ff5f28c0be3b563e97061839690f4c2d2b5933695e0330eaaee7c41e966f4f905462c43a546504bb3f80f189627771f2afb0ef2d6c083c8d2b663d7a007ccc658846a7fc5018137e3a188be881faa616154ae90b6382374f3ef78e559", 0x5e, 0x95, 0x0, 0x2}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x6, 0x2, r0, &(0x7f0000000480)="7a3ae49dfa957477432b7616c2c2dac9d7f96e5402028985954a0a1d6c086cdd4058be99361412e12b5318ba0e78403065bf69f81c77e5f98830c4cc8ebc95eb80d1fedc8707f2e85ddb7b09402607c72c41ea845630a1f40fd5d0bfa7c9a8bd7b45b1a1cbb4fb817e29ece136d956c786ab11d5cc0f32adebc2d012db4cd97a9a1a9ee3d056f496540726184e7f74cc3ec3f67946efe3112390f4314326768189a8afe663f94be4e81b913e11b5a53d20c060f83e888761c2b7feb3305a8037f132c0e6ca798e6a87695eae74088a42ed461be07157065d50a7ebea15d3b5a5a250cd20b0dedd98819580c27f20ddb9c2d0f530598c8db62e41c7ef2282a2fb125826cebdc3cd6c9fd7f2ce58cd395cbc0c64770fbac0deddff3d60f79eed8b2e0ecd215cd9c438dbba66d3eabb9de0146bbeb3c25abfd71894fc3028509e5ac57c26ff75c23bcbfe1630c7bbd9de3d1b771732b265001f51617ac4f9e11a2178673f27502813966eea52567cba1d37d933445932976f8c5585b65dd27654417abe90dacd9f6cf89e34a741fb7a35df16e7b7bdfdc2e1525073e77a2e51b606bae2e369a368383bfdebff528397b99f0a470a7d38959cf90f354d123b02780c42ad220eb7dae094aedc3e057f0b58b92ee1e2a14fc73304cf0a77fe91a860141809fbbe34c3b5e8fd469a77f6f988198e13b250b641d2a06a3729b7576054eb63b14c3619bf8186bc756e0a9568d3eeaf0a673f64e53bed979be5e4a41850012f726f3b18178786376169bc25f820256fd0968ba97b8425993069f68a22de12d303e3a30c4fa0eb8d00eda02ed806fc5abd2093a321cc5cd853c52a3b50235977001512c726dc444ac7783c86d4aaf11ae6bc412adaaea9e07807be5fe9975e9097cc7b6e44789adf6e40c5d513a7b901e3b6ac51b398f429630136fe9065b6b115c43fc5f0ab3f2dcc7c28a13519e347a567399a445c4811ceaba61b2b5534e5bce8d63233171a23fc1684ec91c9ffb85482ef1de987cb567fee1a515885f3d4cdc5b3f7435d870cf522c57d05749fd80e8241ae18d5d878f177dd9e6c7a11c13ef915490125bbbbfc753a6cfd9d74acc4a98bbfa120433dba289e65169fc4206ff031b8f34fc256f64959ed2f5b3e484b53e1931e74d82d224b7f90da9ec2753cf0466a871406bb1af2e91667dba0e2c9333c309906cf2c55f00f23d0d31854818cde57718e6c33ca221ef775acdf65dc7825cd8705b94388286fdb7460d800e707191bee128a63464bf279fdc9abc94f4a8fd52e1b902edc9e6816746d6c3628e22b6f8c7f960a592abc0fdccd812ec84776a4c60ffca0a8907609bb56914a87ccb862addaca336425286039632e6729161b6da1c06ca0da59e9fa40d243bd482e508e89e226fffec0ea9487389cda8c8bc275d996aefaf3705117340b2f82bb7825aae753d2c47743fb75570b8459ccbb32aae5fb35f0090eb03de50ae021ced261669f35cf207cbfa8aabecfcea6031140f9ecf71fcdcdf4db024d447347430a87a44907711ec89a417818f42dd5278da6883c287f3de4d14a496a533f522f004dfcb11fc2449a608678f6be8222bcc0f0c3935e260719afc7364877dc52d518903c550e3d1bad444d68fb99cfa89673b195a014acbacc3dd514580f9dafacf357de7619a9911c7ccc411c71c82a57bc864d3be957ead083660c3235458243db0e9d810a5ac419e5174ab4ad717707c8f6921156bb433a228411f897f4c634a4845fe63ca0dae19f2efca2f9d42774f58004277e0b890034be7afa3de9b19fcb50b32018c47a771c1187311753d4e9f51269073065a0701e5f27ca8bf14042a2ee65c1001e31068dfa4106e4c234a4bef04bee6b8c4e0f9611002fb1a49c6bb6088456730314f09372e077ed1c82c985b89f79217f6396a538aef22ab66bcf3cd6a8adf7e37bb31f3e47e6dfff03fbbac0ee1df55d7c6d39c59c17bbdff213ee79e41355b41c50739cf69186bf28a5b6abafb12d3c5f672cd42806be0e0c99dddd38a9a6d0c7acb5533df0f9f267e3e923f1e44546fe812ba09c1434c549b63514f8dba71d210cee7adcb9129b21fa69a896a23b4ee2ed88c08baa8cad597f20e4e4a59bba018f2d9c81dba3614311c37ab27b766b7c794ab5a26a0e30fd0a9f640d83be8864b4bd439b477b6bb2f8157016c31db96d0bed25cddec262daa0a158c044d263c9c5997f998af9f31a575d108f252ea1f88af0883a144aa20a63f54d7a2d146a8a0ff92b9839cc8c30272e2ce21b056ef78541aba6eca66fd7fbef2f9ff34ce6f7a7911a90b97783822701e6bca3e3e7ec8a645c2351c601ced65d205f24ec15d93c15e3836ce661e20353e765db322382102b75e93b05ce02322d5af4b6234b04faa9a5ed1c3394369940651a6129e4b499f7febe902f4b216830e6d511a789e05e07a4965b97578209a7f9a75601ae36d0d425c353966470398aa6fda4df56fb273af0bc247a3544cd31b685f95255873e6541f49179530d3668a1f0cb250787f9468bd113323987ba90eda0f6daa859e71aca76d18dfdaf8d07b3f1211de2d2522238da7a4f3a6aa396346917ff159eec4aaa77307fc027bfdbbdf6ccc6098298b9ed2a34e97216ffe3f974f8389e6bbecd7325d5227d2bfb77e14cfbdf80e61496c9dcbe407a58cc0e5936cf59ed571606b8e51caab8c6251567a8bcc214ee7a85a6630813fba68cc6a80fcab03b25704d1613351082cd990cd83ed9df471416820cedd757889887eacdd4163587e2a932579817d29e64736fe8131244a498d4d73ee59e8f3346db281f03ca6e23f61a24a3bc523a896b70838b0dfd0b1dffaa6ccbb74a13be0a27e439582be13fbd28fb63f77b3386cf21ab695f2bc91a023c92a232ee83e136f75a598635122489b399e39f06d97bf0bdce88c84713fcb54862f684886caef818369d562c6fffcf5b13ade26728a9ba8a887bd905d101a4cb88cc861b92c2d1ea398d386d374282cc4d5c573965e77cb663f07c32819c52280269bba141d476416b8ea56ab44d8cd43963a79f201b1afa25ce9d083322b3f095a043df0fc50f2335a48dd65ebb9fdf02c0bbadaa1e5e9bd940d523353a4a1e9be54fdfc140a9fbc5eff34348d7cc56c129f993462f8387b78ac121fd2d2e73c4c310109b55c5665a2c8cf6fa312ffc30fb90ac9f5e09a4fc8843f0e0475f0cfda810a2b31c8dbf57e9673f218e2e2b205606bd1815f03882d9f07b77e53967cde9802a106a1f0f87c5cb89107eb3f93b51336239a44967dd2f6a2dbff2839057303e375e5c8598b776dfcaf64acd896d254a1aeddde882bf344236836b260a4bd0d25c9d6c77eb410d742c5a5840090d7d5d006ea0f93a8c2a595e75bf3bc9571f708a72eca10ca304e757dbda846df3783a489ff1627df45dafc24d879fae0c14def6d98abeb12e8ee59d1ed10efe9b0cd1c29f3685ebe02c7153dfe05359cc2df4a41fc11d42944e380ec2a0f81892c0bb715ded3c21dd12ead3c42feb631f9ee7390d9ffc91e1ee5a1a0e5443352ca9dfbbc9617adacd02e84e0ae8acb4a29303a4a745ead04c0b52f32b05b7ad2210dd202581b6999795c3468735a4b1380d2e5d45b19ddb0556ef2502598f6cbe660153c974dd8ff89ad70f2da8528b3820efc39580807286e0fad951b60da734138278c0c9cc0924c473ebe8f6f53a54256f5dd9f804cdbc175f23754193226d424b06e36c8e2255a1393d465d95d3ac3f6be1e1a597539413606b82fe72d5acf7264a0563aa70956c4cfb539122e6647701a6f79709981b4a8a1fc11ce2b35cee7b07a09415462c0793b79fc29c97ca222863857021be791999a89662ada1b52466598c9b7881321181baaa15c9fa814d61fd46d32ea8b0827d9f20500325c7c63e07542899215f7ff68d3cc245d8d57088ee81d985b07f5bd9460aaac8ae745e41aec306e0c411222f882e7524529271f09f61cf7c7c898ad90b1e538b66da31a0748cc8395565c678ec5331cd542fcf769ca88edb37bb8490d1415da58387c9cd8e219f247dfacad0db20b1c20a4f45b636954d8824f28b04947a162215915be28873c93086a6ac92d709afa8610bee6d5b70027b15e8202a49bbfa57d124dfa1a4852b0c7483ff40205e058fca05eb2e84a68bfb62e775374245211b900bae91ef83e01ac8cc5e800d8ae8272e832e4b1874187f5654a133ee10dfcca914282296037faaaee9d3770e68d22b05c026aed9462ea81c851a685c942f83bc73bb9601eea85123056044ca26c0ff0f39a6bd179213d9c7b0451c145e4bc0e0e5a633282506c465dcf0aeb9275e0394dc69026170e04875124a30f229268db6134ee34d8c9df0598e735d9d3b09b7aa05c16bad1488591a43c0e186419666fafd0e8a3ffe2269a83aa4d39bbaed1248178a6d74d40b6f70884dbefce0d85ee51a2c65dbb74ce720b9b5d28bca1ec85a22bfb8273910a535dc96d29530991c66c70c4136d04d9273b0c03058f20d868ff113a23725069d93557ed892d66bacc3de8864ef4e73941f265b601f393a5b6fb67a0c6ae787add6e02c82f64f1e0a9571cf342e84023ad4f78dde7a4ca5b279e8800a033b9ad33ec14a3ef90cdaa7d8fce770b33cf19f3d88d215bceeb715e73375628e98f7416d6d907f06e709735bfdb4ad5daca75a06cf43fcbbd7fbe38b020d09b89847c53d7f7599441bd5ffb9b843c38ffde8627b869404db07f2210f04754b2921bb45a1dc0c137eee3e2f7e7043c9c0d6ada9b999394d1d48866f3c6a86fd0c1883d2e90313ebdd46829c86a65839307ab4d08093b8d5ec71042bf0560bccc6aa34c870aa93c1f0df5585a28cc33345f072650bfc548326c6feed4c353ea9e9c5ab854ef8419271b598910d58bfa2c4d64983975e2659f9439976fc0894bef93dd79787ab2af0db365b50ecca98037f34170d538372038ca6f7801683de2ba531001823f422d69a74a376d6588a25902e480f573d026a9dfe9ba5adc32b6b173f385386b3c0145bdd09482096c564e56eb2c00ecbee9d0aef0e37f78a49cc21752bfeaea703320d9ba4a5f7b325a40d3843f5af10f683021647dac0e0661c0abda504e895eef0980a8aaf95ca9b7639d272de4b0121d63a3eee4d68242d5b5bd4af755afeb64eac69096754e39dae2313dce9afdab2cc133b491779f0a9baa911c32ae2cac3aafe13ffbb3f3f395858649b8d57e40831fcfa96008a63f87147ce498da9cbdddbc4bc2df8eb5bc07da80c2e54c0f2cbdc4d5fc7e1a898c63376cf46ba0ce41c233ad1a17e91296e70764625f7513d7db6bafafeb673ab83c03c90da4deaea56083425c25e4823c415fcf2c374c9e3257ac9a8fa3268eafbc14a96ccdc65d516944009ab5f8335271ab98ad4587ae114df4e963978fe9ba2304c6d1b89a03a4ee4ed29faa3a8c7bf775124b000f63b867d7eb24d1d8e78be28e0a80b82b6f94ff090dcbe1fd6a7501a59fc5ce38dbaababdf502072e30a2c290e3114e04bdb8127be43b24a4b1dd18b07032eb6449efb7226a84c946962ec56476ad81a692474f7e8e83b03d0bcb339b791743fb076cf9fb1f1350ebfb48a637913a93d6a63f787203a2a1470cd2db947f5780227e318fb244a2c6a637158cd952cdf1858d3dea923d0fb4e8701d1f7ae2b9fc74ec4ba08953ffd92d49cf5351baa0e95a2e4fe6e950f7fa14336dfc9b0aff6e5493f6d7ccf32120e9486cdaedaa778116c0a75962f6239088b278cbf979419", 0x1000, 0xffffffffffff745d, 0x0, 0x2, r2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x32c6, r0, &(0x7f0000000180)="2787f265a8513dd3f5181220f1212924", 0x10, 0x958, 0x0, 0x2, r3}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x2, r0, &(0x7f0000000240)="98c1f222ac39798c17cd7baad494eaf30132", 0x12, 0x2, 0x0, 0x3, r4}, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x1, 0x7, r0, &(0x7f0000000300)="3ca0cad95a2bc436ecf2f53f8b3a31c50e8893399e29888df76ad201de32c5652db2804d00207be072168ef20aa0f1e56ce7753e31bb7a0972558292126eb81c94fa3cd10ef44d99b738667aab15fb692b100a053ba72797fa3d9fb0271b3138fd2bfd69540475ba09fc380438e7c2f5f643e1a0515b038fde4f254856af69e17a5710d0d7896b677c887298815a8ce9146059d1c758dbb23fb1665a621c72004c42f234eb9dee586cc6", 0xaa, 0x4, 0x0, 0x1, r5}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x2, 0x4, r0, &(0x7f00000014c0)="9cc26197dcacd9bc80b44a935dfa1e66b611702371940b3c17b232f819e3", 0x1e, 0x8, 0x0, 0x1, r6}]) 14:11:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000400000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:14 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x17b7aab65a000000, 0x0, 0x0, 0x0) 14:11:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000200)='wlan1user\x00', 0x0}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000280)=r1, 0x4) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = accept$ax25(0xffffffffffffff9c, &(0x7f0000000000)={{0x3, @bcast}, [@rose, @netrom, @rose, @default, @bcast, @bcast, @netrom, @default]}, &(0x7f0000000080)=0x48) getpeername$ax25(r2, &(0x7f00000000c0)={{0x3, @null}, [@bcast, @default, @rose, @rose, @null, @netrom, @default, @null]}, &(0x7f0000000140)=0x48) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20\x00', 0x800, 0x0) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000300)={'security\x00'}, &(0x7f0000000380)=0x54) r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r4, 0xc040564b, &(0x7f00000001c0)={0x7, 0x0, 0x0, 0xfffffffe00, 0x5ad, {0xfffffffffffff365, 0x81}}) 14:11:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000074000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 789.432048][ T1407] binder: 1403:1407 ioctl c018620c 20000440 returned -1 [ 789.460804][ T1410] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:15 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2000000000000000, 0x0, 0x0, 0x0) 14:11:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000080)={0x2dcce145e9cccf88, 0x0, 0x0, 0xfffffffffffffefe, 0x0, 0x0}) r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x7fff, 0x43) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000100)={{0x8, 0x6, 0x80, 0x667, '\x00', 0x8}, 0x0, [0x3, 0x7, 0x7fff, 0x6, 0x400, 0xfa7a, 0x3, 0x9, 0x65, 0x400, 0x6, 0x2, 0x9, 0x3ff, 0x8001, 0x3, 0x2, 0xfffffffffffffffb, 0xfe2, 0xe2c7, 0x6, 0x800, 0x5d1b98ef, 0x1ff, 0x811, 0xfffffffffffffa16, 0x100, 0x0, 0x3e, 0x0, 0x2, 0x9, 0x7, 0x8, 0x8, 0x200, 0x1f, 0x102, 0x9, 0x2e, 0x9, 0x9, 0x9, 0x100000000, 0x3, 0x4, 0x7, 0x7, 0x9, 0x160, 0x3, 0x5cb2, 0x9, 0x9, 0x8, 0x100000000, 0x3, 0x3, 0xcd1, 0x3, 0x6ebabf97, 0xacf3, 0x2, 0xb0, 0x91f7, 0x3, 0x3, 0xfffffffffffffffa, 0x6, 0x1f, 0x401, 0x7, 0x5, 0x9, 0xfff, 0x8, 0x3, 0x5, 0x1000, 0x80, 0x781, 0x7, 0x7dd, 0x7e49, 0x101, 0x9, 0xe6ec255, 0x1, 0x31, 0x7fff, 0x7, 0x4, 0x7, 0x200, 0x8, 0x8, 0x0, 0x1, 0xfff, 0x7, 0xc00, 0xfffffffffffffffa, 0x3, 0xff, 0x7, 0x228, 0x3, 0x6, 0x8, 0xffffffffffff7fff, 0x335, 0x7, 0x5, 0x8, 0x10000, 0xd84, 0x3f, 0x100000001, 0x7, 0x0, 0x8000, 0x80, 0x3, 0x6, 0xfffffffffffff801, 0x7, 0xf8c, 0x800], {0x0, 0x989680}}) [ 789.477575][ T1410] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 789.490114][ T1412] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 789.504728][ T1410] binder: 1402:1410 transaction failed 29201/-28, size 24-8 line 3148 [ 789.513642][ T1407] binder: 1403:1407 ioctl c018620c 20000440 returned -1 [ 789.520935][ T1414] binder: 1413:1414 ioctl c0306201 0 returned -14 [ 789.527551][ T27] audit: type=1804 audit(1553609475.010:82): pid=1407 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir378569607/syzkaller.b3A70S/1629/file0" dev="sda1" ino=17809 res=1 [ 789.557869][ T1412] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 789.568887][ T1412] binder: 1404:1412 transaction failed 29201/-28, size 24-8 line 3148 14:11:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000500000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:15 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2010000000000000, 0x0, 0x0, 0x0) 14:11:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0xffffffffffffffc2, 0x0, 0x0}) [ 789.585558][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 789.591274][ T27] audit: type=1804 audit(1553609475.040:83): pid=1416 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir378569607/syzkaller.b3A70S/1629/file0" dev="sda1" ino=17809 res=1 [ 789.619697][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000007a000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 789.672992][ T1427] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 789.697614][ T27] audit: type=1804 audit(1553609475.040:84): pid=1419 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir378569607/syzkaller.b3A70S/1629/file0" dev="sda1" ino=17809 res=1 [ 789.734471][ T1427] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 789.750355][ T1431] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 789.766153][ T1427] binder: 1426:1427 transaction failed 29201/-28, size 24-8 line 3148 [ 789.775911][ T1431] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 789.791782][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 789.819725][ T1431] binder: 1430:1431 transaction failed 29201/-28, size 24-8 line 3148 [ 789.840323][ T1431] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 789.849292][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 789.860748][ T1431] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 789.870329][ T1431] binder: 1430:1431 transaction failed 29201/-28, size 24-8 line 3148 [ 789.879622][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, &(0x7f0000000100), 0x8) 14:11:15 executing program 2: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) r0 = msgget$private(0x0, 0x200) msgrcv(r0, &(0x7f0000000040)={0x0, ""/180}, 0xbc, 0x1, 0x0) msgrcv(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5dc1340100ff0f0000000000000000000000000000000000000000c922407c6400002299a29a21540ce2e20a92f145cae372490a2f2fa59de9025f44a8de0c2cacc60ca51576122a5797eff09c68b5a38fb190098ba824fba6c7deeba5125bd67901997796d07d32102cb0c23e02f4dfb99b31727dfd873faa67e5267d7542f41f962b745d1489ed0000000000000000000000"], 0x87, 0x3, 0x800) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) 14:11:15 executing program 3: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x100, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x9) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x1, 0x0) ioctl$SCSI_IOCTL_SYNC(r2, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.events\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0x40405515, &(0x7f0000000140)={0x1, 0x3, 0xfffffffffffffffa, 0x0, 'syz0\x00', 0x6}) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, r2, 0x0, 0x2, &(0x7f00000001c0)='!\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r3, 0x50, &(0x7f0000000280)={0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r4, r2, 0x0, 0x22, &(0x7f0000000240)='^md5sumlo&em1systemkeyringselinux\x00', r5}, 0x30) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:15 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2063f2b75a000000, 0x0, 0x0, 0x0) 14:11:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000600000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000002000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 790.327441][ T1438] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 790.352681][ T1438] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 790.362909][ T1439] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:15 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2300000000000000, 0x0, 0x0, 0x0) 14:11:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000540)=ANY=[@ANYRES32=0x0, @ANYBLOB="95000000aac6b35ccdb2912865d921cf5bfedd29aaea78f582c8680b099042d9e624b5ff76b632fdb28dfcfd10fe6f7ac8eb0aedca0015b0ed64cf413870e1f45f03337952363e1e3b6ff98038b8c0a804fa119d7b32da590f7e2369d6de4df78c7287b13326ff3e754e248826ebc3314794a1393b50a4474b3cadd7434e03be9ebfac6eb995fe2beda69346b20b2a357a176bef16db6f3ba0172d3352e1e17dda40cef732df80b8ab3cc2a1a8118c85c964722f9c83aac5dd31a6e3229168a09294dba8c5ca52a9dd78605a22770b9caa766ac58cd77561691e28c97802ba20dcb1c0938e4be24aae9b922c7a2cd174d56f21ef07f0d96e77decc64d6eb6327247f839b12ea9843ab0fbe3cd7c25c27dbbf94b08b035e1f8e3886fe524bc4c736094c3cfd2ee75af8cc460f561e6b3763227bda03e2d8ac6c4263076d832c5e3a7459e8555575461d9e964382bd5d282f1f8c392745ea4b0231298a81581bba60805df6"], &(0x7f0000000340)=0x9d) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000480)={r2, @in={{0x2, 0x4e23, @rand_addr=0x6}}}, 0x84) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000440)={0x5, &(0x7f0000000380)=[{0x9, 0x4, 0x1ff, 0x6e08}, {0x100000000, 0x4, 0x95, 0x400}, {0xdc21, 0x5, 0x3, 0x8}, {0x7f, 0x5, 0x1ff, 0x10001}, {0x3, 0x8000000000000, 0xfffffffffffffc0f, 0x8}]}) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1f, 0x0, 0x0}) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x10000, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0xa0, &(0x7f0000000040)=[@in={0x2, 0x6, @broadcast}, @in6={0xa, 0x4e22, 0xffffffffffffffff, @local, 0x1}, @in6={0xa, 0x4e22, 0x3, @ipv4={[], [], @rand_addr=0xdb8f}, 0xd4c}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x29}}, @in6={0xa, 0x4e22, 0x7fff, @empty, 0xfffffffe00000}, @in6={0xa, 0x4e24, 0x8, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x8}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1c}}]}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000180)={r4, @in={{0x2, 0x4e21, @rand_addr=0x9}}, 0x5, 0x723d, 0x6, 0x80, 0x60}, 0x98) [ 790.373786][ T1438] binder: 1432:1438 transaction failed 29201/-28, size 24-8 line 3148 [ 790.385747][ T1439] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 790.395522][ T1444] binder: 1443:1444 ioctl c0306201 0 returned -14 [ 790.400810][ T1439] binder: 1433:1439 transaction failed 29201/-28, size 24-8 line 3148 [ 790.417885][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000700000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 790.426967][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:16 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2801000000000000, 0x0, 0x0, 0x0) 14:11:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000003000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 790.477977][ T27] audit: type=1326 audit(1553609475.970:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=1446 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45b06a code=0x0 14:11:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000a00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, &(0x7f0000000100), 0x8) 14:11:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fcntl$getown(r0, 0x9) fcntl$getownex(r0, 0x10, &(0x7f0000000080)) sendmsg$nl_netfilter(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1fd}, 0xc, &(0x7f00000000c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="0c130000010b080125bd7000fcdbdf2500000006140091002f6465762f62696e646572230000000058003600ef0ab061d1a3da86a561c95b5c4b1b7c141c20a8595338342e05a3f844be26781f01ba82e687e1fe42b48e876e2ee5b48f903e020cb828145fadd4c7777a6683fc9fed527c84b237af58bb7bd9a31bde3ba013a67002650037d92703c848d523c2f817e9d110c52b7d7754819209826bf7efa6b981e49431159fc050cc23d09659d0c7a0d58513cba80193f0e687226ec923835828dcba6c8857807dd2627eb9c30ed5f58d53568348535120545b3d41a408cda2c5778dd1ce433833157834a41d875ddbf1dbd93db7828fdaafd4fc849f05239690e9e864060198d1457ac97296af04db371495c173d715de9587b3eeba8fc0b90d96b31062d2d680005bc13230942fdb0935be88413d6bb413c7f206efa781260bcff182985715f2259109f5e1fe18719c92d7834931463f933651fa930dfc39304ac924bb9838dc7a6136ade8e73298766612f9cf2d8aab99607966cd7c5c0d3aad0e75e951f0a7fe08a3c9ec5b2d4bedd426f636002cca9e4502757c50607f884d1719efa3e715654d028298fe4cc7067a1fcef0f6690dd2f59e79a6ad0132d9d84d170a0311dfba5eb9c0ec0ecc6c6cfd91e229a2cd094597afb3e75164cd571dc0ea229e866b69f26647cf96a531290340c036bb55229c8a4304d21de5fa6f692ce0a4649d42931ee2cda67f35196332452195f59c2165483ffa64fdcfbff9bb27656a63bd98dff37001a5386d8b0e6572e3317dce2aa49971fa04133cd07425ee0375ebec39d98dc3d6d331c3fc369ab552fd5f9e0a5343abc9fa73817594d5d99e2c9100f131b7303af5b422cdeb69fb5018375670f049043b21a227c8e49ca9b4300c62bcd6b1e800702a5a5568c922861faca201e78813d44c4ca7560d7e17fe6f7f2ccd70a36104ef0fc75023d218b746c2391579fdff824866f3cc9c53a22d18658e71771cc28b3cd3ed7eaa65e790e74c4db8d56c5fc9aba3452495ab7177f0cb3eaf9885f816904acf00140011002f6465762f62696e646572230000000008003900a2c700005dd6d7ba739347bb42043f578dedd587662d86ba799dab03be55dfd931a15de2261d02ea56b50fccec529102b91c185ef8079cefefb0bf578e239be3ee126e92ecc3c8494eddb2cdf79c2cacfd9c7ccf7ae20bb45b073394648bc3f844d54294b9062ba02eec3947bb4d6f0a229b827fcde0d19e86b55d993332f6a2da133d77390e0b4cc1ef8a7f0276148564d81de47054de6ac758e83156406be983aaeb33454e6f63d47d2c378e1306b16b4bb0d82f9f1a965251547653fa3ef2742ecd81484a456ce6d13d058206336ae030d784a8715f3d20fdccc81cba9efe2e1b273b660ff2de1ac4906bf80f65e4afc461b41bb2f555eee23a2e0e0e1996270169f37b9088d887b6ff76e5ec635abba35c7c744c6c786edc8d49486c0be045b8e0ac8e513942c56dd053fda5524008c9990d5b14b9ccc8a47c88abe190857b89e2023f5b7099457d3faf47a5c8cb7d99c8ee5d281f5e218af3e99babc81492753c5a326343f1189c8d73fa40bde20ebf0893fa50bbb296954a1a61a04500e6ada60c7056e8f27692f6c95faac14065c9badcaad7eb710dc2a878132a7b9a72e9848dada784c5acf863dad586d01554d19a2ece5823d0b19fcc28c3bedd718247a7938d06fa48e7decde4320051178d4aac28caa113c0a1805f96e57fb3b835bd531e1a59731725146a4c203f2182aa080ed705d03abd980a26ac25be9bc41afffc4b06feba5e398c5783129ac52e3ca5127fb24ffe2f05ec36be2354b069a7d10136898710dcb74fd7863d064c43bc2898f65182a74150e799596ce7d653dd5a03b985b99eff4ad7ffa6bf6087b773658302428a87fb1cbcb970a01e4581d0639026c435e292f2684536edda02550267fca288b81ebd8fc3a04bc8d91aee836ca12eb0fc3a1267a562376df2a2ff1cfe0b9f130d45d7a236ea85ecfb8eb052d45ca69f7320394fc08fa0143fd67937efb9ff6fb95be0ccdf8dc865997f15ea97665334f9f951bdebe6877632c9ff0d05c674745fa581fd4578001629a32c2bcbc1e536d6eed4b02bff620cfa05179152a2c373f9c43a700d46c18c8b28a52c963c542674330e3bc542b5bf2c700610cad82beb20950caf8e03ab7d508c395d0a265acaf7bce40142f2b8c556bf90997f55aaa7e9c430da8318f340dc047b5fe364fe064361c206e0529269d1cb86183f0e1f6b7a0e8de184050eb4d8f6aeb9dc58fe93ca620eb11b329e5c037901242ce0057230ae516f7fb28da2f9bb480ee2148bf4c1fbe32b5f169df11a1a22b71d79fd436ac803b7e32e0e18fd781d88ff014bfa84a68b55e1e5322bb5c70b491ac2b9cfbfd142c442a92b4bdc5469ee7449eb62b3aa747c59528709227b8dd4f32a60a4f0ac8fe708064827bc32afadb31137ca5c511c13f40ed8abd76908f5e5a76cbc2247fc9758a3128c8895780015e04f6bf7be7033d3e81b475da07d77c7c40aad4945e5ae07ee06739c9ef34eb75e6632e6687deb7c7335abcf681a830932f0fcddb85e6460d8d838780ff54eec9e70041b00e94544cf3833625faf836ebb69ce4001facd2c8c78510496e685148a151e26d8481a390718a879073354cb5c0a4e91fa68fbe8da55f30c6c21d226636a8c830d65a14605f094ee3c7771a6d9650d9b034bcbc5b98385c76ef77dbbd6ffb6e16a13dbb689ed6ea0b5ec830b0143d5817fc2470e5285517136976fda4086efb151c4ab0a7896064e3256d0ea16d1a481703a371ca51b612311fff97622db5ddf0214354a3f733bcabb4fadb95325441033f352fe7afbd33988bbdd518c47e0dd5b96bc26f8b8526302cd67ba144f09c7d88b50c09b4db4c6728b14dd1af904a69b03d0958e65383d9cabf8142bd2c5d76766c2637d895e4efb93e545ee69c6eab2688963c2e5d23d8fa047f0b01169c85671f78b065cc35c078b46c0c2e2dd024f3cbf10e14ba5c20ba6b05e407635b33288d71de4856834b3643d7a2626020b75fbaaeda09facb39d06a028d00a5350b3e7e9b93a46cd996a9c5bd5a4e0a86e5d092b1e572354504e87368cdb427ac56f4c97e0c43ec6654f6ec8db0a950e389031de79adaf89ca725bc450dfb3b79d03c0435e981b8fc1964039e4760a939f659b9a4eba97367b46c91d7373654525e2b9f863585871b4e8444fae044da9eb9b88d53830a5b09b45d1d59f0b5b06b2201fd965524495a6ccf041b1a57702b33b54e4a248a5703054477f3f3ebeeab136830bd7ddb6216bec495f0a4cf62f16f37a5bd03b2861c757f0788db2aa8b0ee749c02d764f6e67b690b527401c0928398944dfa74dba64da7e520bcb702b23e7fd44ad1655e843b5595d0fc4725c9e301e044a528f54d04f376d706b2204ba69d95c83c5d818bca8ecf33e98d426533af82cb9f16da82c49ee0a173e7321aa682b36b897a828eb37d49cc1a1f968520e89859ff96cb7cd98a33925e6592608a08b19b8cfa0bcf6eb458127ba6b36c502a407494e2c09cc3908e7134983a597ea316053d13f5fa573c385f3722a47b038bd708251c6f926a06b5051f2dace28aee29728be8117e733b5ac1626fa0d5876cb2a52fc5892c8fc9ddb578349f872ed73718abeaac882304dbea11a9b9dedc56ccd4a4b1881ddbb9a02b22f9006630a4678d5cb0f62e983344205d49288e7a5a370b9e6c9b270351d4aca7749e3e1b3894ae02d5c142df0ef5c6d05cf16c726b792d3124e9384eeae6e89e28949c305f38282d4b1de5064347d5bd9320db722f33d1f699816a75cf0dca34f029d7cc431843215b5cab0b88faeccf91c7570e7273b18033c6a3391e732dc38d6ac9bdae5a76a2461a16b31d51e5f4be8659b044b79b9587c5459fc8c6d51320dbce9acec5d41901cc6746894dd8bf3f2f103a0164fb7772690ad2caa4f6036ecefb6fcd09e34c0172b489469475be600135f598c5c44d7474c8a42f7068bc9de971019ba29c26d8c1a28083681516217e85e0e88c22b22f4260e4b4dc1310660c080a6becf25a3bccc6a210a4907ffd97ca1ebe07ea97b7caba7bb58d44d60db44a8077e09c2fd7c6f7e6176cff04179fd1f36982c93859e8c68756f2e9a2cef814d4a328e6f8a34ba80cd4db9ba8011a03d3e60c4beaa35793541ddc22f066540f500e321b46ed800cc3812181cc0582ad60609112c80d01aa42f0b9b793c24405c6e2bd5516eec80208deff7f74e9475ddbadf30faf97932f0a39f45898250a3ce7560cf3f917038fd46f0ca06255861f6e2d9a54faf39480f6272ac1cff149d5a2ed7cee6609f12c781c86bf0599f3ffd40826f97a178e4c3eccd8e2eb40c09b3ea73452ce5933d37cfc31fc0f700a39ab4200378ef77585330f049cbd507aed38f6edb946b819999d1d141345b4d10f93e164021ec9ce26cd6715b3ce1ce012a8483083c2a9263de5d676ffb486d33ba7431d1061b8f446c1b3dcd52393aeceb92a722ea3e4e21bdb633104836cadc46b9187cd9880b11751bd000e84a8774aa83b73590cd0d1ffc6a83e296c18f4ce699719d077d204835ea82dc8f66a33add5f50ea3f8895fd0a938b79a04953ec671400ffe7a001706fcffb79d98198587ad03c6105abd8ca962520fa1fbc9007c5c1b28039d7a71795ed22941a08c2d52628670bbb0579e9019f103fa538748484816aefd223cbd3a4afb4a5a3c7053b1ae3e7ec94f942e416980a2dd91619a80dff632c9da839ed3ac33d1551ceb4e9508712619394b5ebc1e80e7c3cbec60b4ee9df2653bbfb2ec643213177214b040dc9dd4b013817e576d51ecc413cf42d5bb7e0c7e083761ca6d663f339d9e07d4c749df33e9235b84da29d8e2f692298fb7354d344de645c6d0a786416a8f74b8305893d20965476327f64d8ffc2c728608b0260b10c79b4da553fd1427205385465a2349b84ed9faaabb9721d0963c270758ce470de15fd7279c226a590caa03699a370891c5a813ebd88b6faeb21d597da95fa0c3a240e0b74e74f0184fd8508a9e367ee11d77450a8063f54733399db303a938c8b1f1d180c3a8a7cca79d1f3b057bb5dbea4ec6193a6abf3383ce3f5f914e2e60e2c3387b5de94b02ab9e81d6ecfa3be0de136332a8e443baa30aacc292c6110ccddc54d34942a7b505b203a25b8c687f3cdc3b08eaf118a176049458f3975ec791ddbd144634c814e46a818cefc0dac74c1aeec6af524eb397c7a326c7816e2b5eb89e93dec69633717f6286a4fe83ec678fe2e3e4bacc064b9f08a9a45aa2abc78c14ca4dba0b9cec4f1ade3933e8b4370571242c43a19b0a6c0ac8536a84f2ac85abbe7790bac57f64e5518987622beffd2b4a58a0a5d706d115a4f167df9942dcf9d0ebd7101815fcc594f1025c8195a20788f567e1090d1e31e7946ebe50f5a0c5ed28496a5f7ad10f92b1b7a1b218929b1a485dbd3d0b6e0e5f3af3f5b5f2e13bb5d0d802c8b91b7b4325b198dbed9c359a7b0fd5040317faad0ee097a6625762456bea84dfe7f57d33334e7678ab6de645e743a63f0d5e0a2a4158aea53c77172643453d890527b2c2c7bce6f2f5d3474db723d629bf653a87cfb9ab5e661fb722a7f47f39f23cc0244ce0caa98a1ac72f8b928272a4366e00791a2a43af53e424f6fc3cd0c68c6ba67e546e342a1ef966a711cddaefc1fa88eaa73c20260162d7536fd13f92df3354a79753a85e316fd5976a974cff0f2c1a9ebdd55861b6cdc2c0aa1b354bcf016e38c36134d0b604f01e6bd33c8aabf575bb0c13141ce3575b86099f116c82548c1ade16fd2ae05b71745a2a009ba1d8685108c58301ffba373cb2b6c9d71ed798864385bb5e16cd04313076b4d612891492c6854b2cce43740f7b2824dc639298d37dc1b51da751e2b95131b80975a880ec7c07386a7cfea9fe8f104dcc1c890f96073498e3f2805190f278b15744875410f61dc9b62e4ea527022671c8313c2781fb9a8961d9526006ebaf2244aeff62ea6ded9885deee107223579834b7e8c98ce189571fda5cdf161fada2e55ad55f3dcd2c0001d7334fab6f26b235714eea59b57e783b04d80229a22379074605fae605c2b260fcd54e9c2dae18cc5185c11922aa3cd854aaa28d9cb066d45468b5c8db7f38c0e57042aa2a08bf7b957a3ea993b05a298e0783af27a4997d775ab7f6afd0c382c6aed3123f1fa97570f361efb324b5803d3a12e7e289bd9afcb3c8f055dcd88857e7b8eb51488ca1aba78a26ef481aed345748ebf08435331e5b26f781cec755e3948a3c13b0ac8909086a388e2e2fcb059736f7bbbc1bbbca7bc4039bbd278a2fb8513993cb31ccc287ad05a9c20b55fbb8c9a50c163989c2ee3b081991fcd0d42ece5a9bbb8717b1e232a160d688f66c24c554186254e63ee22a123b86c5ce26f0901453a8a2daa82dad1c14b011d35924ea638198e61770090e93f503d497f2377006a8dc15a5d76a52eba0bf4ccd381c50d11ea0524f2a520edb33664980bc79a1aeba7d76f33ffad71a370f9947ba5c27647804f881762e54d5e5c3d65b8c556ae380574778a0cbf25f4a583f04f29c363da98c0ea8919b921fb51b966c4df00accf327d57cac5aec9c519abd8e8d580624be8dc328a71152864a03550e348fdd527b01e0c797aa76051e8ef9b7b16508d456244c5e61615972fe11301f853cd3f9be75932a8363021789471b4e5733f981a058a14455e72a739af4fec9a96fc834dd20f2ad2c5bb1b8d9cebfa432b6d81f8c43c50cc032ceaeb8994105e516235474662e716f4e882146c46ab85e8891928d050fe75"], 0x130c}, 0x1, 0x0, 0x0, 0x4003ffc}, 0x20000000) syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x45e, 0x402) 14:11:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000004000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000001200000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:16 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0) [ 791.204010][ T1463] binder: 1461:1463 ioctl c0306201 0 returned -14 14:11:16 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4000000000000000, 0x0, 0x0, 0x0) 14:11:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000005000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 791.266754][ T27] audit: type=1326 audit(1553609476.760:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=1446 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45b06a code=0x0 14:11:16 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) ioctl$PPPIOCATTCHAN(r0, 0x40047438, &(0x7f00000000c0)=0x4) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000100)=0x17, 0x4) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) setsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000040)=0xfffffffffffffbce, 0x4) r2 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x7fff, 0x20800) r3 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000140)={0x18, 0x1, 0x0, {0xfffffffffffffffc}}, 0x18) openat$pfkey(0xffffffffffffff9c, &(0x7f0000003b00)='/proc/self/net/pfkey\x00', 0x2840, 0x0) ioctl$BINDER_WRITE_READ(r3, 0x5421, &(0x7f0000000440)={0xfffffffffffffd0f, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000002000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 791.327995][ T1473] binder: 1470:1473 ioctl c018620c 20000440 returned -1 14:11:16 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4003000000000000, 0x0, 0x0, 0x0) [ 791.376333][ T1473] binder: 1470:1473 ioctl c018620c 20000440 returned -1 14:11:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000006000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$inet(0x2, 0x7, 0x1ff) getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000000000)={'filter\x00'}, &(0x7f0000000080)=0x44) [ 791.537211][ T1490] binder: 1489:1490 ioctl c018620c 20000440 returned -1 [ 791.546176][ T1490] binder: 1489:1490 ioctl c018620c 20000440 returned -1 14:11:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0xfffffffffffffeac, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:17 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4253465800000000, 0x0, 0x0, 0x0) 14:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004800000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x50000, 0x0) connect$llc(r1, &(0x7f0000000040)={0x1a, 0x320, 0xfffffffeffffffff, 0x3, 0x4, 0x72a8}, 0x10) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000000c0)={0x54, 0x7fff, 0x7, {0x100, 0x400000000000}, {0x100}, @period={0x5b, 0x2dec, 0x3ff, 0x7c00000000000000, 0x8, {0x2, 0x3, 0xfffffffffffffffc, 0x7}, 0x4, &(0x7f0000000080)=[0x3f8000, 0x100000000, 0x7, 0xbfb]}}) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x80107f2c, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000100)={0xa, 0xf972, {0x52, 0x136, 0x0, {0xcb62, 0x10001}, {0xff, 0x81}, @rumble={0x8000, 0x80}}, {0x51, 0x0, 0x200, {0xee, 0x463}, {0x1, 0x4}, @cond=[{0x7, 0x6, 0x0, 0x2, 0x100000001, 0xfff}, {0x35, 0x80000001, 0x401, 0x0, 0x8001, 0x69df}]}}) ioctl$KIOCSOUND(r1, 0x4b2f, 0x800) 14:11:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000007000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)=0x0) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x4) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x20000, 0x0) r4 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) r5 = open(&(0x7f00000003c0)='./file0\x00', 0x8000, 0x81) r6 = syz_open_dev$sndpcmc(&(0x7f0000001500)='/dev/snd/pcmC#D#c\x00', 0x6, 0x800) io_submit(r1, 0x6, &(0x7f0000001580)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0xfffffffffffffbff, r0, &(0x7f0000000040)="e19ff5f28c0be3b563e97061839690f4c2d2b5933695e0330eaaee7c41e966f4f905462c43a546504bb3f80f189627771f2afb0ef2d6c083c8d2b663d7a007ccc658846a7fc5018137e3a188be881faa616154ae90b6382374f3ef78e559", 0x5e, 0x95, 0x0, 0x2}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x6, 0x2, r0, &(0x7f0000000480)="7a3ae49dfa957477432b7616c2c2dac9d7f96e5402028985954a0a1d6c086cdd4058be99361412e12b5318ba0e78403065bf69f81c77e5f98830c4cc8ebc95eb80d1fedc8707f2e85ddb7b09402607c72c41ea845630a1f40fd5d0bfa7c9a8bd7b45b1a1cbb4fb817e29ece136d956c786ab11d5cc0f32adebc2d012db4cd97a9a1a9ee3d056f496540726184e7f74cc3ec3f67946efe3112390f4314326768189a8afe663f94be4e81b913e11b5a53d20c060f83e888761c2b7feb3305a8037f132c0e6ca798e6a87695eae74088a42ed461be07157065d50a7ebea15d3b5a5a250cd20b0dedd98819580c27f20ddb9c2d0f530598c8db62e41c7ef2282a2fb125826cebdc3cd6c9fd7f2ce58cd395cbc0c64770fbac0deddff3d60f79eed8b2e0ecd215cd9c438dbba66d3eabb9de0146bbeb3c25abfd71894fc3028509e5ac57c26ff75c23bcbfe1630c7bbd9de3d1b771732b265001f51617ac4f9e11a2178673f27502813966eea52567cba1d37d933445932976f8c5585b65dd27654417abe90dacd9f6cf89e34a741fb7a35df16e7b7bdfdc2e1525073e77a2e51b606bae2e369a368383bfdebff528397b99f0a470a7d38959cf90f354d123b02780c42ad220eb7dae094aedc3e057f0b58b92ee1e2a14fc73304cf0a77fe91a860141809fbbe34c3b5e8fd469a77f6f988198e13b250b641d2a06a3729b7576054eb63b14c3619bf8186bc756e0a9568d3eeaf0a673f64e53bed979be5e4a41850012f726f3b18178786376169bc25f820256fd0968ba97b8425993069f68a22de12d303e3a30c4fa0eb8d00eda02ed806fc5abd2093a321cc5cd853c52a3b50235977001512c726dc444ac7783c86d4aaf11ae6bc412adaaea9e07807be5fe9975e9097cc7b6e44789adf6e40c5d513a7b901e3b6ac51b398f429630136fe9065b6b115c43fc5f0ab3f2dcc7c28a13519e347a567399a445c4811ceaba61b2b5534e5bce8d63233171a23fc1684ec91c9ffb85482ef1de987cb567fee1a515885f3d4cdc5b3f7435d870cf522c57d05749fd80e8241ae18d5d878f177dd9e6c7a11c13ef915490125bbbbfc753a6cfd9d74acc4a98bbfa120433dba289e65169fc4206ff031b8f34fc256f64959ed2f5b3e484b53e1931e74d82d224b7f90da9ec2753cf0466a871406bb1af2e91667dba0e2c9333c309906cf2c55f00f23d0d31854818cde57718e6c33ca221ef775acdf65dc7825cd8705b94388286fdb7460d800e707191bee128a63464bf279fdc9abc94f4a8fd52e1b902edc9e6816746d6c3628e22b6f8c7f960a592abc0fdccd812ec84776a4c60ffca0a8907609bb56914a87ccb862addaca336425286039632e6729161b6da1c06ca0da59e9fa40d243bd482e508e89e226fffec0ea9487389cda8c8bc275d996aefaf3705117340b2f82bb7825aae753d2c47743fb75570b8459ccbb32aae5fb35f0090eb03de50ae021ced261669f35cf207cbfa8aabecfcea6031140f9ecf71fcdcdf4db024d447347430a87a44907711ec89a417818f42dd5278da6883c287f3de4d14a496a533f522f004dfcb11fc2449a608678f6be8222bcc0f0c3935e260719afc7364877dc52d518903c550e3d1bad444d68fb99cfa89673b195a014acbacc3dd514580f9dafacf357de7619a9911c7ccc411c71c82a57bc864d3be957ead083660c3235458243db0e9d810a5ac419e5174ab4ad717707c8f6921156bb433a228411f897f4c634a4845fe63ca0dae19f2efca2f9d42774f58004277e0b890034be7afa3de9b19fcb50b32018c47a771c1187311753d4e9f51269073065a0701e5f27ca8bf14042a2ee65c1001e31068dfa4106e4c234a4bef04bee6b8c4e0f9611002fb1a49c6bb6088456730314f09372e077ed1c82c985b89f79217f6396a538aef22ab66bcf3cd6a8adf7e37bb31f3e47e6dfff03fbbac0ee1df55d7c6d39c59c17bbdff213ee79e41355b41c50739cf69186bf28a5b6abafb12d3c5f672cd42806be0e0c99dddd38a9a6d0c7acb5533df0f9f267e3e923f1e44546fe812ba09c1434c549b63514f8dba71d210cee7adcb9129b21fa69a896a23b4ee2ed88c08baa8cad597f20e4e4a59bba018f2d9c81dba3614311c37ab27b766b7c794ab5a26a0e30fd0a9f640d83be8864b4bd439b477b6bb2f8157016c31db96d0bed25cddec262daa0a158c044d263c9c5997f998af9f31a575d108f252ea1f88af0883a144aa20a63f54d7a2d146a8a0ff92b9839cc8c30272e2ce21b056ef78541aba6eca66fd7fbef2f9ff34ce6f7a7911a90b97783822701e6bca3e3e7ec8a645c2351c601ced65d205f24ec15d93c15e3836ce661e20353e765db322382102b75e93b05ce02322d5af4b6234b04faa9a5ed1c3394369940651a6129e4b499f7febe902f4b216830e6d511a789e05e07a4965b97578209a7f9a75601ae36d0d425c353966470398aa6fda4df56fb273af0bc247a3544cd31b685f95255873e6541f49179530d3668a1f0cb250787f9468bd113323987ba90eda0f6daa859e71aca76d18dfdaf8d07b3f1211de2d2522238da7a4f3a6aa396346917ff159eec4aaa77307fc027bfdbbdf6ccc6098298b9ed2a34e97216ffe3f974f8389e6bbecd7325d5227d2bfb77e14cfbdf80e61496c9dcbe407a58cc0e5936cf59ed571606b8e51caab8c6251567a8bcc214ee7a85a6630813fba68cc6a80fcab03b25704d1613351082cd990cd83ed9df471416820cedd757889887eacdd4163587e2a932579817d29e64736fe8131244a498d4d73ee59e8f3346db281f03ca6e23f61a24a3bc523a896b70838b0dfd0b1dffaa6ccbb74a13be0a27e439582be13fbd28fb63f77b3386cf21ab695f2bc91a023c92a232ee83e136f75a598635122489b399e39f06d97bf0bdce88c84713fcb54862f684886caef818369d562c6fffcf5b13ade26728a9ba8a887bd905d101a4cb88cc861b92c2d1ea398d386d374282cc4d5c573965e77cb663f07c32819c52280269bba141d476416b8ea56ab44d8cd43963a79f201b1afa25ce9d083322b3f095a043df0fc50f2335a48dd65ebb9fdf02c0bbadaa1e5e9bd940d523353a4a1e9be54fdfc140a9fbc5eff34348d7cc56c129f993462f8387b78ac121fd2d2e73c4c310109b55c5665a2c8cf6fa312ffc30fb90ac9f5e09a4fc8843f0e0475f0cfda810a2b31c8dbf57e9673f218e2e2b205606bd1815f03882d9f07b77e53967cde9802a106a1f0f87c5cb89107eb3f93b51336239a44967dd2f6a2dbff2839057303e375e5c8598b776dfcaf64acd896d254a1aeddde882bf344236836b260a4bd0d25c9d6c77eb410d742c5a5840090d7d5d006ea0f93a8c2a595e75bf3bc9571f708a72eca10ca304e757dbda846df3783a489ff1627df45dafc24d879fae0c14def6d98abeb12e8ee59d1ed10efe9b0cd1c29f3685ebe02c7153dfe05359cc2df4a41fc11d42944e380ec2a0f81892c0bb715ded3c21dd12ead3c42feb631f9ee7390d9ffc91e1ee5a1a0e5443352ca9dfbbc9617adacd02e84e0ae8acb4a29303a4a745ead04c0b52f32b05b7ad2210dd202581b6999795c3468735a4b1380d2e5d45b19ddb0556ef2502598f6cbe660153c974dd8ff89ad70f2da8528b3820efc39580807286e0fad951b60da734138278c0c9cc0924c473ebe8f6f53a54256f5dd9f804cdbc175f23754193226d424b06e36c8e2255a1393d465d95d3ac3f6be1e1a597539413606b82fe72d5acf7264a0563aa70956c4cfb539122e6647701a6f79709981b4a8a1fc11ce2b35cee7b07a09415462c0793b79fc29c97ca222863857021be791999a89662ada1b52466598c9b7881321181baaa15c9fa814d61fd46d32ea8b0827d9f20500325c7c63e07542899215f7ff68d3cc245d8d57088ee81d985b07f5bd9460aaac8ae745e41aec306e0c411222f882e7524529271f09f61cf7c7c898ad90b1e538b66da31a0748cc8395565c678ec5331cd542fcf769ca88edb37bb8490d1415da58387c9cd8e219f247dfacad0db20b1c20a4f45b636954d8824f28b04947a162215915be28873c93086a6ac92d709afa8610bee6d5b70027b15e8202a49bbfa57d124dfa1a4852b0c7483ff40205e058fca05eb2e84a68bfb62e775374245211b900bae91ef83e01ac8cc5e800d8ae8272e832e4b1874187f5654a133ee10dfcca914282296037faaaee9d3770e68d22b05c026aed9462ea81c851a685c942f83bc73bb9601eea85123056044ca26c0ff0f39a6bd179213d9c7b0451c145e4bc0e0e5a633282506c465dcf0aeb9275e0394dc69026170e04875124a30f229268db6134ee34d8c9df0598e735d9d3b09b7aa05c16bad1488591a43c0e186419666fafd0e8a3ffe2269a83aa4d39bbaed1248178a6d74d40b6f70884dbefce0d85ee51a2c65dbb74ce720b9b5d28bca1ec85a22bfb8273910a535dc96d29530991c66c70c4136d04d9273b0c03058f20d868ff113a23725069d93557ed892d66bacc3de8864ef4e73941f265b601f393a5b6fb67a0c6ae787add6e02c82f64f1e0a9571cf342e84023ad4f78dde7a4ca5b279e8800a033b9ad33ec14a3ef90cdaa7d8fce770b33cf19f3d88d215bceeb715e73375628e98f7416d6d907f06e709735bfdb4ad5daca75a06cf43fcbbd7fbe38b020d09b89847c53d7f7599441bd5ffb9b843c38ffde8627b869404db07f2210f04754b2921bb45a1dc0c137eee3e2f7e7043c9c0d6ada9b999394d1d48866f3c6a86fd0c1883d2e90313ebdd46829c86a65839307ab4d08093b8d5ec71042bf0560bccc6aa34c870aa93c1f0df5585a28cc33345f072650bfc548326c6feed4c353ea9e9c5ab854ef8419271b598910d58bfa2c4d64983975e2659f9439976fc0894bef93dd79787ab2af0db365b50ecca98037f34170d538372038ca6f7801683de2ba531001823f422d69a74a376d6588a25902e480f573d026a9dfe9ba5adc32b6b173f385386b3c0145bdd09482096c564e56eb2c00ecbee9d0aef0e37f78a49cc21752bfeaea703320d9ba4a5f7b325a40d3843f5af10f683021647dac0e0661c0abda504e895eef0980a8aaf95ca9b7639d272de4b0121d63a3eee4d68242d5b5bd4af755afeb64eac69096754e39dae2313dce9afdab2cc133b491779f0a9baa911c32ae2cac3aafe13ffbb3f3f395858649b8d57e40831fcfa96008a63f87147ce498da9cbdddbc4bc2df8eb5bc07da80c2e54c0f2cbdc4d5fc7e1a898c63376cf46ba0ce41c233ad1a17e91296e70764625f7513d7db6bafafeb673ab83c03c90da4deaea56083425c25e4823c415fcf2c374c9e3257ac9a8fa3268eafbc14a96ccdc65d516944009ab5f8335271ab98ad4587ae114df4e963978fe9ba2304c6d1b89a03a4ee4ed29faa3a8c7bf775124b000f63b867d7eb24d1d8e78be28e0a80b82b6f94ff090dcbe1fd6a7501a59fc5ce38dbaababdf502072e30a2c290e3114e04bdb8127be43b24a4b1dd18b07032eb6449efb7226a84c946962ec56476ad81a692474f7e8e83b03d0bcb339b791743fb076cf9fb1f1350ebfb48a637913a93d6a63f787203a2a1470cd2db947f5780227e318fb244a2c6a637158cd952cdf1858d3dea923d0fb4e8701d1f7ae2b9fc74ec4ba08953ffd92d49cf5351baa0e95a2e4fe6e950f7fa14336dfc9b0aff6e5493f6d7ccf32120e9486cdaedaa778116c0a75962f6239088b278cbf979419", 0x1000, 0xffffffffffff745d, 0x0, 0x2, r2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x32c6, r0, &(0x7f0000000180)="2787f265a8513dd3f5181220f1212924", 0x10, 0x958, 0x0, 0x2, r3}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x2, r0, &(0x7f0000000240)="98c1f222ac39798c17cd7baad494eaf30132", 0x12, 0x2, 0x0, 0x3, r4}, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x1, 0x7, r0, &(0x7f0000000300)="3ca0cad95a2bc436ecf2f53f8b3a31c50e8893399e29888df76ad201de32c5652db2804d00207be072168ef20aa0f1e56ce7753e31bb7a0972558292126eb81c94fa3cd10ef44d99b738667aab15fb692b100a053ba72797fa3d9fb0271b3138fd2bfd69540475ba09fc380438e7c2f5f643e1a0515b038fde4f254856af69e17a5710d0d7896b677c887298815a8ce9146059d1c758dbb23fb1665a621c72004c42f234eb9dee586cc6", 0xaa, 0x4, 0x0, 0x1, r5}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x2, 0x4, r0, &(0x7f00000014c0)="9cc26197dcacd9bc80b44a935dfa1e66b611702371940b3c17b232f819e3", 0x1e, 0x8, 0x0, 0x1, r6}]) 14:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004c00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:17 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4800000000000000, 0x0, 0x0, 0x0) 14:11:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000a000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 792.094691][ T1503] binder: 1497 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 792.094704][ T1503] binder: 1497:1503 ioctl c018620c 20000440 returned -22 14:11:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xa000000000000000, 0x10140) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000040)=0x5) 14:11:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$packet(0x11, 0x3, 0x300) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x8) [ 792.153223][ T1506] binder: 1502:1506 ioctl c018620c 20000440 returned -1 14:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000012000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:17 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0) 14:11:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$l2tp(0x18, 0x1, 0x1) [ 792.271290][ T27] audit: type=1804 audit(1553609477.770:87): pid=1506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir807295522/syzkaller.OC9G0G/1211/file0" dev="sda1" ino=17377 res=1 [ 792.299698][ T1515] binder: 1514:1515 ioctl c018620c 20000440 returned -1 14:11:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000048000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:17 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5800000000000000, 0x0, 0x0, 0x0) [ 792.325346][ T1515] binder: 1514:1515 ioctl c018620c 20000440 returned -1 [ 792.360807][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 792.367065][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:11:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)=0x0) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x4) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x20000, 0x0) r4 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) r5 = open(&(0x7f00000003c0)='./file0\x00', 0x8000, 0x81) r6 = syz_open_dev$sndpcmc(&(0x7f0000001500)='/dev/snd/pcmC#D#c\x00', 0x6, 0x800) io_submit(r1, 0x6, &(0x7f0000001580)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0xfffffffffffffbff, r0, &(0x7f0000000040)="e19ff5f28c0be3b563e97061839690f4c2d2b5933695e0330eaaee7c41e966f4f905462c43a546504bb3f80f189627771f2afb0ef2d6c083c8d2b663d7a007ccc658846a7fc5018137e3a188be881faa616154ae90b6382374f3ef78e559", 0x5e, 0x95, 0x0, 0x2}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x6, 0x2, r0, &(0x7f0000000480)="7a3ae49dfa957477432b7616c2c2dac9d7f96e5402028985954a0a1d6c086cdd4058be99361412e12b5318ba0e78403065bf69f81c77e5f98830c4cc8ebc95eb80d1fedc8707f2e85ddb7b09402607c72c41ea845630a1f40fd5d0bfa7c9a8bd7b45b1a1cbb4fb817e29ece136d956c786ab11d5cc0f32adebc2d012db4cd97a9a1a9ee3d056f496540726184e7f74cc3ec3f67946efe3112390f4314326768189a8afe663f94be4e81b913e11b5a53d20c060f83e888761c2b7feb3305a8037f132c0e6ca798e6a87695eae74088a42ed461be07157065d50a7ebea15d3b5a5a250cd20b0dedd98819580c27f20ddb9c2d0f530598c8db62e41c7ef2282a2fb125826cebdc3cd6c9fd7f2ce58cd395cbc0c64770fbac0deddff3d60f79eed8b2e0ecd215cd9c438dbba66d3eabb9de0146bbeb3c25abfd71894fc3028509e5ac57c26ff75c23bcbfe1630c7bbd9de3d1b771732b265001f51617ac4f9e11a2178673f27502813966eea52567cba1d37d933445932976f8c5585b65dd27654417abe90dacd9f6cf89e34a741fb7a35df16e7b7bdfdc2e1525073e77a2e51b606bae2e369a368383bfdebff528397b99f0a470a7d38959cf90f354d123b02780c42ad220eb7dae094aedc3e057f0b58b92ee1e2a14fc73304cf0a77fe91a860141809fbbe34c3b5e8fd469a77f6f988198e13b250b641d2a06a3729b7576054eb63b14c3619bf8186bc756e0a9568d3eeaf0a673f64e53bed979be5e4a41850012f726f3b18178786376169bc25f820256fd0968ba97b8425993069f68a22de12d303e3a30c4fa0eb8d00eda02ed806fc5abd2093a321cc5cd853c52a3b50235977001512c726dc444ac7783c86d4aaf11ae6bc412adaaea9e07807be5fe9975e9097cc7b6e44789adf6e40c5d513a7b901e3b6ac51b398f429630136fe9065b6b115c43fc5f0ab3f2dcc7c28a13519e347a567399a445c4811ceaba61b2b5534e5bce8d63233171a23fc1684ec91c9ffb85482ef1de987cb567fee1a515885f3d4cdc5b3f7435d870cf522c57d05749fd80e8241ae18d5d878f177dd9e6c7a11c13ef915490125bbbbfc753a6cfd9d74acc4a98bbfa120433dba289e65169fc4206ff031b8f34fc256f64959ed2f5b3e484b53e1931e74d82d224b7f90da9ec2753cf0466a871406bb1af2e91667dba0e2c9333c309906cf2c55f00f23d0d31854818cde57718e6c33ca221ef775acdf65dc7825cd8705b94388286fdb7460d800e707191bee128a63464bf279fdc9abc94f4a8fd52e1b902edc9e6816746d6c3628e22b6f8c7f960a592abc0fdccd812ec84776a4c60ffca0a8907609bb56914a87ccb862addaca336425286039632e6729161b6da1c06ca0da59e9fa40d243bd482e508e89e226fffec0ea9487389cda8c8bc275d996aefaf3705117340b2f82bb7825aae753d2c47743fb75570b8459ccbb32aae5fb35f0090eb03de50ae021ced261669f35cf207cbfa8aabecfcea6031140f9ecf71fcdcdf4db024d447347430a87a44907711ec89a417818f42dd5278da6883c287f3de4d14a496a533f522f004dfcb11fc2449a608678f6be8222bcc0f0c3935e260719afc7364877dc52d518903c550e3d1bad444d68fb99cfa89673b195a014acbacc3dd514580f9dafacf357de7619a9911c7ccc411c71c82a57bc864d3be957ead083660c3235458243db0e9d810a5ac419e5174ab4ad717707c8f6921156bb433a228411f897f4c634a4845fe63ca0dae19f2efca2f9d42774f58004277e0b890034be7afa3de9b19fcb50b32018c47a771c1187311753d4e9f51269073065a0701e5f27ca8bf14042a2ee65c1001e31068dfa4106e4c234a4bef04bee6b8c4e0f9611002fb1a49c6bb6088456730314f09372e077ed1c82c985b89f79217f6396a538aef22ab66bcf3cd6a8adf7e37bb31f3e47e6dfff03fbbac0ee1df55d7c6d39c59c17bbdff213ee79e41355b41c50739cf69186bf28a5b6abafb12d3c5f672cd42806be0e0c99dddd38a9a6d0c7acb5533df0f9f267e3e923f1e44546fe812ba09c1434c549b63514f8dba71d210cee7adcb9129b21fa69a896a23b4ee2ed88c08baa8cad597f20e4e4a59bba018f2d9c81dba3614311c37ab27b766b7c794ab5a26a0e30fd0a9f640d83be8864b4bd439b477b6bb2f8157016c31db96d0bed25cddec262daa0a158c044d263c9c5997f998af9f31a575d108f252ea1f88af0883a144aa20a63f54d7a2d146a8a0ff92b9839cc8c30272e2ce21b056ef78541aba6eca66fd7fbef2f9ff34ce6f7a7911a90b97783822701e6bca3e3e7ec8a645c2351c601ced65d205f24ec15d93c15e3836ce661e20353e765db322382102b75e93b05ce02322d5af4b6234b04faa9a5ed1c3394369940651a6129e4b499f7febe902f4b216830e6d511a789e05e07a4965b97578209a7f9a75601ae36d0d425c353966470398aa6fda4df56fb273af0bc247a3544cd31b685f95255873e6541f49179530d3668a1f0cb250787f9468bd113323987ba90eda0f6daa859e71aca76d18dfdaf8d07b3f1211de2d2522238da7a4f3a6aa396346917ff159eec4aaa77307fc027bfdbbdf6ccc6098298b9ed2a34e97216ffe3f974f8389e6bbecd7325d5227d2bfb77e14cfbdf80e61496c9dcbe407a58cc0e5936cf59ed571606b8e51caab8c6251567a8bcc214ee7a85a6630813fba68cc6a80fcab03b25704d1613351082cd990cd83ed9df471416820cedd757889887eacdd4163587e2a932579817d29e64736fe8131244a498d4d73ee59e8f3346db281f03ca6e23f61a24a3bc523a896b70838b0dfd0b1dffaa6ccbb74a13be0a27e439582be13fbd28fb63f77b3386cf21ab695f2bc91a023c92a232ee83e136f75a598635122489b399e39f06d97bf0bdce88c84713fcb54862f684886caef818369d562c6fffcf5b13ade26728a9ba8a887bd905d101a4cb88cc861b92c2d1ea398d386d374282cc4d5c573965e77cb663f07c32819c52280269bba141d476416b8ea56ab44d8cd43963a79f201b1afa25ce9d083322b3f095a043df0fc50f2335a48dd65ebb9fdf02c0bbadaa1e5e9bd940d523353a4a1e9be54fdfc140a9fbc5eff34348d7cc56c129f993462f8387b78ac121fd2d2e73c4c310109b55c5665a2c8cf6fa312ffc30fb90ac9f5e09a4fc8843f0e0475f0cfda810a2b31c8dbf57e9673f218e2e2b205606bd1815f03882d9f07b77e53967cde9802a106a1f0f87c5cb89107eb3f93b51336239a44967dd2f6a2dbff2839057303e375e5c8598b776dfcaf64acd896d254a1aeddde882bf344236836b260a4bd0d25c9d6c77eb410d742c5a5840090d7d5d006ea0f93a8c2a595e75bf3bc9571f708a72eca10ca304e757dbda846df3783a489ff1627df45dafc24d879fae0c14def6d98abeb12e8ee59d1ed10efe9b0cd1c29f3685ebe02c7153dfe05359cc2df4a41fc11d42944e380ec2a0f81892c0bb715ded3c21dd12ead3c42feb631f9ee7390d9ffc91e1ee5a1a0e5443352ca9dfbbc9617adacd02e84e0ae8acb4a29303a4a745ead04c0b52f32b05b7ad2210dd202581b6999795c3468735a4b1380d2e5d45b19ddb0556ef2502598f6cbe660153c974dd8ff89ad70f2da8528b3820efc39580807286e0fad951b60da734138278c0c9cc0924c473ebe8f6f53a54256f5dd9f804cdbc175f23754193226d424b06e36c8e2255a1393d465d95d3ac3f6be1e1a597539413606b82fe72d5acf7264a0563aa70956c4cfb539122e6647701a6f79709981b4a8a1fc11ce2b35cee7b07a09415462c0793b79fc29c97ca222863857021be791999a89662ada1b52466598c9b7881321181baaa15c9fa814d61fd46d32ea8b0827d9f20500325c7c63e07542899215f7ff68d3cc245d8d57088ee81d985b07f5bd9460aaac8ae745e41aec306e0c411222f882e7524529271f09f61cf7c7c898ad90b1e538b66da31a0748cc8395565c678ec5331cd542fcf769ca88edb37bb8490d1415da58387c9cd8e219f247dfacad0db20b1c20a4f45b636954d8824f28b04947a162215915be28873c93086a6ac92d709afa8610bee6d5b70027b15e8202a49bbfa57d124dfa1a4852b0c7483ff40205e058fca05eb2e84a68bfb62e775374245211b900bae91ef83e01ac8cc5e800d8ae8272e832e4b1874187f5654a133ee10dfcca914282296037faaaee9d3770e68d22b05c026aed9462ea81c851a685c942f83bc73bb9601eea85123056044ca26c0ff0f39a6bd179213d9c7b0451c145e4bc0e0e5a633282506c465dcf0aeb9275e0394dc69026170e04875124a30f229268db6134ee34d8c9df0598e735d9d3b09b7aa05c16bad1488591a43c0e186419666fafd0e8a3ffe2269a83aa4d39bbaed1248178a6d74d40b6f70884dbefce0d85ee51a2c65dbb74ce720b9b5d28bca1ec85a22bfb8273910a535dc96d29530991c66c70c4136d04d9273b0c03058f20d868ff113a23725069d93557ed892d66bacc3de8864ef4e73941f265b601f393a5b6fb67a0c6ae787add6e02c82f64f1e0a9571cf342e84023ad4f78dde7a4ca5b279e8800a033b9ad33ec14a3ef90cdaa7d8fce770b33cf19f3d88d215bceeb715e73375628e98f7416d6d907f06e709735bfdb4ad5daca75a06cf43fcbbd7fbe38b020d09b89847c53d7f7599441bd5ffb9b843c38ffde8627b869404db07f2210f04754b2921bb45a1dc0c137eee3e2f7e7043c9c0d6ada9b999394d1d48866f3c6a86fd0c1883d2e90313ebdd46829c86a65839307ab4d08093b8d5ec71042bf0560bccc6aa34c870aa93c1f0df5585a28cc33345f072650bfc548326c6feed4c353ea9e9c5ab854ef8419271b598910d58bfa2c4d64983975e2659f9439976fc0894bef93dd79787ab2af0db365b50ecca98037f34170d538372038ca6f7801683de2ba531001823f422d69a74a376d6588a25902e480f573d026a9dfe9ba5adc32b6b173f385386b3c0145bdd09482096c564e56eb2c00ecbee9d0aef0e37f78a49cc21752bfeaea703320d9ba4a5f7b325a40d3843f5af10f683021647dac0e0661c0abda504e895eef0980a8aaf95ca9b7639d272de4b0121d63a3eee4d68242d5b5bd4af755afeb64eac69096754e39dae2313dce9afdab2cc133b491779f0a9baa911c32ae2cac3aafe13ffbb3f3f395858649b8d57e40831fcfa96008a63f87147ce498da9cbdddbc4bc2df8eb5bc07da80c2e54c0f2cbdc4d5fc7e1a898c63376cf46ba0ce41c233ad1a17e91296e70764625f7513d7db6bafafeb673ab83c03c90da4deaea56083425c25e4823c415fcf2c374c9e3257ac9a8fa3268eafbc14a96ccdc65d516944009ab5f8335271ab98ad4587ae114df4e963978fe9ba2304c6d1b89a03a4ee4ed29faa3a8c7bf775124b000f63b867d7eb24d1d8e78be28e0a80b82b6f94ff090dcbe1fd6a7501a59fc5ce38dbaababdf502072e30a2c290e3114e04bdb8127be43b24a4b1dd18b07032eb6449efb7226a84c946962ec56476ad81a692474f7e8e83b03d0bcb339b791743fb076cf9fb1f1350ebfb48a637913a93d6a63f787203a2a1470cd2db947f5780227e318fb244a2c6a637158cd952cdf1858d3dea923d0fb4e8701d1f7ae2b9fc74ec4ba08953ffd92d49cf5351baa0e95a2e4fe6e950f7fa14336dfc9b0aff6e5493f6d7ccf32120e9486cdaedaa778116c0a75962f6239088b278cbf979419", 0x1000, 0xffffffffffff745d, 0x0, 0x2, r2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x32c6, r0, &(0x7f0000000180)="2787f265a8513dd3f5181220f1212924", 0x10, 0x958, 0x0, 0x2, r3}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x2, r0, &(0x7f0000000240)="98c1f222ac39798c17cd7baad494eaf30132", 0x12, 0x2, 0x0, 0x3, r4}, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x1, 0x7, r0, &(0x7f0000000300)="3ca0cad95a2bc436ecf2f53f8b3a31c50e8893399e29888df76ad201de32c5652db2804d00207be072168ef20aa0f1e56ce7753e31bb7a0972558292126eb81c94fa3cd10ef44d99b738667aab15fb692b100a053ba72797fa3d9fb0271b3138fd2bfd69540475ba09fc380438e7c2f5f643e1a0515b038fde4f254856af69e17a5710d0d7896b677c887298815a8ce9146059d1c758dbb23fb1665a621c72004c42f234eb9dee586cc6", 0xaa, 0x4, 0x0, 0x1, r5}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x2, 0x4, r0, &(0x7f00000014c0)="9cc26197dcacd9bc80b44a935dfa1e66b611702371940b3c17b232f819e3", 0x1e, 0x8, 0x0, 0x1, r6}]) 14:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006800000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:17 executing program 2: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:etc_t:s0\x00', 0x1b) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) 14:11:17 executing program 3: r0 = fcntl$getown(0xffffffffffffffff, 0x9) r1 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0xc71a54a7b0646ed3) perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0xee, 0x3f8, 0x9, 0x2, 0x0, 0x75, 0x800, 0x2, 0x0, 0x2, 0x7, 0x100000000, 0x16e, 0x8, 0x0, 0x3, 0x80000000, 0x3f, 0x100000001, 0x0, 0x9e, 0x3, 0x5, 0xdc8, 0x0, 0xfff, 0x81, 0x6, 0xffff, 0x80eb, 0x20, 0x8, 0x5, 0x5, 0x6, 0x4, 0x0, 0x80000000000, 0x0, @perf_bp={&(0x7f0000000000), 0x8}, 0x20018, 0x3f, 0x56b2, 0x3, 0x0, 0x401, 0x80000001}, r0, 0x7, r1, 0x3) r2 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x6000000000000000, 0x0, 0x0, 0x0) 14:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000004c000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006c00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 792.529959][ T1536] binder: 1533:1536 ioctl c018620c 20000440 returned -1 14:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) 14:11:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000000)={0xffffffffffffff77, 0x0, 0x0, 0x15e, 0x0, 0x0}) 14:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000060000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x6200000000000000, 0x0, 0x0, 0x0) 14:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007400000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 792.682101][ T1548] binder: 1547:1548 ioctl c018620c 20000440 returned -1 [ 792.710507][ T27] audit: type=1804 audit(1553609478.200:88): pid=1536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir807295522/syzkaller.OC9G0G/1212/file0" dev="sda1" ino=18113 res=1 [ 792.716437][ T1548] binder: 1547:1548 ioctl c018620c 20000440 returned -1 14:11:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)=0x0) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x4) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x20000, 0x0) r4 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) r5 = open(&(0x7f00000003c0)='./file0\x00', 0x8000, 0x81) r6 = syz_open_dev$sndpcmc(&(0x7f0000001500)='/dev/snd/pcmC#D#c\x00', 0x6, 0x800) io_submit(r1, 0x6, &(0x7f0000001580)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0xfffffffffffffbff, r0, &(0x7f0000000040)="e19ff5f28c0be3b563e97061839690f4c2d2b5933695e0330eaaee7c41e966f4f905462c43a546504bb3f80f189627771f2afb0ef2d6c083c8d2b663d7a007ccc658846a7fc5018137e3a188be881faa616154ae90b6382374f3ef78e559", 0x5e, 0x95, 0x0, 0x2}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x6, 0x2, r0, &(0x7f0000000480)="7a3ae49dfa957477432b7616c2c2dac9d7f96e5402028985954a0a1d6c086cdd4058be99361412e12b5318ba0e78403065bf69f81c77e5f98830c4cc8ebc95eb80d1fedc8707f2e85ddb7b09402607c72c41ea845630a1f40fd5d0bfa7c9a8bd7b45b1a1cbb4fb817e29ece136d956c786ab11d5cc0f32adebc2d012db4cd97a9a1a9ee3d056f496540726184e7f74cc3ec3f67946efe3112390f4314326768189a8afe663f94be4e81b913e11b5a53d20c060f83e888761c2b7feb3305a8037f132c0e6ca798e6a87695eae74088a42ed461be07157065d50a7ebea15d3b5a5a250cd20b0dedd98819580c27f20ddb9c2d0f530598c8db62e41c7ef2282a2fb125826cebdc3cd6c9fd7f2ce58cd395cbc0c64770fbac0deddff3d60f79eed8b2e0ecd215cd9c438dbba66d3eabb9de0146bbeb3c25abfd71894fc3028509e5ac57c26ff75c23bcbfe1630c7bbd9de3d1b771732b265001f51617ac4f9e11a2178673f27502813966eea52567cba1d37d933445932976f8c5585b65dd27654417abe90dacd9f6cf89e34a741fb7a35df16e7b7bdfdc2e1525073e77a2e51b606bae2e369a368383bfdebff528397b99f0a470a7d38959cf90f354d123b02780c42ad220eb7dae094aedc3e057f0b58b92ee1e2a14fc73304cf0a77fe91a860141809fbbe34c3b5e8fd469a77f6f988198e13b250b641d2a06a3729b7576054eb63b14c3619bf8186bc756e0a9568d3eeaf0a673f64e53bed979be5e4a41850012f726f3b18178786376169bc25f820256fd0968ba97b8425993069f68a22de12d303e3a30c4fa0eb8d00eda02ed806fc5abd2093a321cc5cd853c52a3b50235977001512c726dc444ac7783c86d4aaf11ae6bc412adaaea9e07807be5fe9975e9097cc7b6e44789adf6e40c5d513a7b901e3b6ac51b398f429630136fe9065b6b115c43fc5f0ab3f2dcc7c28a13519e347a567399a445c4811ceaba61b2b5534e5bce8d63233171a23fc1684ec91c9ffb85482ef1de987cb567fee1a515885f3d4cdc5b3f7435d870cf522c57d05749fd80e8241ae18d5d878f177dd9e6c7a11c13ef915490125bbbbfc753a6cfd9d74acc4a98bbfa120433dba289e65169fc4206ff031b8f34fc256f64959ed2f5b3e484b53e1931e74d82d224b7f90da9ec2753cf0466a871406bb1af2e91667dba0e2c9333c309906cf2c55f00f23d0d31854818cde57718e6c33ca221ef775acdf65dc7825cd8705b94388286fdb7460d800e707191bee128a63464bf279fdc9abc94f4a8fd52e1b902edc9e6816746d6c3628e22b6f8c7f960a592abc0fdccd812ec84776a4c60ffca0a8907609bb56914a87ccb862addaca336425286039632e6729161b6da1c06ca0da59e9fa40d243bd482e508e89e226fffec0ea9487389cda8c8bc275d996aefaf3705117340b2f82bb7825aae753d2c47743fb75570b8459ccbb32aae5fb35f0090eb03de50ae021ced261669f35cf207cbfa8aabecfcea6031140f9ecf71fcdcdf4db024d447347430a87a44907711ec89a417818f42dd5278da6883c287f3de4d14a496a533f522f004dfcb11fc2449a608678f6be8222bcc0f0c3935e260719afc7364877dc52d518903c550e3d1bad444d68fb99cfa89673b195a014acbacc3dd514580f9dafacf357de7619a9911c7ccc411c71c82a57bc864d3be957ead083660c3235458243db0e9d810a5ac419e5174ab4ad717707c8f6921156bb433a228411f897f4c634a4845fe63ca0dae19f2efca2f9d42774f58004277e0b890034be7afa3de9b19fcb50b32018c47a771c1187311753d4e9f51269073065a0701e5f27ca8bf14042a2ee65c1001e31068dfa4106e4c234a4bef04bee6b8c4e0f9611002fb1a49c6bb6088456730314f09372e077ed1c82c985b89f79217f6396a538aef22ab66bcf3cd6a8adf7e37bb31f3e47e6dfff03fbbac0ee1df55d7c6d39c59c17bbdff213ee79e41355b41c50739cf69186bf28a5b6abafb12d3c5f672cd42806be0e0c99dddd38a9a6d0c7acb5533df0f9f267e3e923f1e44546fe812ba09c1434c549b63514f8dba71d210cee7adcb9129b21fa69a896a23b4ee2ed88c08baa8cad597f20e4e4a59bba018f2d9c81dba3614311c37ab27b766b7c794ab5a26a0e30fd0a9f640d83be8864b4bd439b477b6bb2f8157016c31db96d0bed25cddec262daa0a158c044d263c9c5997f998af9f31a575d108f252ea1f88af0883a144aa20a63f54d7a2d146a8a0ff92b9839cc8c30272e2ce21b056ef78541aba6eca66fd7fbef2f9ff34ce6f7a7911a90b97783822701e6bca3e3e7ec8a645c2351c601ced65d205f24ec15d93c15e3836ce661e20353e765db322382102b75e93b05ce02322d5af4b6234b04faa9a5ed1c3394369940651a6129e4b499f7febe902f4b216830e6d511a789e05e07a4965b97578209a7f9a75601ae36d0d425c353966470398aa6fda4df56fb273af0bc247a3544cd31b685f95255873e6541f49179530d3668a1f0cb250787f9468bd113323987ba90eda0f6daa859e71aca76d18dfdaf8d07b3f1211de2d2522238da7a4f3a6aa396346917ff159eec4aaa77307fc027bfdbbdf6ccc6098298b9ed2a34e97216ffe3f974f8389e6bbecd7325d5227d2bfb77e14cfbdf80e61496c9dcbe407a58cc0e5936cf59ed571606b8e51caab8c6251567a8bcc214ee7a85a6630813fba68cc6a80fcab03b25704d1613351082cd990cd83ed9df471416820cedd757889887eacdd4163587e2a932579817d29e64736fe8131244a498d4d73ee59e8f3346db281f03ca6e23f61a24a3bc523a896b70838b0dfd0b1dffaa6ccbb74a13be0a27e439582be13fbd28fb63f77b3386cf21ab695f2bc91a023c92a232ee83e136f75a598635122489b399e39f06d97bf0bdce88c84713fcb54862f684886caef818369d562c6fffcf5b13ade26728a9ba8a887bd905d101a4cb88cc861b92c2d1ea398d386d374282cc4d5c573965e77cb663f07c32819c52280269bba141d476416b8ea56ab44d8cd43963a79f201b1afa25ce9d083322b3f095a043df0fc50f2335a48dd65ebb9fdf02c0bbadaa1e5e9bd940d523353a4a1e9be54fdfc140a9fbc5eff34348d7cc56c129f993462f8387b78ac121fd2d2e73c4c310109b55c5665a2c8cf6fa312ffc30fb90ac9f5e09a4fc8843f0e0475f0cfda810a2b31c8dbf57e9673f218e2e2b205606bd1815f03882d9f07b77e53967cde9802a106a1f0f87c5cb89107eb3f93b51336239a44967dd2f6a2dbff2839057303e375e5c8598b776dfcaf64acd896d254a1aeddde882bf344236836b260a4bd0d25c9d6c77eb410d742c5a5840090d7d5d006ea0f93a8c2a595e75bf3bc9571f708a72eca10ca304e757dbda846df3783a489ff1627df45dafc24d879fae0c14def6d98abeb12e8ee59d1ed10efe9b0cd1c29f3685ebe02c7153dfe05359cc2df4a41fc11d42944e380ec2a0f81892c0bb715ded3c21dd12ead3c42feb631f9ee7390d9ffc91e1ee5a1a0e5443352ca9dfbbc9617adacd02e84e0ae8acb4a29303a4a745ead04c0b52f32b05b7ad2210dd202581b6999795c3468735a4b1380d2e5d45b19ddb0556ef2502598f6cbe660153c974dd8ff89ad70f2da8528b3820efc39580807286e0fad951b60da734138278c0c9cc0924c473ebe8f6f53a54256f5dd9f804cdbc175f23754193226d424b06e36c8e2255a1393d465d95d3ac3f6be1e1a597539413606b82fe72d5acf7264a0563aa70956c4cfb539122e6647701a6f79709981b4a8a1fc11ce2b35cee7b07a09415462c0793b79fc29c97ca222863857021be791999a89662ada1b52466598c9b7881321181baaa15c9fa814d61fd46d32ea8b0827d9f20500325c7c63e07542899215f7ff68d3cc245d8d57088ee81d985b07f5bd9460aaac8ae745e41aec306e0c411222f882e7524529271f09f61cf7c7c898ad90b1e538b66da31a0748cc8395565c678ec5331cd542fcf769ca88edb37bb8490d1415da58387c9cd8e219f247dfacad0db20b1c20a4f45b636954d8824f28b04947a162215915be28873c93086a6ac92d709afa8610bee6d5b70027b15e8202a49bbfa57d124dfa1a4852b0c7483ff40205e058fca05eb2e84a68bfb62e775374245211b900bae91ef83e01ac8cc5e800d8ae8272e832e4b1874187f5654a133ee10dfcca914282296037faaaee9d3770e68d22b05c026aed9462ea81c851a685c942f83bc73bb9601eea85123056044ca26c0ff0f39a6bd179213d9c7b0451c145e4bc0e0e5a633282506c465dcf0aeb9275e0394dc69026170e04875124a30f229268db6134ee34d8c9df0598e735d9d3b09b7aa05c16bad1488591a43c0e186419666fafd0e8a3ffe2269a83aa4d39bbaed1248178a6d74d40b6f70884dbefce0d85ee51a2c65dbb74ce720b9b5d28bca1ec85a22bfb8273910a535dc96d29530991c66c70c4136d04d9273b0c03058f20d868ff113a23725069d93557ed892d66bacc3de8864ef4e73941f265b601f393a5b6fb67a0c6ae787add6e02c82f64f1e0a9571cf342e84023ad4f78dde7a4ca5b279e8800a033b9ad33ec14a3ef90cdaa7d8fce770b33cf19f3d88d215bceeb715e73375628e98f7416d6d907f06e709735bfdb4ad5daca75a06cf43fcbbd7fbe38b020d09b89847c53d7f7599441bd5ffb9b843c38ffde8627b869404db07f2210f04754b2921bb45a1dc0c137eee3e2f7e7043c9c0d6ada9b999394d1d48866f3c6a86fd0c1883d2e90313ebdd46829c86a65839307ab4d08093b8d5ec71042bf0560bccc6aa34c870aa93c1f0df5585a28cc33345f072650bfc548326c6feed4c353ea9e9c5ab854ef8419271b598910d58bfa2c4d64983975e2659f9439976fc0894bef93dd79787ab2af0db365b50ecca98037f34170d538372038ca6f7801683de2ba531001823f422d69a74a376d6588a25902e480f573d026a9dfe9ba5adc32b6b173f385386b3c0145bdd09482096c564e56eb2c00ecbee9d0aef0e37f78a49cc21752bfeaea703320d9ba4a5f7b325a40d3843f5af10f683021647dac0e0661c0abda504e895eef0980a8aaf95ca9b7639d272de4b0121d63a3eee4d68242d5b5bd4af755afeb64eac69096754e39dae2313dce9afdab2cc133b491779f0a9baa911c32ae2cac3aafe13ffbb3f3f395858649b8d57e40831fcfa96008a63f87147ce498da9cbdddbc4bc2df8eb5bc07da80c2e54c0f2cbdc4d5fc7e1a898c63376cf46ba0ce41c233ad1a17e91296e70764625f7513d7db6bafafeb673ab83c03c90da4deaea56083425c25e4823c415fcf2c374c9e3257ac9a8fa3268eafbc14a96ccdc65d516944009ab5f8335271ab98ad4587ae114df4e963978fe9ba2304c6d1b89a03a4ee4ed29faa3a8c7bf775124b000f63b867d7eb24d1d8e78be28e0a80b82b6f94ff090dcbe1fd6a7501a59fc5ce38dbaababdf502072e30a2c290e3114e04bdb8127be43b24a4b1dd18b07032eb6449efb7226a84c946962ec56476ad81a692474f7e8e83b03d0bcb339b791743fb076cf9fb1f1350ebfb48a637913a93d6a63f787203a2a1470cd2db947f5780227e318fb244a2c6a637158cd952cdf1858d3dea923d0fb4e8701d1f7ae2b9fc74ec4ba08953ffd92d49cf5351baa0e95a2e4fe6e950f7fa14336dfc9b0aff6e5493f6d7ccf32120e9486cdaedaa778116c0a75962f6239088b278cbf979419", 0x1000, 0xffffffffffff745d, 0x0, 0x2, r2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x32c6, r0, &(0x7f0000000180)="2787f265a8513dd3f5181220f1212924", 0x10, 0x958, 0x0, 0x2, r3}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x2, r0, &(0x7f0000000240)="98c1f222ac39798c17cd7baad494eaf30132", 0x12, 0x2, 0x0, 0x3, r4}, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x1, 0x7, r0, &(0x7f0000000300)="3ca0cad95a2bc436ecf2f53f8b3a31c50e8893399e29888df76ad201de32c5652db2804d00207be072168ef20aa0f1e56ce7753e31bb7a0972558292126eb81c94fa3cd10ef44d99b738667aab15fb692b100a053ba72797fa3d9fb0271b3138fd2bfd69540475ba09fc380438e7c2f5f643e1a0515b038fde4f254856af69e17a5710d0d7896b677c887298815a8ce9146059d1c758dbb23fb1665a621c72004c42f234eb9dee586cc6", 0xaa, 0x4, 0x0, 0x1, r5}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x2, 0x4, r0, &(0x7f00000014c0)="9cc26197dcacd9bc80b44a935dfa1e66b611702371940b3c17b232f819e3", 0x1e, 0x8, 0x0, 0x1, r6}]) 14:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000068000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000001580)='/dev/full\x00', 0xb0800, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f00000015c0)=@assoc_value={0x0, 0x1}, &(0x7f0000001600)=0x8) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000001640)={r2, 0xfffffffffffffffa}, &(0x7f0000001680)=0x8) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x6401000000000000, 0x0, 0x0, 0x0) 14:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007a00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm_plock\x00', 0x40000, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x7fd) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4) setsockopt$rose(r1, 0x104, 0x1, &(0x7f0000000080)=0x6, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000040)={0xfdad2534a039ba71, 0x0, 0x0, 0xfffffffffffffcaf, 0x0, 0x0}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x101400, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x16001, 0x0) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000140)={0x3f, 0x39da}) recvfrom$x25(r2, &(0x7f0000000240)=""/20, 0x14, 0x40, &(0x7f0000000280)={0x9, @remote={[], 0x3}}, 0x12) 14:11:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x6800000000000000, 0x0, 0x0, 0x0) [ 792.927840][ T1582] binder: 1579:1582 ioctl c018620c 20000440 returned -1 [ 792.943392][ T1583] binder: 1564 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 792.943405][ T1583] binder: 1564:1583 ioctl c018620c 20000040 returned -22 [ 792.969283][ T1583] binder: 1564 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 14:11:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) r2 = openat(r1, &(0x7f0000000080)='./file0\x00', 0x100, 0x2) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000040)={0x7000, 0x10000, 0x4, 0x9, 0x10000}) 14:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000fffffdfd00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 792.969297][ T1583] binder: 1564:1583 ioctl c018620c 20000040 returned -22 14:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000006c000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0) [ 793.081208][ T27] audit: type=1804 audit(1553609478.580:89): pid=1582 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir807295522/syzkaller.OC9G0G/1213/file0" dev="sda1" ino=17697 res=1 14:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x4, 0x6100) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, 0xffffffffffffff9c}) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffff9c, 0xc008640a, &(0x7f0000000080)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000000c0)={r2, r3}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)) creat(&(0x7f0000000100)='./file0\x00', 0x4) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x20000, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) open(&(0x7f00000003c0)='./file0\x00', 0x8000, 0x81) syz_open_dev$sndpcmc(&(0x7f0000001500)='/dev/snd/pcmC#D#c\x00', 0x6, 0x800) 14:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000200000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7400000000000000, 0x0, 0x0, 0x0) 14:11:18 executing program 3: r0 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x0, 0x1) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000140)={0x7fff, 0x5, 0x2, 0x1, 0x8, 0x80000000}) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x802) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x200, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000180)={0x81, 0xff}) write$FUSE_POLL(r2, &(0x7f0000000100)={0xfffffffffffffef2, 0x0, 0x5, {0x7}}, 0x18) 14:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000074000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 793.204796][ T1601] binder: 1600:1601 ioctl c018620c 20000440 returned -1 14:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2080, 0x0) ioctl$DRM_IOCTL_GET_STATS(r1, 0x80f86406, &(0x7f0000000480)=""/4096) 14:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000007a000000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000300000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7600000000000000, 0x0, 0x0, 0x0) [ 793.281328][ T1610] binder: 1606:1610 ioctl c018620c 20000440 returned -1 14:11:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 793.365148][ T27] audit: type=1804 audit(1553609478.860:90): pid=1610 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir807295522/syzkaller.OC9G0G/1214/file0" dev="sda1" ino=17377 res=1 [ 793.371057][ T1617] binder: 1615:1617 ioctl c018620c 20000440 returned -1 14:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000030000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000400000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)) creat(&(0x7f0000000100)='./file0\x00', 0x4) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x20000, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) open(&(0x7f00000003c0)='./file0\x00', 0x8000, 0x81) 14:11:19 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000080)={0x2, [0x0, 0x0]}, &(0x7f00000000c0)=0xc) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000100)={r1, 0xfffffffffffffffe}, 0x8) syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000140)={0xffffffffffffffcf, 0x0, 0x0, 0xfc, 0x0, 0x0}) 14:11:19 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0) [ 793.524468][ T1617] binder: 1615:1617 ioctl c018620c 20000440 returned -1 [ 793.546144][ T1630] binder_alloc_new_buf_locked: 33 callbacks suppressed [ 793.546154][ T1630] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000050000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 793.572686][ T1632] binder: 1626:1632 ioctl c018620c 20000440 returned -1 14:11:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:19 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x8000000000000000, 0x0, 0x0, 0x0) [ 793.633874][ T1630] binder_alloc_new_buf_locked: 33 callbacks suppressed [ 793.633889][ T1630] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 793.651078][ T27] audit: type=1804 audit(1553609479.140:91): pid=1632 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir807295522/syzkaller.OC9G0G/1215/file0" dev="sda1" ino=18189 res=1 [ 793.662655][ T1639] binder: 1638:1639 ioctl c018620c 20000440 returned -1 14:11:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) read(r0, &(0x7f0000000000)=""/104, 0x68) [ 793.695538][ T1640] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000500000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)) creat(&(0x7f0000000100)='./file0\x00', 0x4) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x20000, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 793.743905][ T1640] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 793.769131][ T1640] binder_transaction: 34 callbacks suppressed [ 793.769146][ T1640] binder: 1637:1640 transaction failed 29201/-28, size 24-8 line 3148 14:11:19 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x8001000000000000, 0x0, 0x0, 0x0) 14:11:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x95}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 793.792789][T27606] binder_release_work: 34 callbacks suppressed [ 793.792797][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000060000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:19 executing program 3: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000002500)='/proc/self/net/pfkey\x00', 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000002540)={0x2193b28b, 0x8, 0x2, 0x8, 0x0}, &(0x7f0000002580)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000025c0)={r1, 0x5c, "8b1431506a0100c6a9e56cd2ef22acd2ae08c3e845beda8dde7a207b7caa29ba0fe0a4a3ff775e9e592713bbb36344a52810783cd350dcd132bdc836296a5adf29da64c3806993171326c295fea487ca4aadecce226570c599c0e4de"}, &(0x7f0000002640)=0x64) r2 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) readv(r2, &(0x7f0000000380)=[{&(0x7f0000000000)=""/197, 0xc5}, {&(0x7f0000000100)=""/95, 0x5f}, {&(0x7f0000000180)=""/181, 0xb5}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000000240)=""/94, 0x5e}, {&(0x7f00000002c0)=""/150, 0x96}], 0x6) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000002680)={r1, 0x6, 0x4, 0xfffffffffffffffb}, &(0x7f00000026c0)=0x10) syz_init_net_socket$llc(0x1a, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000002480)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000fed000/0x13000)=nil, &(0x7f0000fed000/0x4000)=nil, &(0x7f0000fef000/0x3000)=nil, &(0x7f0000001480)="7531e27be332f40821f6937277760e19f26a987209649a8489877dbebd97117dd78b39a8b6fdad8cab4350a82411f95c603455af8e14ad0b779eeeb7fb3ee630f0793d9d86070de645c6b827e81a6a0c3eb626e16c6c1b7ea99d6892a067a2c72afa4008766ffd8b74f0c3d2426f629cb6756e1a67cddf5058f61010f7f722af818355fba919600a74951119fe24324edde798f41697d99452c3037e7324b43886a8cbb00f63ee59ed8a3bbc21d1dd6b7514c0124331d13acf0c115fd1f563530687aec00e1c0f509870f2c2bfb2bb97f8be6f7e8981184a14aac46360c7f330114315617b4e7556dca30d6198d57151d9ca391d5029289cb83492291cfcb98f90147c45cb9a2a2a1f949cbed3a8dcc34d44d374dc270c31108477d50522b9669f2089a753cda2e2cb970e01c41021b4358b16a6a432d3375be3f46e3c0e86b7187818e2f788a5bc9b1fcdde3ca530b90a750eb30f34818abe7ba5c3776e4a303e1464f2e0d3540c21896515d3574cfbbd12751ebba6414af0f0a3a24c22eff25db1fa567ea4fa749e0a5d517c53c57ec7f37bc5b919a19d82c70a8e7b7d21dbfd6100aa199d71f18b44f72daa1254e7cf613dc71d75abb635e334dc58a7d9ffbf6e4d9945f7c5770591ab5317ff022d71d094aee4caecdad33dc2848d94c1c2875f44c04facbe550f8e841caa2b55100f547694a3691a35c316b276cd8ed6b653ecbee69a753ab14d7d09b088a4296f677f3e3dd72abcd0c1df6ec364fa1d63a7ce88347d89ef34d898d233296a045f23d01456dbf72ca5e2829bfb38878d7fb19f7d3418d32d8884bdba62a0b61cce8c17bbea5197a7dfdd5be0028c7282a6eaecf0f2e6043ca38151ee1c3985873d9ad6866e577a58de939e4822ade4d52487f6ba2c1b6933ed8d4099c7b4467e5027b260886b2bb072128dc1588f6383b5f7059101ccc700e6643beef3a9e68a609223426d16351b1a8ff3d798944cd97ee1106ab3361a001fa7f9b6764bba4490742d88b46625481d6d16a1a24a39ae83b0c7cc3dc844d5616fe456c1a9c0e29eaa1f545a5829401018120cf8405e64dbb8da0486f792c207bfffd2d447aaf94ccb13ff01186baf0abd5fdcdba5ecf730f715404c59e67a5440b3a22e761f921522174d12b695d303de9cfb32fa1c9a16a339318fa5504e0848f0e434d1a9d8664aebbcce5e4070e6bd17e6d65f5a45ade3085d86857bc2c6747a19b4ab6835cfeabe61cc19f2354d27f827f43ef3eb275d237ed93cf95c2475a19f0d33ce990ab09d9d5f5eefa08fd082aed5d53afd96c83f94581110e74b91e06cfefec01c8e2b05b8a1364e52be6209fe6661f416c975f71623406b413ca4f408aaf0e1489691572e255a7765f00f4b9b03983bada1416e8406596099e628ca671ef610b776762c8d865769e157287a73d23fcb9be000aac96ef8c91acb551040b60a9446343df5a121fba349f8ebf4db2a7b21a9b9ba18ac45f9dde3b59b69b2f4daa71a69018bc4241646c14d9203382fc337e2197566d89dbf74eae39163b8a65e502da96a1acdd5f9bf86111ffb67b1c2a7602b5308d2564399f1bd63c6c76f7a88c9ad2c214534b0414b83a6e33e7eaec8ccdd9e73f2de5608260de5fa2c505e42530ff7717a59d1689e3fa6109dd894c14e4ba92ed2b5338c77244c8ae54f8cf20989ae832ae5efb8efc5a771e2f8708066077b1bf79ea572f1d310512537ece931b1a0fb656d9d9949d5daec17b58fc506cf8d4c834a8f8d65f331a9134f49168bd454a2f7ef3209d3ac74ea23f7827ac5af7b082d5a4d57504692176d1cb9ca2c2d044317e0a313e3aabf2ca8d403e3132844a7a9d83cfcc2f0f1a16a27e5c0b11ee643cd136a41fb50cb3d0bfd2d892aca30cdc98d69eba83132e8c5e2f0a6d58c38cac130c6ff8503f69e5cf904c32ce5846ea0c567bbc74611f2cfae5cbcf42b3f520aeac2f2a3af1c40a16d5b72b9c1c36d6d9f1b2b958c374911b49d40deeef4eb86a974290c05a9e12c266df859f649280120aa1f71e72f8b456e816d27983666fc31f6a472343c326144a9d29fec920b0ab061b17f6340c1268d61a65051c5dce81190dbc019cc3745642bd8108ed51ed5a167fabdbe777af94b8428cfb66d2babe2392f1d3575e07fe88a47ad5414e9fa09ff1a55658ce0e822b79e08f1b433aa63a89f16b34f907ecf10d094a1251a66584be550889ec8d799b64b7aa47f73cd0350a1ecd23b8ca402629362f38d6a4a26740427231b335c020de5ffa1f6be5321f74b43d1aca5bb04ad8b86d5360238b9fae1cbda133655668e4bf769db268f9c68b0b4b23aed1d4bd00575ae44ec9704c7a5a73e19cf347c1475dbba4c889184e6dc79288f7079d4eb7f5a5355cd88451e5e0d9e6962878b779aa2c31116fdfadf313191e2973c0716e2997aa109bd3fcae761d6fb03a1dbcc737fcc0dd840baf1ad3526467e3fd4562e83efc5b8bb3e1ab7e9a513f888a4a77ee708005078a70a053a64cf15528d0cd27479e440e0df6fb15469c05a2f0bdb94d05bd83fcfeac2eedffcd76fd958a31ea5830cacd250d69a73270475c86ab84181349d8a8804f295ba2b74b57e675ebc1a08f003be5c91b5941e7c4edced19ee67b695855a7c3047b19c0d3f2ade7cd3947aaa2418a0794891d5e81ac274cfd9b98b184ee2dbcdde8b8b07bc0b584aa1733b1184fecc982ba0a553a414030b82245cf211ff0245c3f6737c25cc62053f400c871615fb708e0dab115452697ac10b921d16fd4f45a362033cc55b8c4ea3802631b2dc65b6a7774283b14699c40a0dd8cdacf380326d977e179d70fd4e863442397b775be687396c6f5832dc15341d78db4b612f6826bc9386401ff69c00743031027023c67ced6aef1484d4fb336babdfe171d783e2e6909c219ed9dd7b806366e2ef309b42511fbefdfc3afff36f6b60f5be622b96b33f5f49d9f342c8d05653732ceffeaf5432a56e0003902e7388339ce6f88caeea0afefb376734c6427b9f908f599685ac3e7cf561e17c84c449ae5488c0408ffbe06667e9d244637bdea67ea72ec11d662a54de55c2a4c545f3afde884e6e85fedc32f8a777966d76b2c73c3774076de612a6d827d94804e137cadb370d46b35fba51cc5900f40196429556cff731117e763a922be9d7460d5b4dc14e44156a59b12fa1fd169f39b951c465b0bb26daacb04d4c198573294081cbcbff5d375fafc9dde82c1e5c6f8872456491808e75c525f50ecb96913fc485472ffc5054f80dcf012c1c9bb694ae0cb49c203cbee5b8e1943dfd6b4d5d478e3ba69de0ded068989efdd1526883e334231b33d819143cc637e7ee81712ad0d1a7cc1a36f539142447f8fc0dd604a758c8147c55a9e118ab642e0613fb05211aba6f7a5147768283ad554e04002208d1f680a45e5bb3b7ff562fd2a114c69818692e8299c47c48dae0d246b47ebecd36f66d3b190303a37a2b0fe5c066fd240b3721b867bbb809f451d0b6a3addc7f8b5be37cb055d78848d4134128daae8daf9178329dd6bd9c853246eb768b4a821ee04b8ee76fb610ad5643a40899c396ac62c467f57f1c4d29d61aaf1ec5b336c797e1c670ec450bc01d3051a7df6802a58943b3d723f07802eb519a1a3a1166f5382394b3f7cb3a918147c5e0a5c36c7cb8a81c53a95664d07f053b4bf182a08109b3018367173dd8f0d1dae68786fbbe80844b9bffd6a7c20656de8a81e65b01d318efe1b2e2a30338cccdf74041af87393aebff379072b4cc0308e48e7b6888fda9a0169399964081aa904df86f8d69c6b4e3d0f50ef216493023146ae51deb8c951e814918aeee48e1d5d6e2f14601d3dd65c8c8ee0da27563761a86a879c49cc67a4fed68f685eab3b2332871252ee0e4a4bc4050b8efafbde6858c558c332e38a6f3ba3ce7f06488088f3bd13e31fd689afc6c6e9342a5fdbb3a760f755de89a386f62652ff401fdf4f723a6eb01a2cfee0d234bff5c8c773046a976ab97fc593be5e8a166b394173a7161476db3b78668aa1e517d69327e5e641a5f1531e16863422e5607b21c988aae7532046b4d091139e216e11bc01def37550ff841221204d910c5fc9dd0d2ed6fca456ca330d06844d9c0b1a4305567838bef4d63235a76aae5f07106f2c96f5642d60aa42e9a8a7ee7fc31343d52fdf9d0dba4b084f98dfde431d52afe37b1953f3bb6c4b8a6cb13ba5d3cf6e744eeabda8a490f164f320fa9e09a72d17c76721fa8c333331618c2c570eca4db38b7b25631431caf8542ff70f7500f1e815efa4b246ef661b1d16a6f0317c8c3aa3c864d0907359e39819eff10e8bf518bbd21389b1bad7fa102f4276c5a81c5b8a0a1d3a33247e41f7f44e5ac94d370cd9f0af536263c0f2ef611a2842799f97f8dc6bce3664eff456dd8602efed3add687f728b00c78f6495de35f7b7fddccccb74f62acf99b4c1479fd7feed6ff4b12c4ce9f57b58285d6e928c989c7e7ee6bed2781303ba4c7c584600f135133ecf5360d47f86b050b40ad1f0149c0f10b2d1560d8e2571357301df19624d421051839847fcc992535d0958dd38cf4dc80dcc2337b9b3d8adca7887ef65e6075c2b43c2fed89118249024f699f1b946675d96105ee8830c0ddd42dab5b5bb06d4e6b86b022e39a09d09355380d630e993f4196c9e06910fa8b80331b831df25fa999811f78940bda1204014a8d0db25d22c8a544cab160b774faf1f05c1ef2443477ecc913f9d2122b88dbc0959e9b449156532c6082695475b621b14d8a758c21010fc897fb1464b69942da46f471a3d06910fe069d0ef4132eb8c0498f7081dac0c3dbf64dad9c6a3b219c497f4a63767b596e444befb1dbc0bbd1ca303c5cfe29dc4e6fefe3f32b2f6fa2b28d7d83b14a59506d5d2a4d6d6f83db7609fcdd8995db8a93dc4ea51d686a00077740953ef44f8e94780ebc373aa9a652d02ac5af6e4b8c79e83e6e5a45eb613fa70391cb2938c71e3aed35ddbfad345911218630e42fa3dbf82c5f5a675214a78c90eec04c64568bc6941f035e903a69e28d0cd1f0d6d604962dc8a15793ee78c014d9a497455ba9c2a4222a4413ab2a277f84d9993ac5ed8ee493cd8cbcb66049c2cd7cec2a42fa561581986d884cb8e5adb9c6f0519f50ce78cb06472091b4645238375e875cd19e30b39d383841eb2eb3c22f8e8a489a214b8e961522e02da310353a7b62977f289492bbea7f0649dd53bb3116864ea56a88ffe0d1d25e56f2c935dc8bef9931d53de3399907d0d1b0602a5a3941810179d52097cb52e357f6e6c9a941e53d368c789bb99666eaeede768ba703c3eee649fa9392206272301ab718309c95cdbdb58d0533dea6fb7590dbef8601367fc08a3ff9768adfaf7e1a022db345450886330c848f7858e9397cae9606f9d1e32324ebcaef98eb64c75ebe0ee89323527141200a7029d5894cd936d68ee1c632e5ba45ed2479aeb2c6bf8df55d3a9f284e1d4fc267fb38171210b71139029c4c269460e614eda695afc67fecfb5cb9310861c8034b3a62a4afa7c4fbd2b87d00f1dc7942b79f82c54e9e8cd68bd4d355fafad8bf8887057fff1fe745ac26447690513bbf1b97ab14a4e422e4118442e6d00ebffdb502821fe8cc7eeb37eb5486944639f47d7b734ec4425431946b38481f0f6ee84e508c9b72c778c1896c1cdc8ae429e3d6da33af693941ec060172073ad6fbd5544ef12da36c76b6420deb04bda1a8b835a2815889f3148d39e051a3dcead8ad", 0x1000, r2}, 0x68) [ 793.862069][ T1651] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 793.870442][ T1651] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 793.870482][ T1651] binder: 1649:1651 transaction failed 29201/-28, size 24-8 line 3148 [ 793.881739][ T1652] binder: 1645:1652 ioctl c018620c 20000440 returned -1 14:11:19 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x8002000000000000, 0x0, 0x0, 0x0) [ 793.922767][ T1656] binder: 1653:1656 ioctl c018620c 20000440 returned -1 [ 793.949818][ T1658] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000600000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2000, 0x0) ioctl$VT_RELDISP(r1, 0x5605) 14:11:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffff9c, 0x0, 0xd, &(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff}, 0x30) fcntl$setown(r0, 0x8, r1) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) recvmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000100)=""/53, 0x35}], 0x1, &(0x7f0000000180)}, 0x2100) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1c000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000480)={0x22c, r3, 0x20a, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x800, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x101}}, {0x14, 0x2, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}]}, @TIPC_NLA_SOCK={0x40, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7ad}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100000000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x130, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf042}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7225f299}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffffec1696f2}]}]}, @TIPC_NLA_NODE={0x38, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x291f4f33}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x40}, 0x40) [ 793.973614][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 793.990639][ T1658] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)) creat(&(0x7f0000000100)='./file0\x00', 0x4) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:19 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x8096980000000000, 0x0, 0x0, 0x0) [ 794.056915][ T1658] binder: 1655:1658 transaction failed 29201/-28, size 24-8 line 3148 [ 794.088501][ T1668] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000070000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 794.106360][ T1669] binder: 1666:1669 ioctl c018620c 20000440 returned -1 [ 794.111400][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 794.135123][ T1669] binder: 1666:1669 ioctl c018620c 20000440 returned -1 [ 794.136154][ T1668] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 794.152848][ T1673] binder: 1670:1673 ioctl c018620c 20000440 returned -1 [ 794.176697][ T1668] binder: 1665:1668 transaction failed 29201/-28, size 24-8 line 3148 [ 794.198854][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000000)={0x7, 0x5, 0x7, 0x0, 0x0, [{r0, 0x0, 0x400}, {r0, 0x0, 0xfffffffffffffffe}, {r0, 0x0, 0x6aba}, {r0, 0x0, 0x1000}, {r0, 0x0, 0x1000}, {r0, 0x0, 0x1ff}, {r0, 0x0, 0x100}]}) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:19 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x8cffffff00000000, 0x0, 0x0, 0x0) [ 794.211291][ T1668] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 794.231066][ T1668] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 794.249601][ T1668] binder: 1665:1668 transaction failed 29201/-28, size 24-8 line 3148 14:11:19 executing program 2: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x15d, 0x0, 0x0}) 14:11:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000700000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 794.277079][ T1683] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 794.280867][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 794.316512][ T1683] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:19 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x970e30b95a000000, 0x0, 0x0, 0x0) 14:11:19 executing program 3: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) 14:11:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 794.376743][ T1683] binder: 1680:1683 transaction failed 29201/-28, size 24-8 line 3148 [ 794.376826][ T1689] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 794.424148][ T1689] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 794.434307][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 794.460070][ T1689] binder: 1687:1689 transaction failed 29201/-28, size 24-8 line 3148 14:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000a0000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x9, 0x4800) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:20 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x9e00000000000000, 0x0, 0x0, 0x0) [ 794.489464][ T1697] binder: 1694:1697 ioctl c018620c 20000440 returned -1 [ 794.497347][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000a00000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x111001, 0x0) write$FUSE_STATFS(r1, &(0x7f0000000040)={0x60, 0x0, 0x7, {{0x4, 0x0, 0x5, 0x10000, 0x7, 0x3, 0xbcc5, 0x5}}}, 0x60) accept4$tipc(r1, &(0x7f00000000c0)=@id, &(0x7f0000000100)=0x10, 0x800) ioctl(r1, 0x800000000000006, &(0x7f00000002c0)="5a49f9e10783231d367c116c7ac37fa00fee4573202631c0e7dd33a1f5a1855c517680d3263c712661d32d8de7c1d339932a793e99458e942df47d4b2600a77a42de4935d76ec7be39029f08b076b07a0b") [ 794.563115][ T1700] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 794.597244][ T1700] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 794.617062][ T1700] binder: 1698:1700 transaction failed 29201/-28, size 24-8 line 3148 [ 794.627300][ T1706] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 794.632826][ T1707] binder: 1702:1707 ioctl c018620c 20000040 returned -1 [ 794.640951][ T1706] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 794.658252][ T1706] binder: 1701:1706 transaction failed 29201/-28, size 24-8 line 3148 14:11:20 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xae00000000000000, 0x0, 0x0, 0x0) [ 794.667226][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000120000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x800, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f00000000c0)={0x0, 0x0, {0x7, 0x20000000, 0x201e, 0x8, 0x9, 0x7, 0x1, 0x5}}) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f00000001c0)={0xfffffffffffffe4e, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:20 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/4\x00') setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040)={0x1, 0x7d42, 0xfffffffffffff818, 0x3ff}, 0x10) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 794.740366][ T1706] binder: 1701:1706 transaction failed 29201/-28, size 24-8 line 3148 14:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000001200000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 794.786861][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 794.797480][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 794.798655][ T1717] binder: 1711:1717 ioctl c018620c 20000440 returned -1 [ 794.821173][ T1716] binder: 1712:1716 ioctl c018620c 20000440 returned -1 14:11:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000200000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:20 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:20 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xb801000000000000, 0x0, 0x0, 0x0) 14:11:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000280)={r3, 0x0, 0x6, 0x9, 0x101}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000100)={{0x350f0b597b4178e2, 0x3, 0x258, 0x3, 0x80}, 0x4, 0x5a}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000080)={0x0, 0x5, 0x1, &(0x7f0000000040)}) 14:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000004800000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:20 executing program 3: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x20000, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x0, &(0x7f0000000040)={@rand_addr=0x7ff, @multicast2}, 0x8) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000480000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:20 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xc400000000000000, 0x0, 0x0, 0x0) [ 795.027020][ T1734] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 14:11:20 executing program 5: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 795.077375][ T1738] binder: 1733:1738 ioctl c018620c 20000440 returned -1 14:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000004c00000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xb, 0x0, 0x0}) r1 = syz_open_dev$radio(&(0x7f0000000440)='/dev/radio#\x00', 0x2, 0x2) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r1, 0x350, &(0x7f00000005c0)}, 0x10) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x9, 0x2000) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000540)={0x53, 0x13aa1ada23691070, 0x0, 0x9, @scatter={0x5, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/119, 0x77}, {&(0x7f00000000c0)=""/106, 0x6a}, {&(0x7f0000000140)=""/197, 0xc5}, {&(0x7f0000000240)=""/129, 0x81}, {&(0x7f0000000300)=""/47, 0x2f}]}, &(0x7f00000003c0), &(0x7f0000000480)=""/97, 0x3ff, 0x4, 0x2, &(0x7f0000000500)}) 14:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000004c0000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:20 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xc803000000000000, 0x0, 0x0, 0x0) 14:11:20 executing program 5: syz_open_dev$dspn(0x0, 0x1, 0x4000) 14:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000006000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffe) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) name_to_handle_at(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0xd7, 0x400, "de85a69086283f9d1c8fe29ada259c8b399693e3c0c41ffdf60e49017801ab5cdd0364bc1d929eb338d006692c0367cd41140610a7190a899a8c3b6e421709497e2e2f99bbd6bc4ca8a36f0733a529646fc3400c9158970261187bfbdc2fd55c281b3de2d96cccfc88d48e8bd025966902e650d28ed215b64bb68797231e5fb43e2e3c8847a5d55763bb280789fdff887c78941020abe81f26b1aa9c5e8229c1d71fcb648237f0cb1fb09f16924a1cab2222ce855ef21b647e8e00b0f161932497c0a731dc5b2c011173c897ca6817"}, &(0x7f0000000180), 0x1000) ioctl$RTC_WIE_ON(r2, 0x700f) 14:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000600000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xe203000000000000, 0x0, 0x0, 0x0) 14:11:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x402, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000040)={{0xa, 0x4e21, 0x0, @remote, 0x7}, {0xa, 0x4e22, 0x80000000, @rand_addr="a265f147aac62aebe5b0d9f2e2f02709", 0x40}, 0x7, [0x6, 0x690, 0x100, 0x9, 0xfffffffffffffffd, 0x200, 0x540, 0x5]}, 0x5c) 14:11:21 executing program 5: syz_open_dev$dspn(0x0, 0x1, 0x4000) 14:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000006800000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 795.554779][ T1738] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 795.570576][ T1738] binder: 1733:1738 ioctl c018620c 20000440 returned -1 14:11:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xf6ffffff00000000, 0x0, 0x0, 0x0) 14:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000006c00000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000680000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x1ff) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mISDNtimer\x00', 0xb0200, 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x90000, 0x140) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000180)=0x7) 14:11:21 executing program 5: syz_open_dev$dspn(0x0, 0x1, 0x4000) 14:11:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xf9fdffff00000000, 0x0, 0x0, 0x0) 14:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0xffffffffffd) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x8000, 0x400000) fcntl$getown(r0, 0x9) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000040)={0x355, 0x0, 0x0, 0xc71aaf395bc18131, 0x0, 0x0}) 14:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000007400000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:21 executing program 5: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x0, 0x4000) 14:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000006c0000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000007a00000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cachefiles\x00', 0x0, 0x0) setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f00000001c0)={0x6, 0x4}, 0x2) getcwd(&(0x7f00000000c0)=""/177, 0xb1) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000040)={0x5, 0x3, @raw_data=[0x7fff, 0x2, 0x5, 0x40, 0x2, 0x8, 0x3, 0x200, 0xfffffffffffffffa, 0xffff, 0x6, 0x1, 0x4, 0xf, 0x1, 0x4]}) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000200)=0x20000000000, &(0x7f0000000240)=0x2) 14:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000040)={0x0, {{0x2, 0x4e24, @local}}}, 0x88) accept$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newtfilter={0x2c, 0x2c, 0x100, 0x70bd29, 0x25dfdbff, {0x0, r3, {}, {0x795839c1adf806c5, 0xc}, {0xfff3, 0xc}}, [@TCA_CHAIN={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) 14:11:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xff0f000000000000, 0x0, 0x0, 0x0) 14:11:21 executing program 5: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x0, 0x4000) 14:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000740000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffe) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000003000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xffffff7f00000000, 0x0, 0x0, 0x0) [ 796.082368][ T1805] binder: 1801:1805 ioctl c018620c 20000440 returned -1 [ 796.119145][ T1805] binder: 1801:1805 ioctl c018620c 20000440 returned -1 14:11:21 executing program 5: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x0, 0x4000) 14:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000007a0000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x220002, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000000040)={0x20400000000, 0x5, 0x3, {0x77359400}, 0x7, 0x9}) 14:11:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@broadcast, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@remote}}, &(0x7f00000001c0)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000200)={{{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}, &(0x7f0000000300)=0xe8) openat$mixer(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/mixer\x00', 0x400, 0x0) fstat(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_rdma(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x2000, &(0x7f0000000480)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@timeout={'timeout', 0x3d, 0x1000}}, {@rq={'rq', 0x3d, 0x934}}, {@sq={'sq', 0x3d, 0x7}}, {@rq={'rq', 0x3d, 0x1ff}}, {@rq={'rq', 0x3d, 0x9}}, {@common=@cache_fscache='cache=fscache'}], [{@uid_lt={'uid<', r1}}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/binder#\x00'}}, {@uid_eq={'uid', 0x3d, r2}}, {@fowner_lt={'fowner<', r3}}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@permit_directio='permit_directio'}, {@dont_measure='dont_measure'}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/binder#\x00'}}]}}) 14:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000005000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0) [ 796.265393][ T1821] binder: 1820:1821 ioctl c018620c 20000440 returned -1 14:11:21 executing program 5: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x0) 14:11:21 executing program 3: r0 = syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0xffffffffffffffff, 0x8443) ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000100)) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2) [ 796.340239][ T1821] binder: 1820:1821 ioctl c018620c 20000440 returned -1 14:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000001000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 14:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000006000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@remote}}, &(0x7f0000000140)=0xe8) r3 = getuid() setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000180)={{{@in=@local, @in6=@empty, 0x4e21, 0x2, 0x4e24, 0x0, 0x2, 0x80, 0x0, 0x6f, r2, r3}, {0x2, 0x7, 0x3, 0x1, 0xf360, 0x9, 0xe56b, 0x9}, {0x9, 0x6e8, 0x7fff, 0x9}, 0x4, 0x6e6bb0, 0x0, 0x0, 0x3, 0x3}, {{@in6=@mcast2, 0x4d6, 0x3b}, 0x2, @in=@broadcast, 0x3507, 0x3, 0x1, 0x7ff, 0x80, 0xa6, 0x7}}, 0xe8) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:22 executing program 5: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x0) 14:11:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000002000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:22 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2, 0x0) 14:11:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) [ 796.517794][ T1845] binder: 1842:1845 ioctl c018620c 20000440 returned -1 14:11:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000007000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x400000, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0xffffffff00000001, 0x80, 0x204, 0x9, 0x1000, 0x0, 0x10001, 0x6, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x9, 0x2, 0x40, 0x1, r2}, &(0x7f0000000140)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000003000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:22 executing program 5: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x0) 14:11:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = add_key(&(0x7f0000001640)='logon\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0xfffffffffffffefa, 0xfffffffffffffffb) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000680)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'], 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_SET_UNIQUE(r3, 0x40106410, &(0x7f00000003c0)={0xe1, &(0x7f00000017c0)="dea6b33db92e35fd836602ad146ad5d5be2f589a4954c5bcb3c77737fd4d7e5ca765500c7262930a0a7ed342aa8560f555804820becdcecc01b0474a67f98ab97c7911c18eaaba8e52f37b651362b0a04f4d825cae3fd19115203bf8f9213a9caff09776c0947a98cba99f2b2595f08ff501e63c5a377954b9cc4235d8523ed707033239ee205c1c6e1fa501f72f10f5abbf27dbabeb911913f9fc816141326d45edb6d513f210529831964bd69a8d7135badbb9c31b78a28ae84badc754429e337c35cf3d9bb24a6afeca2b98a1e00f9f07e0e07ce1bd2a2ea0c4d373c6d6a898"}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x8603, 0x18, 0xfa00, {0xf0000003, &(0x7f0000000440), 0x0, 0x0, [0x9c00]}}, 0xfef5) r4 = add_key$user(&(0x7f00000016c0)='user\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000001700)="1b6778b189aaae56309a4dfc6605d906d3dd2456d3871ae571a0855c31136dad3f8f4f8e04ddbde729a0c1e10a005dde6838402e2ea3d6718f39be22719cf441a2e9c24c720ab6fd857d94619f8ebb5d5e3987abc9b4258028f4e01b007b19f74d4070d394d042d5a149f69b926dfa82169a7a46e969b4001803d720ccfbdea4890c97dc1e1e996c6fdb19e804b55889140df51be7f483401988a042cfdd0d84", 0xa0, r1) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000001480)={r4, 0x773, 0x4}, &(0x7f00000014c0)=ANY=[@ANYBLOB="652068617b683d7368613232342d6e69000000150000200000000000000000000000000000000000000000000000000000000000e8539105ed44978b21e49037dee100000000001d1d"], &(0x7f0000001540)="cc7cb6a0ccde74a97e381ec58d76438529945db4469ef8c4d88108a1b397591db03b4c63", &(0x7f0000001580)=""/148) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="f169475436241f40d19a59f8f20112ee48799dcb99150adfc0564e93719c9e50a209319cc263355c0ec6f217c02561e2e3235e7ff5f57a9de08e89c504f12af647e58e5a04e8b3d74a3a5c526679a9acdab7409b486d46c469b52aff51b3d947caeab2e48a9c67da9c687e48a5f6954ee25094ec7ae0cadb85cc2ddccacd57bc3131a841873297f804bbfb9385005c792057b090a74c12f2cd83737615b429", 0x9f, 0xfffffffffffffffa) signalfd4(r0, &(0x7f0000000380)={0x1f}, 0x8, 0x80800) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000140)={r5, 0x0, 0xffffffff}, &(0x7f0000000180)={'enc=', 'pkcs1', ' hash=', {'sha224\x00'}}, &(0x7f0000000200)="eecd012ccaa32b85ca266b015f0ebec64b037c6f38b30310b55bb3d0913cf7d254375f6d94772cb8f27759d1a4f8cdcbdd11e5ad4ff896bd6c9e028b2bd4aaf4ea42a7bd9e020a0cab6d70db43cae192c25c68af6d904e23ee5e0478abf253b533a8fb501de0726a48af410ea053f999c36b0a0881e095488350a54da728b64b9852b9540408c51264fe5063b6c17195d88c1de01a417c93f04722f024163fe5cefcee1a2d839696470f7804bd0d74eef66d0a7c58fd9e66a1f70ddf9f453b2fa97bacd42034b657e86a74bf857a22499706f7ed7a92c4b14ec319b0b99890df", &(0x7f0000000480)=""/4096) [ 796.710226][ T1854] XFS (loop0): Invalid superblock magic number [ 796.746962][ T1871] binder: 1865:1871 ioctl c018620c 20000440 returned -1 14:11:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000a000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000004000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 796.775186][ T1874] binder: 1865:1874 ioctl c018620c 20000440 returned -1 14:11:22 executing program 2: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x1, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000140)={{0x2, 0x2, 0x5, 0x3, 0xd}}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x2a02, 0x0) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f00000000c0)={0x4, &(0x7f0000000080)=[{}, {}, {}, {}]}) 14:11:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000280)={r3, 0x0, 0x6, 0x9, 0x101}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000100)={{0x350f0b597b4178e2, 0x3, 0x258, 0x3, 0x80}, 0x4, 0x5a}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000080)={0x0, 0x5, 0x1, &(0x7f0000000040)}) 14:11:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000012000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 796.940866][ T1882] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 796.956842][ T1884] binder: 1881:1884 ioctl c018620c 20000440 returned -1 [ 796.986763][ T1884] binder: 1881:1884 ioctl c018620c 20000440 returned -1 [ 796.996685][ T1887] binder: 1880:1887 ioctl c018620c 20000440 returned -1 14:11:22 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3, 0x0) 14:11:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000005000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0x59110167) 14:11:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000020000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000280)={r3, 0x0, 0x6, 0x9, 0x101}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000100)={{0x350f0b597b4178e2, 0x3, 0x258, 0x3, 0x80}, 0x4, 0x5a}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000080)={0x0, 0x5, 0x1, &(0x7f0000000040)}) 14:11:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000006000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 797.535384][ T1898] binder: 1894:1898 ioctl c018620c 20000440 returned -1 [ 797.547673][ T1900] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 797.561870][ T1898] binder: 1894:1898 ioctl 40046205 59110167 returned -22 [ 797.572541][ T1898] binder: 1894:1898 ioctl c018620c 20000440 returned -1 14:11:23 executing program 3: r0 = syz_init_net_socket$ax25(0x3, 0x7, 0x0) open_by_handle_at(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="9730ad4caeadf11e4e54eb87045042a87e5b18f749f671b8aa99e86a375dbd14f8a88e4c687d7c9c3574e4ddb3e7ca02212cfffb4b3425a29cc48c8cdbaa45ac77e3994b83a17d26bf1178c3d74106880414d44fec063a1a5ed73a31a9f10119b6ccf00ddd7873958d1221e24eb957ec5e5d2f1d28437291c8be83c26a8571911dc834b1f011e0878c6ded2c7355f627d81f29ec5b64ade33bd123ab38cd00b3e838ebae6d573c02e59663d972ad3e30997f43cfb255c0a881b81da26d2aa3e8d4bee44b91ce325e810b44214222de7c1465cf9ee6d787"], 0x8000) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000048000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 797.615377][ T1902] binder: 1894:1902 ioctl 40046205 59110167 returned -22 [ 797.633270][ T1900] binder: 1896:1900 ioctl c018620c 20000440 returned -1 14:11:23 executing program 2 (fault-call:0 fault-nth:0): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000004c000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000007000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000280)={r3, 0x0, 0x6, 0x9, 0x101}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000100)={{0x350f0b597b4178e2, 0x3, 0x258, 0x3, 0x80}, 0x4, 0x5a}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000080)={0x0, 0x5, 0x1, &(0x7f0000000040)}) [ 797.781340][ T1923] FAULT_INJECTION: forcing a failure. [ 797.781340][ T1923] name failslab, interval 1, probability 0, space 0, times 0 [ 797.811356][ T1924] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 797.818807][ T1923] CPU: 1 PID: 1923 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 797.829599][ T1923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.839658][ T1923] Call Trace: [ 797.839680][ T1924] binder: 1918:1924 ioctl c018620c 20000440 returned -1 [ 797.842967][ T1923] dump_stack+0x172/0x1f0 [ 797.842999][ T1923] should_fail.cold+0xa/0x15 [ 797.843018][ T1923] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 797.843038][ T1923] ? ___might_sleep+0x163/0x280 [ 797.843061][ T1923] __should_failslab+0x121/0x190 [ 797.874441][ T1923] should_failslab+0x9/0x14 [ 797.878949][ T1923] kmem_cache_alloc+0x2b2/0x6f0 [ 797.883814][ T1923] ? kasan_check_write+0x14/0x20 [ 797.888759][ T1923] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 797.894333][ T1923] getname_flags+0xd6/0x5b0 [ 797.894352][ T1923] getname+0x1a/0x20 [ 797.894366][ T1923] do_sys_open+0x2c9/0x5d0 [ 797.894383][ T1923] ? filp_open+0x80/0x80 [ 797.902747][ T1923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 797.902762][ T1923] ? do_syscall_64+0x26/0x610 [ 797.902780][ T1923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.902791][ T1923] ? do_syscall_64+0x26/0x610 [ 797.902810][ T1923] __x64_sys_open+0x7e/0xc0 [ 797.936746][ T1923] do_syscall_64+0x103/0x610 [ 797.941344][ T1923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.947230][ T1923] RIP: 0033:0x4121a1 [ 797.951125][ T1923] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 797.970808][ T1923] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 797.979212][ T1923] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 797.987261][ T1923] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 797.995227][ T1923] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 798.003192][ T1923] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 798.011158][ T1923] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 798.040184][ T1910] XFS (loop0): Invalid superblock magic number 14:11:24 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4, 0x0) 14:11:24 executing program 3: r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x8, 0x300) connect$pptp(r0, &(0x7f00000000c0)={0x18, 0x2, {0x4f7, @empty}}, 0x1e) madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xf) setsockopt$inet_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000100)="4e8434adf860018c4a6e7b88a3d454b070e30c6ec8479ec6c94ef2683a9bfc861c1728b3d943b3a62f5fec943661375c488116a24fe0dea9ad1d655c823572e64dcf9eccc3a37983865efa7d7184e9dc35f25d47e8be9729a8cd66463801db2d0b2c546967ae246df4b7bd236c2103dd590a5c79752ed621c3de4068ffedd75f793a5516ede20657bf5060b7fad084ec27188fd2a4ddf50e82170914035192d3abc78715752eaf818a243212cae70a320b0e55", 0xb3) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000000)={0xfffffffffffffda9, 0x0, 0x0, 0xfce6, 0x0, 0x0}) 14:11:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000280)={r3, 0x0, 0x6, 0x9, 0x101}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000100)={{0x350f0b597b4178e2, 0x3, 0x258, 0x3, 0x80}, 0x4, 0x5a}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') 14:11:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000a000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000060000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:24 executing program 2 (fault-call:0 fault-nth:1): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 798.961106][ T1942] FAULT_INJECTION: forcing a failure. [ 798.961106][ T1942] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 798.973670][ T1943] binder_alloc_new_buf_locked: 43 callbacks suppressed [ 798.973680][ T1943] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 798.974596][ T1942] CPU: 1 PID: 1942 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 798.974607][ T1942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.974619][ T1942] Call Trace: [ 798.995914][ T1943] binder_alloc_new_buf_locked: 43 callbacks suppressed [ 798.995933][ T1943] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 798.998955][ T1942] dump_stack+0x172/0x1f0 [ 798.998974][ T1942] should_fail.cold+0xa/0x15 [ 798.998995][ T1942] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 799.026014][ T1944] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 799.028584][ T1942] ? __lock_acquire+0x548/0x3fb0 [ 799.028607][ T1942] should_fail_alloc_page+0x50/0x60 [ 799.028622][ T1942] __alloc_pages_nodemask+0x1a1/0x7e0 [ 799.028643][ T1942] ? __alloc_pages_slowpath+0x2900/0x2900 [ 799.033133][ T1943] binder_transaction: 42 callbacks suppressed [ 799.033149][ T1943] binder: 1940:1943 transaction failed 29201/-28, size 24-8 line 3148 [ 799.037569][ T1942] ? find_held_lock+0x35/0x130 [ 799.037594][ T1942] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 799.037612][ T1942] cache_grow_begin+0x9c/0x860 [ 799.037630][ T1942] ? getname_flags+0xd6/0x5b0 [ 799.044685][ T1944] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 799.051735][ T1942] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 799.051756][ T1942] kmem_cache_alloc+0x62d/0x6f0 [ 799.051771][ T1942] ? kasan_check_write+0x14/0x20 [ 799.051789][ T1942] getname_flags+0xd6/0x5b0 [ 799.051804][ T1942] getname+0x1a/0x20 [ 799.051823][ T1942] do_sys_open+0x2c9/0x5d0 [ 799.064539][ T1944] binder: 1939:1944 transaction failed 29201/-28, size 24-8 line 3148 [ 799.067264][ T1942] ? filp_open+0x80/0x80 14:11:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000012000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 799.067285][ T1942] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 799.067299][ T1942] ? do_syscall_64+0x26/0x610 [ 799.067321][ T1942] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.080918][T27606] binder_release_work: 42 callbacks suppressed [ 799.080925][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 799.088256][ T1942] ? do_syscall_64+0x26/0x610 [ 799.088277][ T1942] __x64_sys_open+0x7e/0xc0 [ 799.088295][ T1942] do_syscall_64+0x103/0x610 [ 799.115018][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 799.118909][ T1942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.118921][ T1942] RIP: 0033:0x4121a1 [ 799.118939][ T1942] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 799.160348][ T1942] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 799.160364][ T1942] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 14:11:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000068000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 799.160372][ T1942] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 799.160380][ T1942] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 799.160387][ T1942] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 799.160404][ T1942] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 799.219651][ T1946] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 799.272781][ T1947] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 14:11:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000000)={0xfffffffffffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:24 executing program 2 (fault-call:0 fault-nth:2): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 799.280339][ T1946] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 799.316281][ T1946] binder: 1945:1946 transaction failed 29201/-28, size 24-8 line 3148 [ 799.326950][ T1947] binder: 1937:1947 ioctl c018620c 20000440 returned -1 [ 799.336156][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000280)={r3, 0x0, 0x6, 0x9, 0x101}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000100)={{0x350f0b597b4178e2, 0x3, 0x258, 0x3, 0x80}, 0x4, 0x5a}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000020000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 799.406722][ T1955] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 799.417336][ T1958] FAULT_INJECTION: forcing a failure. [ 799.417336][ T1958] name failslab, interval 1, probability 0, space 0, times 0 [ 799.447998][ T1955] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 799.460731][ T1958] CPU: 1 PID: 1958 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 799.470213][ T1958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.480276][ T1958] Call Trace: [ 799.483591][ T1958] dump_stack+0x172/0x1f0 [ 799.484352][ T1963] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 799.487932][ T1958] should_fail.cold+0xa/0x15 [ 799.487954][ T1958] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 799.487975][ T1958] ? ___might_sleep+0x163/0x280 [ 799.487994][ T1958] __should_failslab+0x121/0x190 [ 799.517723][ T1958] should_failslab+0x9/0x14 [ 799.521583][ T1963] binder: 1960:1963 ioctl c018620c 20000440 returned -1 [ 799.522232][ T1958] kmem_cache_alloc+0x2b2/0x6f0 [ 799.522248][ T1958] ? __save_stack_trace+0x99/0x100 [ 799.522271][ T1958] __alloc_file+0x27/0x300 [ 799.522290][ T1958] alloc_empty_file+0x72/0x170 [ 799.548468][ T1958] path_openat+0xef/0x46e0 [ 799.552888][ T1958] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 799.558697][ T1958] ? kasan_slab_alloc+0xf/0x20 [ 799.563468][ T1958] ? kmem_cache_alloc+0x11a/0x6f0 [ 799.568490][ T1958] ? getname_flags+0xd6/0x5b0 [ 799.573163][ T1958] ? getname+0x1a/0x20 [ 799.577225][ T1958] ? do_sys_open+0x2c9/0x5d0 [ 799.581806][ T1958] ? __x64_sys_open+0x7e/0xc0 [ 799.586502][ T1958] ? do_syscall_64+0x103/0x610 [ 799.591264][ T1958] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.597328][ T1958] ? __switch_to_asm+0x34/0x70 [ 799.602186][ T1958] ? __lock_acquire+0x548/0x3fb0 [ 799.607121][ T1958] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 799.612499][ T1958] ? __alloc_fd+0x430/0x530 [ 799.617363][ T1958] do_filp_open+0x1a1/0x280 [ 799.621865][ T1958] ? may_open_dev+0x100/0x100 [ 799.626541][ T1958] ? lock_downgrade+0x880/0x880 [ 799.631402][ T1958] ? kasan_check_read+0x11/0x20 [ 799.636256][ T1958] ? do_raw_spin_unlock+0x57/0x270 [ 799.641374][ T1958] ? _raw_spin_unlock+0x2d/0x50 [ 799.646230][ T1958] ? __alloc_fd+0x430/0x530 [ 799.650746][ T1958] do_sys_open+0x3fe/0x5d0 [ 799.655161][ T1958] ? filp_open+0x80/0x80 [ 799.659408][ T1958] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 799.664864][ T1958] ? do_syscall_64+0x26/0x610 [ 799.669536][ T1958] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.675596][ T1958] ? do_syscall_64+0x26/0x610 [ 799.680277][ T1958] __x64_sys_open+0x7e/0xc0 [ 799.684778][ T1958] do_syscall_64+0x103/0x610 [ 799.689383][ T1958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.695267][ T1958] RIP: 0033:0x4121a1 [ 799.699157][ T1958] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 799.718755][ T1958] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 799.727163][ T1958] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 799.735133][ T1958] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 799.743106][ T1958] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 799.751073][ T1958] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 799.759042][ T1958] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 799.784853][ T1955] binder: 1952:1955 transaction failed 29201/-28, size 24-8 line 3148 [ 799.784944][ T1964] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 799.807918][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 799.810824][ T1964] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 799.829359][ T1964] binder: 1962:1964 transaction failed 29201/-28, size 24-8 line 3148 [ 799.848583][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 799.848628][ T1964] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 799.864178][ T1964] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 799.874151][ T1964] binder: 1962:1964 transaction failed 29201/-28, size 24-8 line 3148 [ 799.882923][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 799.889931][ T1956] XFS (loop0): Invalid superblock magic number 14:11:25 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x5, 0x0) 14:11:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x80) ioctl$CAPI_MANUFACTURER_CMD(r1, 0xc0104320, &(0x7f0000000040)={0x6b, &(0x7f0000000480)="cf315b4e27a75ee76c9ee4561e1584f2fcc8f02050f1e6e5c7e922af12a1e7f64eedb46ec19e23e1a3b48f84885f1d12f93817d7df5e1c5af9d97a91e666aec1f2b548886f8c44240acf76b4a49339534f075beaf77e6947144096a115848706fd846f7c746df6caaf16d4ed1fb68bbcec6f137d028a6943ddc2465e4d48cc910f825f7f27444da5aeab0d14ba2581acacc565de0c5610d3505cd357c52dfa318461500637293684393454a6c72ec55ad787d27369c24fad7c804c8f24af1a2227d461b816f4f5e28cea7c84b403ed90d093e37296ada0eb2cb9ec06159bf5c9e3b5a64ad1a94dad50bb68200c0f1dcd6b00ee015a645c968f42644a39bfcb7f2e64ee97ee32d15bff5ccd341cb5312ff4fe43cb612f9b631d018c11864efb43fcd86a41f15e94089d4351f67b6ddbe7035751a0da4dd765c4b4dc8a379680a17512d1e3562136a44d50430510a61ce7d34a6c373cbe1179d103307840ef01b5dbf3dcaf9a686275b6dc873468dfd3796e37206b0290841f7e885987934f15775122d14bda4b0b80e52da22407fa6632ee91b8d1667414eb72714f869841847b291d494eba41496e1b391a6a806efb6177bc632c3443568aeea1e37814bce6837e43a9d550c3cdab27f2ae22b0e78e5b8b26c138188f2f4af879cc83dc74534e48cb64675ebec62fbed096e11598b2fedde706391e7c71d4c3c6e917a2973350df35e8f8336673b240369155801055d1ae88f9d647af7c99f906fc6c510f9fed8afcce1a0ee7fc6511eaa7030e8ec690eebdd4e695fb6edc9df688585ad897dc16806dfae96669460ea754a102d2d54e7188d85ccd24b8fab545f7ef380fc1ec192f9893df9aa67e18b6594e8dc5e2fe7ecc142da1804d295fd88b9ad650d5216722a6e10a267128d40e0ce2e7b0610faf68fab0aaf7a6055a5fbf898ab5bc59e8361a285eaa991ebbe826f41ad294d383840741cd24895daeb1db30ef0774f8e6e739d7992a0e05a1c28e032f9f78d3f292c1ac60ba06ab6e6d50fb6b7d799ddeeaa6e97d6535ddf6068e87a95d200013ada970bd6f91178b91285b0f10c936602ded3e635501aa09176cb14668f20ad8b2a951bb8213ef338dc5b5059b337ca50f4110ca3d910883768ab06f3fa06f806e6e65c7aed3291ffef1bc9e0357a9459508a590e2a8be980617956777a602dd0482c75f46fcf88873f18d61cd5103b3601fc68f9e80b756837a14a4693eb5ea5cfaf9c37afec37fa4c7e09d8908ded6e80d058b3589ea6db0cf0707b137d978b8c3802fe18c35ddb09944796752d721814c51d2e19bf4569d65d02fa79d90a3546e56e66f246b21ec6067e31b8870c66034a2aa2f9a403935e5430fc281e33006533b671e4a8c8efb4921524417c9f6c3dd9cf76b3aebd8119258f6d2af672f96bc0c5d9151a74f458d27c92dd84a1e5cfb64b207ddac50a6fca8ca0b7141f3c35a2182b9e0ef4cec90816d2deb704e8187f914882e3be2e2b0769d94f6bea36747599ff9878a8250f96625c38de83ae5d6cd238ede92fab5e00755500234904cce262201b76b84821eb92c9bc78538c5fdb52dd2f93d2f1ac9729eb69eff8cac3667760c3779be52efcb234356c9b1b97708e1bfe010ae26a7d56e6419f69cabcfa200fa1227e1f50929e09e8e4e5ae5b3ace699279bdd31529b164eb6c45ffade19768adb51394d8c9ddff093b6bf3ce84df08ced3c217b3aee2cc51a073cda8dd622f758fa19c5d0bb93e5e4e806d6e85d62d9461e9b9bdd30d2b453c632f07388939e71944b989a1c0db32b989e49be1ab7f6af0d8f7639a7fa5e015cce269ec8893c648b5d2bd7ebb03f0357292c9af34c90bf81b1daf0bf20e600dd020f2ee8b31b349ca932de1bf31632d4a94a50c4bfd4d77e9011d8a3c445c3a095e456933cb5a56a242211ef171f8762627e8b327b23acc182f13365221ea5a037e117b83841c22ccaf4d0ce0dd233440ecdbc01a40714bbf048025e0ac4b3d737201f3fb7b5e9ff0ea0e346d9c50d5f8ca4516085a8b8aa2df88a70a186a16c52dcad12f3e392b00ecebfb36967526a247fc06eb8f64231d4b36231071da67e13b936abc8ee4f6de1e95bd87834a4f1f049e0190babe2c5aae8ccd76dcbbf5ca1c956173fee0f23cf34e05698248b75487f4245692f92c731b068cac3ab43cfec0c9fa58adc62d1f9efdd1dc382cec8bc03c848f8237c9dc1436ee7ae3222335e7c680211961d4d7cfafc420438b0f6a0e0ab2554ee060dae3c8ad4eea37d616b6556ae56117c27c31e38a1d09c8fe2fd9148089a1962f51020cbdbfa89607a25bc9f0deb5b12f8ae1273a1920d8ef422bfdb2c41667da40f7a6b6d620491d6ab56275cfb2c91970ceaaf272198aceebc0ded43cd9547e3b4eea73997dbfa9eab5acb73613c143d2c4cb2b70b690cda314f92dbe4ec20c1cad8415e6a0867de165ae6377aef700083c37f86745ee658388ac2176ba8fffe9389bfc93c922b409cc0ebe1131ed2c3bbb412ad76fc191a4254763db16789ec5521d0f6a44fe8eb6f2698b8d04480cc15be4e48ba5762020bd45a90317818834c34de09e2dd8a0ba349d9eb40501d956291ff02cc921a280946d9cadb58b5b8e95a2bcef658fee3e713683ec4c58252a5485898871a3c1baa29800ea5051f0b9dfdc532ffd2f95e089b5ad144ffa4c020e70c7b1afee189a7c0b0ec9daadcc3d39ed1948793ea910350a78f47750327d6ed965f8395d93b20fc1be731d2aa22a8e48d736de53842d213a12af872ff6b06c6debf581e3d5d1c378d46960dfe962f60b1d4d6b10943bc4907ca1da619ebb69aa74e309d4c76abd35c8b3e8fab604986218a4a28351e7857c979cd54a80d9e77cf988f49f1b7e5ee20718accc900bc4624b33317686cf7f0666921431798ba15d5395ef6b90c6a309450ae1275548077f0556561d575bc417f237f81e5fa6da70c563e86ce7a558363e5972216c87e2f686dce8ceebbf2605e19b9ea7c84edc9b0c4f382cd47622959d16e568cb4020e131c43cae928284ace0bea07d619fb7b1a89b5ce9ab562d0e452f5c19c65038fcfbaad3d323f050fc2c283bbf859becfe0d5cc38898a71af76fb7d4e82b16361c2840301f644a077aa71f8adfa6e40e0855d10fdc736d31a1b3c435b67108cd1a2d848b8996319bc4478a1a905aca9a20243e165a52b03977649309a4b286521080a53c274f7cdd33057b7cf26b74af9ae4322f716f22b669a960f14385dfc45b0667389e89d12b06181ae9e09f64c6efd301c3ff29abb89cb4b564204e270fb733f41c6d5d06751670f401f12f91700fe65b34cb90e007e58ebcc7e7f79832c7148e869c76b3a416476036ae6d27c90dcde69e8a63110689e0f8043d6d1a6bdbf5514db6d3d6efae12916ee22a1735156cd74a5cdf4fd83da0083038b234dda84fd663fda3dff3bbc24a31357fff603929c4cc8663c86dfda9e1b3874e1b3ea9dd72ecb1b709edaee3ac100a027fabbf9499f3f1ca16e21854f7718b9986b06138530095bcfd22dec603be81b88f8984dbdd72a424123caa8e2227e6cd84a7a3689d6cbf6a97bab27bdbe34c12216fb818b9f2cfd95f3e8ba622a62f2ce9bd76c1b295b39e905cd9093090f803f23da040885b1e604d49ff6f88fac353956fe42d4e12683aee3c353e8f16f2dbb7d174aa4dd8d3c81a4c3dca69eec7f5c7f398a488de96a3266c9f8253f748b1df052c40092d921ac5a5bb2ee42cc6aa218a1440ff5d1549e2176d2c05298db91e77bf61e4ccee8d76d024b903c8b42a31963a6bb2f4a1b89357da7598169fdf8cb5930c28335ba2fc162215346badbd52e5e7060283b84589ce4f8948897bc61aa64af9059fb127d9af8ab5c904db5a3350dd83d14886845eb3c2d70574e31b513868fc853cabfbda0b680e122d74e1f18c753fbfa09694850e68c2b9d1ad82ba82a5003c160566859f2a7a50c40e52583d880848d95719e0c9e5ab31024d032af21357d18f0910d032109d4ee71200c10c5b34dc11e1400c0191898a19458dedc5841233987528746590c84833d9892dc85219e6651850a54d41b9476c4a3ca552d7dad40a3db96980060073a78d18863a0b9388a7a77345dbbdc608d4cc2b71016d1614fe86c1027edc12802577b4c8d5abb38e4219e5028d5128baf4f845aa317c85908e8581b078e6873d701e280243ca2192c4ba1f47026d924bd2d8c58660a3dda49cf6d95c13bf379d75f69621e69b9c36cc63880787c21c24ab3ef28f48cdb4ce3e27c65c9c53db173e2717e8f9783f6082e08bef95cda23f479d64423ab63a0c46045ef282b84a76311fb8c1546027eceddd1f542482c68a5ac68e0e17c221fc3aa36dfc092eed1cbc9bc3c38c3a6658774c0633bf08244bc0af918a55e828a77035f38ca68fb3a170e6da25913e218ef2f30ce326d17cbb9455fae8e5e11c0ca64e779f20f3645f668933fa1c249a608798ce16328946917bbb7f56267a83eea717e4cd354b46b0cc28619b553eab287d3964fd37bd5b3983012f864d8fe98c521a24214057bb0772fab04942d605642721abee5ffb4a8e8631ed2d3e93d34f34df8fb4f22151bf127cfa4f9aa1a33ac9d6d8e0b93fc4512b3f150dd15880691559ea683c30c5e4d8d56088c9a470a96fe6bb2e3701fbf1a70da3dd8c05a072cc25dca211ab021ddd04e05a3930c8cdc49b9e2d421bf0c3f2072a6f0c5d75b7ae05a6bedeea4bcb55b509eeeb9b936a82bef211ced024520fd7fcfc2c88cfa304632601abbd1a41c0a2912e0f9597d94e14cb01e57949855ef3916cda916a47946988ac0d913230c9f6ae2870fe29e563b02f4174dc34669c69a4260d73f62979a8790036cfc83da37c7c8ba16b56a5dfe713e65ebec550064a06272f777233ada5adda9e00059f031c3ef7e867665ea4b2bf7172f99f1741bf9003211dba0fa1e09b3bf4607ef20b9eb81738c21c8ae6a8255b72c82a268b4dfe0bacb0b6a1b18ad957bcdbcfe9c8d007faa994d6d2830a5c67c954fbcadd2e7f92055f450f3ef1a73404be3f6c0fdf1ff7a7ad98652cdb7cdf0fa3f6d4e6929b410e06e555c49de7b1ec79a976ca882910faa884322b361d2e80fb0ef70a584442ac9069c192491b8e7599f7528927b0e6746be942839052cbdf4dfc61df34f4cbd44991eded9d174dca2fef8aa517b4f5ccf28e4814a3cdad2ec42b8d0757f4b5fa92fa6488c1bc386061f8e102503d306073dc6d757fec28185b1b88dd44f6d263da12c6ebc373ca7602604646e06f975541066536aa88d4bc1acb99e50e0524d8f4741c9d2c41e074e748f59085b9bc27bb8e41a87ff6cdb53af1eaad7ae4ee91ccb0b392cb655a96b988f65eece9533a47e933db16881105180542fae866457a932138ecb73b9cbf745c7eb58d77b2781ab36c30eaeff73f5f4cb5adecfc4e8b7aeccd44bc907f0061631951e0e235f2b141af2c9d8e90e1a0dac4b5df960a698b01a98c05ae496f56dfe7cc6ad10df72d49d9b84d674280718bae602cf54cec14deb56850326466e15bc976cf8f2e0cad0756797bca5959caf3d181cf76c14332ba3c5dcb629c877a9f71320136d0519e0d7d238ae37b1894b3f8b8ff5c59c92026d0d09b8187e5329cdc3b7e730667fba360eba6d55933cf87cf39e84d4a38cf989adebf568675ee4b958093267612f2e9d7dccc6dc6bca94dd56f44bbc7202de4f7ea21803d9d8d78a55729f69659e86280aab6b1b4196c198f30550408cabc8b86d988f12"}) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000280)={r3, 0x0, 0x6, 0x9, 0x101}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:25 executing program 2 (fault-call:0 fault-nth:3): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000006c000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000048000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 800.351118][ T1978] FAULT_INJECTION: forcing a failure. [ 800.351118][ T1978] name failslab, interval 1, probability 0, space 0, times 0 [ 800.369410][ T1977] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 800.373588][ T1981] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000004c000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 800.405726][ T1977] binder: 1971:1977 ioctl c018620c 20000440 returned -1 [ 800.420937][ T1978] CPU: 0 PID: 1978 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 800.430023][ T1978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.440255][ T1978] Call Trace: [ 800.443560][ T1978] dump_stack+0x172/0x1f0 [ 800.447898][ T1978] should_fail.cold+0xa/0x15 [ 800.452489][ T1978] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 800.458292][ T1978] ? ___might_sleep+0x163/0x280 [ 800.463144][ T1978] __should_failslab+0x121/0x190 [ 800.468082][ T1978] should_failslab+0x9/0x14 [ 800.472580][ T1978] kmem_cache_alloc+0x2b2/0x6f0 [ 800.477427][ T1978] ? rcu_read_lock_sched_held+0x110/0x130 [ 800.483140][ T1978] ? kmem_cache_alloc+0x32e/0x6f0 [ 800.488195][ T1978] security_file_alloc+0x39/0x170 [ 800.490801][ T1981] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 800.493220][ T1978] __alloc_file+0xac/0x300 [ 800.493237][ T1978] alloc_empty_file+0x72/0x170 [ 800.493255][ T1978] path_openat+0xef/0x46e0 [ 800.516254][ T1978] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 800.521460][ T1981] binder: 1973:1981 transaction failed 29201/-28, size 24-8 line 3148 [ 800.522052][ T1978] ? kasan_slab_alloc+0xf/0x20 [ 800.522070][ T1978] ? kmem_cache_alloc+0x11a/0x6f0 [ 800.540036][ T1978] ? getname_flags+0xd6/0x5b0 [ 800.544706][ T1978] ? getname+0x1a/0x20 [ 800.548779][ T1978] ? do_sys_open+0x2c9/0x5d0 14:11:26 executing program 3: r0 = request_key(&(0x7f00000002c0), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000000)='/dev/binder#\x00', 0xfffffffffffffff9) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000240)='id_resolver\x00', &(0x7f0000000280)=@builtin='builtin_trusted\x00') ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x20000000, 0x80000000, 0xe, 0x5, 0x101, 0x800}) keyctl$clear(0x7, r0) r1 = syz_open_dev$amidi(&(0x7f00000002c0)='/dev/amidi#\x00', 0x400000000006, 0x8000) ioctl$KDDISABIO(r1, 0x4b37) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x1, 0x0) accept4$llc(r2, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10, 0x0) ioctl$PPPIOCGFLAGS1(r2, 0x8004745a, &(0x7f0000000200)) [ 800.553363][ T1978] ? __x64_sys_open+0x7e/0xc0 [ 800.558035][ T1978] ? do_syscall_64+0x103/0x610 [ 800.562832][ T1978] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.565142][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 800.568907][ T1978] ? __lock_acquire+0x548/0x3fb0 [ 800.568921][ T1978] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 800.568943][ T1978] ? __alloc_fd+0x430/0x530 [ 800.590968][ T1978] do_filp_open+0x1a1/0x280 14:11:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000074000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 800.602520][ T1978] ? may_open_dev+0x100/0x100 [ 800.607291][ T1978] ? lock_downgrade+0x880/0x880 [ 800.612241][ T1978] ? kasan_check_read+0x11/0x20 [ 800.617105][ T1978] ? do_raw_spin_unlock+0x57/0x270 [ 800.622222][ T1978] ? _raw_spin_unlock+0x2d/0x50 [ 800.627095][ T1978] ? __alloc_fd+0x430/0x530 [ 800.631608][ T1978] do_sys_open+0x3fe/0x5d0 [ 800.636152][ T1978] ? filp_open+0x80/0x80 [ 800.640399][ T1978] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 800.646344][ T1978] ? do_syscall_64+0x26/0x610 [ 800.651033][ T1978] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.657103][ T1978] ? do_syscall_64+0x26/0x610 [ 800.661794][ T1978] __x64_sys_open+0x7e/0xc0 [ 800.666311][ T1978] do_syscall_64+0x103/0x610 [ 800.670896][ T1978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.670908][ T1978] RIP: 0033:0x4121a1 [ 800.670922][ T1978] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 14:11:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 800.670929][ T1978] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 800.670941][ T1978] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 800.670948][ T1978] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 800.670955][ T1978] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 800.670964][ T1978] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 800.670972][ T1978] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:26 executing program 3: r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) signalfd4(r0, &(0x7f0000000040)={0x1ff}, 0x8, 0x80000) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 800.732066][ T1994] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 800.743837][ T1996] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 800.779992][ T1994] binder: 1991:1994 ioctl c018620c 20000440 returned -1 [ 800.799910][ T1996] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 800.817594][ T1984] XFS (loop0): Invalid superblock magic number 14:11:26 executing program 2 (fault-call:0 fault-nth:4): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 800.863105][ T1996] binder: 1986:1996 transaction failed 29201/-28, size 24-8 line 3148 [ 800.863195][ T1989] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 800.891619][ T1989] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 800.908151][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 800.924280][ T1989] binder: 1987:1989 transaction failed 29201/-28, size 24-8 line 3148 [ 800.948499][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 800.948909][ T1989] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 800.964636][ T2007] FAULT_INJECTION: forcing a failure. [ 800.964636][ T2007] name failslab, interval 1, probability 0, space 0, times 0 [ 800.979730][ T1989] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 800.985422][ T2007] CPU: 0 PID: 2007 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 800.998214][ T2007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.008265][ T2007] Call Trace: [ 801.008288][ T2007] dump_stack+0x172/0x1f0 [ 801.008306][ T2007] should_fail.cold+0xa/0x15 [ 801.008324][ T2007] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 801.008343][ T2007] ? ___might_sleep+0x163/0x280 [ 801.008358][ T2007] __should_failslab+0x121/0x190 [ 801.008373][ T2007] should_failslab+0x9/0x14 [ 801.008394][ T2007] kmem_cache_alloc_trace+0x2d1/0x760 [ 801.012357][ T1989] binder: 1987:1989 transaction failed 29201/-28, size 24-8 line 3148 [ 801.015990][ T2007] ? wait_for_completion+0x440/0x440 [ 801.016007][ T2007] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 801.016025][ T2007] snd_card_file_add+0x51/0x380 [ 801.030829][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 801.031224][ T2007] ? mutex_unlock+0xd/0x10 [ 801.076742][ T2007] snd_pcm_oss_open.part.0+0x13f/0x12c0 [ 801.086659][ T2007] ? find_held_lock+0x35/0x130 [ 801.091434][ T2007] ? tomoyo_check_open_permission+0x1b1/0x3f0 [ 801.097539][ T2007] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 801.104048][ T2007] ? soundcore_open+0x39c/0x610 [ 801.108895][ T2007] ? find_held_lock+0x35/0x130 [ 801.113659][ T2007] ? soundcore_open+0x39c/0x610 [ 801.118522][ T2007] ? kasan_check_write+0x14/0x20 [ 801.123457][ T2007] ? lock_downgrade+0x880/0x880 [ 801.128313][ T2007] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 801.134124][ T2007] snd_pcm_oss_open+0x41/0x60 [ 801.138801][ T2007] soundcore_open+0x456/0x610 [ 801.143477][ T2007] ? sound_devnode+0xf0/0xf0 [ 801.148057][ T2007] chrdev_open+0x247/0x6b0 [ 801.152473][ T2007] ? cdev_put.part.0+0x50/0x50 [ 801.157234][ T2007] ? security_file_open+0x8d/0x300 [ 801.162351][ T2007] do_dentry_open+0x488/0x1160 [ 801.167108][ T2007] ? kasan_check_read+0x11/0x20 [ 801.171950][ T2007] ? cdev_put.part.0+0x50/0x50 [ 801.176726][ T2007] ? chown_common+0x5c0/0x5c0 [ 801.181398][ T2007] ? inode_permission+0xb4/0x570 [ 801.186335][ T2007] vfs_open+0xa0/0xd0 [ 801.190308][ T2007] path_openat+0x10e9/0x46e0 [ 801.194897][ T2007] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 801.200703][ T2007] ? kasan_slab_alloc+0xf/0x20 [ 801.205464][ T2007] ? kmem_cache_alloc+0x11a/0x6f0 [ 801.210566][ T2007] ? getname_flags+0xd6/0x5b0 [ 801.215288][ T2007] ? getname+0x1a/0x20 [ 801.219352][ T2007] ? do_sys_open+0x2c9/0x5d0 [ 801.223952][ T2007] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 801.229327][ T2007] ? __alloc_fd+0x430/0x530 [ 801.233832][ T2007] do_filp_open+0x1a1/0x280 [ 801.238417][ T2007] ? may_open_dev+0x100/0x100 [ 801.243102][ T2007] ? kasan_check_read+0x11/0x20 [ 801.247945][ T2007] ? do_raw_spin_unlock+0x57/0x270 [ 801.253053][ T2007] ? _raw_spin_unlock+0x2d/0x50 [ 801.257895][ T2007] ? __alloc_fd+0x430/0x530 [ 801.262407][ T2007] do_sys_open+0x3fe/0x5d0 [ 801.266825][ T2007] ? filp_open+0x80/0x80 [ 801.271065][ T2007] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 801.276513][ T2007] ? do_syscall_64+0x26/0x610 [ 801.281193][ T2007] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.287277][ T2007] ? do_syscall_64+0x26/0x610 [ 801.292042][ T2007] __x64_sys_open+0x7e/0xc0 [ 801.296555][ T2007] do_syscall_64+0x103/0x610 [ 801.301145][ T2007] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.307031][ T2007] RIP: 0033:0x4121a1 [ 801.310918][ T2007] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 801.330515][ T2007] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 801.338920][ T2007] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 801.346883][ T2007] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 801.354843][ T2007] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 801.362894][ T2007] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 801.370856][ T2007] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:27 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6, 0x0) 14:11:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000031f00000000000800080003000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xb88f, 0x200082) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000040)={0x200, 0x4}) 14:11:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000060000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000007a000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:27 executing program 2 (fault-call:0 fault-nth:5): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000068000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) getpeername$tipc(r1, &(0x7f0000000080)=@name, &(0x7f0000000100)=0xf) signalfd(r0, &(0x7f0000000140)={0xbef0}, 0x8) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_SUBDEV_G_CROP(r2, 0xc038563b, &(0x7f0000000040)={0x0, 0x0, {0xff, 0x3, 0x54, 0x2}}) bind(r2, &(0x7f0000000180)=@isdn={0x22, 0x40, 0x0, 0x80000000, 0xfffffffffffffff9}, 0x80) ioctl$VIDIOC_DBG_S_REGISTER(r2, 0x4038564f, &(0x7f00000000c0)={{0x7, @name="017d731ceb821543fa38b7718234e38033e76912f6972f21f47add7e79dffb54"}, 0x6, 0xffffffffee159eb0, 0x77}) [ 801.842948][ T2018] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 801.853018][ T2020] FAULT_INJECTION: forcing a failure. [ 801.853018][ T2020] name failslab, interval 1, probability 0, space 0, times 0 14:11:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000100000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 801.925769][ T2018] binder: 2009:2018 ioctl c018620c 20000440 returned -1 [ 801.937071][ T2020] CPU: 1 PID: 2020 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 801.946291][ T2020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.956351][ T2020] Call Trace: [ 801.959737][ T2020] dump_stack+0x172/0x1f0 [ 801.964085][ T2020] should_fail.cold+0xa/0x15 [ 801.968679][ T2020] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 801.974498][ T2020] ? ___might_sleep+0x163/0x280 [ 801.979353][ T2020] __should_failslab+0x121/0x190 [ 801.984289][ T2020] should_failslab+0x9/0x14 [ 801.988790][ T2020] kmem_cache_alloc_trace+0x2d1/0x760 [ 801.994182][ T2020] snd_pcm_oss_open.part.0+0x577/0x12c0 [ 801.999739][ T2020] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 802.006246][ T2020] ? wake_up_q+0xf0/0xf0 [ 802.010510][ T2020] ? soundcore_open+0x39c/0x610 [ 802.015357][ T2020] ? find_held_lock+0x35/0x130 [ 802.020125][ T2020] ? kasan_check_write+0x14/0x20 [ 802.025068][ T2020] ? lock_downgrade+0x880/0x880 [ 802.029925][ T2020] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 802.035733][ T2020] snd_pcm_oss_open+0x41/0x60 [ 802.040417][ T2020] soundcore_open+0x456/0x610 [ 802.045105][ T2020] ? sound_devnode+0xf0/0xf0 [ 802.049697][ T2020] chrdev_open+0x247/0x6b0 [ 802.054113][ T2020] ? cdev_put.part.0+0x50/0x50 [ 802.058882][ T2020] ? security_file_open+0x8d/0x300 [ 802.063993][ T2020] do_dentry_open+0x488/0x1160 [ 802.068750][ T2020] ? kasan_check_read+0x11/0x20 [ 802.073603][ T2020] ? cdev_put.part.0+0x50/0x50 [ 802.078365][ T2020] ? chown_common+0x5c0/0x5c0 [ 802.083042][ T2020] ? inode_permission+0xb4/0x570 [ 802.087984][ T2020] vfs_open+0xa0/0xd0 [ 802.091963][ T2020] path_openat+0x10e9/0x46e0 [ 802.096550][ T2020] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 802.102349][ T2020] ? kasan_slab_alloc+0xf/0x20 [ 802.107110][ T2020] ? kmem_cache_alloc+0x11a/0x6f0 [ 802.112136][ T2020] ? getname_flags+0xd6/0x5b0 [ 802.116819][ T2020] ? getname+0x1a/0x20 [ 802.120879][ T2020] ? do_sys_open+0x2c9/0x5d0 [ 802.125478][ T2020] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 802.130854][ T2020] ? __alloc_fd+0x430/0x530 [ 802.135354][ T2020] do_filp_open+0x1a1/0x280 [ 802.139853][ T2020] ? may_open_dev+0x100/0x100 [ 802.144543][ T2020] ? kasan_check_read+0x11/0x20 [ 802.149478][ T2020] ? do_raw_spin_unlock+0x57/0x270 [ 802.154596][ T2020] ? _raw_spin_unlock+0x2d/0x50 [ 802.159444][ T2020] ? __alloc_fd+0x430/0x530 [ 802.164041][ T2020] do_sys_open+0x3fe/0x5d0 [ 802.168455][ T2020] ? filp_open+0x80/0x80 [ 802.172702][ T2020] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 802.178175][ T2020] ? do_syscall_64+0x26/0x610 [ 802.182850][ T2020] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 802.188909][ T2020] ? do_syscall_64+0x26/0x610 [ 802.193597][ T2020] __x64_sys_open+0x7e/0xc0 [ 802.198107][ T2020] do_syscall_64+0x103/0x610 [ 802.202704][ T2020] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 802.208593][ T2020] RIP: 0033:0x4121a1 [ 802.212483][ T2020] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 802.232088][ T2020] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 802.240496][ T2020] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 802.248723][ T2020] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 802.256689][ T2020] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 802.264655][ T2020] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 14:11:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000006c000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 802.272718][ T2020] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") socket$inet(0x10, 0x2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:27 executing program 3: ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000040)={0xd, 0x1005, 0x0, 0x81, 0x1, 0xfffffffffffff4dd}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@multicast2, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@remote}}, &(0x7f0000000300)=0xe8) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000340)={0x2c, 0x4, r0, 0x39}, 0x10, &(0x7f0000001580)=[{&(0x7f0000001640)="49654e6748e0b7b67a8f82ccb16dea71b75e5298a8fbe6f1c95d9e18caeef481daaa728c0348b6a3b69ee681fdd1ebc9179cb355ece6ec0d2317ca5683f548a5a0024d9487852b45c14748a0180e1873d4370677eb99259b82c2bc", 0x5b}, {&(0x7f0000000480)="1465fafe8b04a05a02bf864071d5c1d9348e72354b43a6f2f41ac4b5e76ecef2a08b1cc55d06294b06a5173ec23a807d6760ea650c9f6e6091d4a39becd2552bbf0af0c5e9f5d4a14005fa186620eb4a46e4fa4cb8de9d900c8317b3fdb26c726fc409faa8ccdfd2364f6df6fca786dd37f039f9243401e3cfec133ea3ff5ebda3e8193be143dee09c06fcde95e0534500b3d92a624c0884567bd56bef13858b33ef504781914a80944d9a690a7ee159cd123438892731213dabf93ccd03e837b3d1aee4b38a366af08080b6913261280b0a3b64971fd6f014b8b12452f0b46b3ee99cf837d5c6921d0c547cd87a8bd021503944c045e75445d8e234ef2888682022f9ab72bce2f84efdf33a495963eca78881e581a0479b93ba3109755456f5c19da168cd7a659a6cd2983d95e2c36eb9589b2a76684bbcf27c88f7886b7e318911b26939e4b80c0a9cb91a3c473f72840487a1702271b8c35ab6aed16c055b8fbde92b193da28338dccfd77ad9b58141defb6085bb5a1ed0d77a4238430231cfa198e7d2f475d71299d14837c3634283c1bed99a7626ca92f45b18246b2699a63d8c887dfbc758f93b0999f7beb6d81a5aaf575fff1e83385c71ec5ed724fc1c9d9ed9ed896bc58f78f6304ac7f6079b48368d280b9cac02707081432f2b4a0e502ba05aa00db79f78adc5e2488792a062540869e45a47e3c6b08f739e168e2c6ab587ac09259e0bbf676400a19672dad7804b441bb7c9e9185a91521347586d8232f37184e9fd3e4958178b722641bed83a54beb96152a790ea639418d80c135a5be9befded7702b3c4d198a17a96a55d48b9e0247edea78d5e7693277253d87e0313a5117d74784a9a278492453ae902f2346fbf2f979dfc92b64648cc560d5ea45866ae0760c3e8153d7cb9c06992b906a487415507acb535bd1a8cee224c7387a8ce6e1866d08d0cc23910b56d7da18a44661a8bd3db11ef074c6430259d245458243fd154d3a6536e94e4b55cec5597c30eef6c3ab1a2b69930a9859aefb48318d106eb39b3ff4e056196742cfde77b8dec6325633274e49dd967d3ba82f1a9d699b465ef947d30bb0d55f7e4a060a23faedd2a634a04fc3567e9d8494388bb34d67a85a74a6acfecc4b43c5362a9e6ca124875feb5f06dab0740dd642a5bd17129844b7f5efc0cc2dd1fe8f95c4d9f1c2ea652324fe4e7b3f9200a9ab89f08bb75c31ccddb9bc7a7cff7131adc596484b4ecac102fa9540f7cda8806d78b6bc0afd55a9b6a363a279909b685afa8881ac1b26bfadd4ce09ea9fbea497a44233f893f4d60a366cf72055aff7327d414f8cb4027dcc0863bdd2e3f6b452a67cda382099ec4b0abe96ae002e572039884da147e5da22b4ee88cb1961584fd853d69b884c67ed483eaee5c93eb085cae8e1d8ff8d17e2d0e187370882f1b698970f989b3bb1f9f3b0edb5b8f3fed15324909d5b7379e4c066a8e92325114813f3a8fc81aa2b9db403546fc5ef173917916e43f73268717baeb131bf0fe4aa48d49416b2000157663b650f48ed37ec77f633a5684cc2f450f8b8060f4ad156412d44b2554455df2b749e8548f92e47139ea4cd62c8d06e5362d19bb1750819c0e4dd6099deaeb5a88c0df82a21b47df12df297a1028022b5499cf3f7115cae00a914618af296dada11d783f23928fa7c3fd0463081ef4ed02dc639978aed7f22be7ba0948b59f275baec070747955471d9b3d63b1a13bc142622fb2ac59f2d0a8f1eb881bdf218b408c654571ffa73e0429c4aa0e8b73330941057b4bb6387ce3565d8ca75ea10b39d0518426f6adbdf4ced714148797308f425b3f8cb5dd116a8a6d48a70b0b449f74fe72488f3e691903487f3455545c92da65f081f9e1281592e7eb2bacd98666bf4da9901cfb321f1b36a49083328a5b008fb7c749566f7155fdeebc7461ac75cb99d558d84e75075183284fb78f62eeecb1d22dd9d66c2c6ec1c65bd3d770b522f1cdf76ab22a83d9601f7f9ca0dbc834c81f600745a2b08409aec68f87fe381677ee286b71177f27c0ed6ae179529555179949bd4a2eaf7e72c780d5fa90b5aaac5bac928a3157af9ba6b559e4497b6b2a9af87a51e0b3dd4a12bd4d0b71fc69fc386932089b58c3b39ef315bc6d6bde356030bb7aeb6144b304f86e2fd9037b475f7bbedd0d91dc219db3831f274717ff90ef6c21148a9750e0b2d937421af9235d24feb97696449eeba54a36592d2c259587cc8dc4a683bbcc46b329d7468137f9dc8a558fb63221e0bca9d9e89fd930d6d9ab8585a219a4e95faf236e98365c1ef7b55e88b97a2ab5265ac06717045ecc276d598db096199eca0993d09735e910c3a06a508310ad34ede3eb925cc83ee1cc410e4074c444801f94130391182857f3decec506eada8e7bf5d5968ab9776b9c3dd083ecca4c1532c8d3309c7eaaa62c2d2e8419fc559e5586bb30bdce65c4ab2e2e997e2db93990a1b46d0a5bedcdb5405a63c0dc585b3abf795f0bcba96e4e3313132d9fdb62c861c35e8be41e59f2c0623de965a7bb22ec5c31b66715bf0d53b109f44be56a5253ab7ad60787730945b43eb0c7fa0282ee9a79a449acd0b717ce616882ccbacac6d577e5927197952f0a91ee6a2dc957b9e633194cfc82af140739e613bec93e5db513b8f05d57cd86697953792db971f6e0b3b1f475e8d3d4c7c81226c2d1c0319e60db1577a65b66d67390f8164ef31e6525aafc256a09a4c87fe26bfbd8e1c76a5152aa72cefec7732e5caa68d504511e6e0421d0f0a1494e3f1a04d99602dca14b62248ed043eab3d7d570f29bccc12bc21c4e50d780029a5bf2dbc2b1722df77053af9c5c2f5e58b272de4c38d5317c7ca1d27b4ed4fbe30be7ca8b1eeac1beb17683bad1d9bf4a923aee8c464441b358b3a27e68163def12bc5b2d28901c7d11dc63c2c251988408b890f29bc4379c26e500a180ee5b26671cfbdab84f8d5f96e3a1821503bfb326241b20c0d0873441561bf3a1530f1b6cd5a16f25388793eaaf60ac77418d21981508b1724d5d85fc2ab8814dc3ee9bf311a35adf93a839faacd4519ae68d4a5d0cb112681cf78acb8c01abff72e82a7df64bc45c011df6aca6e1f501f55f347fb2044bb882bbaf092a82814b7a844d16470194c88528c0b7a4603fc7a5ffd108b945b9fff1c244b84fc0f0b63d9d78636eee0ebda55f92c2f7055e1477ea521d6ca010b0945dbf53399191689e3e9ecd76b75e6ccde8340e95ca2a6e2da3c0e9f6c2580713bf58496bedee560eaa43375d8603be0f187250d65d49aa9645c2080e11fa83ae4c4d3adf41276df07f31023572ca823c78a5a681d3ce57c048bee64474561577c8ed6b628c0fd04816d3e1c6007de92193e5c0267474e662b64d04d27d5d911294b94951c51fbacaf29616e4fb7203c5f8d85b04b12b8b92782d4bbb0ca5dccd2d22de4458a509b2b5eeb2e0d96bdd2ff16f705efe99402e7c7a18e824151c15e8510ff9a264a516fc981a9271cd891537ce68fa88d94ed2e3fda09075ba05be66db71ab1949139c6cc8e42e7c177930902220cec6664c1c1410085b843c02dc0a853dbf1d7068b9406a35886879f178ffae12feab608f30126cfb77df8d63bdec56392f66bacbb77ce3dbeecf585ae3b40abb6df9be3241c18118a74f22cf803ada8f9e2734c9ac30a0b5e3d1c26cb0a6bca1ea7c9d57cc4831a4e182aba0b3b9f54679fd21a253a353a5b0d09241d7357a63ee1c5de99093a90ecf5246c12ad5ec9863a4dd8b2351c90a5fffa5edae8fa595ac138770524ffa4fa7d697373b621ebd5ca63219e6b8df494696c4f56a2dc4057fc66ea8c865dc12ce009a3c646433c58b51a0ec4f49e94fb9574a4ea3a8d20170a51aa5323795ae2344e41ae79b34f8207bd69d3c6dd70f44ea554daef8608845fdb430a0e7cad59540e43371bb5caf2179c5d8354691065420e03e1fd3b72b1fb51e66c7edbf1d39d320fcac2808d9947ff6da137d28b4fc0ca7128b7ea4fb9a6f2d5fcb89849c20a7ce4a1d286d5a7b5eb0fbcfb924ef07b60dc72f13fdd294fd3cabb4ff4e0d55f48257c970f9f5337ce53c956a15a85b40ee7889e8c88b11a46b4e46148d496708d7a501307fe551dd726b93d3cb0694d21155d99d25c3f5ad4e73d0e659d71b5a83543afcca85d6d48177f0835130c17259d3afe009a0912afef262a49f23be9cab3cbe589926928e96b6bf9c47a2124beabbcf4924593a003702a39d4dbbcd16e85ce25df223c68f5fe598c94e79a99548aa12bff739aa4c07691569b9921ceac7237bd1d6a4e1eb0667e58e9aaaaf011e1424e02bbaadbbb9f455af5f792a6a3cf52671e3b0ce835a34636008528f075d36347b9103626ecdc9bd111eb829b712667866ef4f15e382cacc946db2193721ffda3f483c20e1aacc0fe0c2807343b8e9d2b450bcef0565f5eb1f34d775cfe5fa567882f7a0940c154e02668d87e9a3ac65e022f7f1cb6f23cb29ef7b19c063ba5a0cebecdf100fb42d14ec7256b7a29290b42cc4eb2a77fba4719b3da9dec633faf69eb502742b4ec0222732b26d130d8da527839db2cd5195b54a4ff351de827139bb8843ef77264a68aa16f5590d1591bce288fe178b5b536ca7adbb730497ec88f29f374e00b2349218f64f40cd830c317d53dfdc65ed21f5b3ff29e0e0315040d7556b4f93cfccc2a168ab493d827858a6b70c4ea7093d3fff19d074b8e09ef8725355e9298d6cf80e2b96732145d16874b27e380c0937952163a37e05c05ed9ef354dc91423b1966903f3fe6b92ba36ef6ab6e6bae013a1e616a05382d7bc8ae06f720e6b2de3ab3c6eab95cb92225f521777976e1f9377b662992ffc2e2a09dbbc671f2b3aac4fc61022e70a80e2c866664b8f0bdf6d5103f328637fd2a58d86c1c127d62cfaf27ef1312b3590a4f4ecd131e7b0c1b9d5cb8373a1e69cf5553038270901146523ffb258cbf7dfb2f01f0d65b55b0afa156f3fe906afe7b2b680d7364d8b5b41ad43c3073ec83e94b70ec873b9c5f13586c3da68a8147d6316d20f7eddcfc792c119719cd41c9e89ea6769e30106536b1464b4b495050dcc9db2e0b744504ba68bfacd30b9d19b3d901c39e3b5cec157bb71b8c1de1d3404c8a21ffe85a12273f0283d4d6aa18192347ed0205430f9b24b41190411129073e6f19d256fda108f731a1181dd49a8499f3aaef2cc42cf8eecfdcb7508cb000db462b48544612c31b22fe01aab9574951959f19feae9f7cf1901df4843e7e5c02b048748f65c1bbf30d17637e14d5286f54a75c6271cc24b2fcaf3c017268c0926ec8d663dfdffc31f63526c164e4b7c174c2204962ccc3d559e1872bc8551eb9eddfe1d756a881ee687c5f68b983f9bde7a6b02ad482fcdddebeca1ce72c335326d103d9f0785135db976477bb5a1228b9970c14c2f657ddc110dc27a578ed74572aa595b2850bc152a590dc1aa96c9ae25b0f8439fa4b74d39b5403451be24302f5487e367035470b1c1f98e622a65821c81fb6373c31726ef511e2d9cf2c16a8ae920b423fdbc54b3ec6242948ae8199efdebcc79184f8e8ceb8539bde8a1bbf390971c5aafc79c17943f964d9c698266e1ed924e98c15316d35f1f6cf44e854ea7bab30d9a8d381df5deb3d6a21baf95ba6e03d670bda64672cab9b80adc6664bc843255006d889d75898caa49eb5b3d6325d45d91767a82fc826845795558d4b3412fd1d81c0366c0007d3c681a5204298e2954d8da22d9", 0x1000}, {&(0x7f0000000140)="5d3dcd229f3c92d8d942224bce1d18d75f16b822049ff8ee60c05bdfe12c172e18abf653c4c179c36095887c8e6ad8b9590a7ff653d760b56522652b541460bda95d4d49855bfd839fe151fb1041f30973e57532f9a30d4cd59d89174a1a6a0d0cc64038919a5fcb2b058430988c253acc26dd29d36e", 0x76}, {&(0x7f00000001c0)="8f122008678267", 0x7}, {&(0x7f0000001540)="9afa56413c171fa34a5cbca557d5fb78bef5d64666ddb16b3955d9725ccb52650ba164678fb4c1", 0x27}], 0x5}, 0x44040) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x40000, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x88000, 0x0) renameat(r1, &(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000100)='./file0\x00') r3 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 802.405249][ T2024] XFS (loop0): Invalid superblock magic number [ 802.442453][ T2042] binder: 2038:2042 ioctl c018620c 20000440 returned -1 14:11:28 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7, 0x0) 14:11:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000200000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000074000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:28 executing program 2 (fault-call:0 fault-nth:6): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000040)={0xfffffffffffffd98, 0x0, 0x0, 0x29c, 0x0, 0x0}) 14:11:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl(r2, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000007a000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28}, 0x10) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x4000, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffff9c, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x4, 0x10}, &(0x7f0000000100)=0xc) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={r2, 0x7}, 0x8) [ 803.072348][ T2055] binder: 2053:2055 ioctl c018620c 20000440 returned -1 [ 803.099845][ T2059] FAULT_INJECTION: forcing a failure. [ 803.099845][ T2059] name failslab, interval 1, probability 0, space 0, times 0 [ 803.160876][ T2059] CPU: 1 PID: 2059 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 803.170043][ T2059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.180103][ T2059] Call Trace: [ 803.183414][ T2059] dump_stack+0x172/0x1f0 [ 803.187762][ T2059] should_fail.cold+0xa/0x15 [ 803.192368][ T2059] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 803.198184][ T2059] ? ___might_sleep+0x163/0x280 [ 803.203055][ T2059] __should_failslab+0x121/0x190 [ 803.208002][ T2059] should_failslab+0x9/0x14 [ 803.212527][ T2059] kmem_cache_alloc_trace+0x2d1/0x760 [ 803.215392][ T2065] binder: 2063:2065 ioctl c018620c 20000440 returned -1 [ 803.217994][ T2059] ? _raw_read_unlock+0x2d/0x50 [ 803.218024][ T2059] ? snd_ctl_get_preferred_subdevice+0x13c/0x190 [ 803.218055][ T2059] snd_pcm_attach_substream+0x3f4/0xb60 [ 803.241912][ T2059] snd_pcm_open_substream+0x92/0x310 [ 803.247229][ T2059] ? snd_pcm_hw_constraints_complete+0x6c0/0x6c0 [ 803.253576][ T2059] snd_pcm_oss_open.part.0+0x721/0x12c0 [ 803.259151][ T2059] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 803.265716][ T2059] ? wake_up_q+0xf0/0xf0 [ 803.269972][ T2059] ? soundcore_open+0x39c/0x610 [ 803.274830][ T2059] ? find_held_lock+0x35/0x130 [ 803.279614][ T2059] ? kasan_check_write+0x14/0x20 [ 803.284562][ T2059] ? lock_downgrade+0x880/0x880 [ 803.289428][ T2059] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 803.295241][ T2059] snd_pcm_oss_open+0x41/0x60 [ 803.300029][ T2059] soundcore_open+0x456/0x610 [ 803.304723][ T2059] ? sound_devnode+0xf0/0xf0 [ 803.309327][ T2059] chrdev_open+0x247/0x6b0 [ 803.313760][ T2059] ? cdev_put.part.0+0x50/0x50 [ 803.318542][ T2059] ? security_file_open+0x8d/0x300 [ 803.318622][ T2070] binder: 2068:2070 ioctl c018620c 20000440 returned -1 [ 803.323662][ T2059] do_dentry_open+0x488/0x1160 [ 803.323680][ T2059] ? kasan_check_read+0x11/0x20 [ 803.323696][ T2059] ? cdev_put.part.0+0x50/0x50 [ 803.323714][ T2059] ? chown_common+0x5c0/0x5c0 [ 803.323729][ T2059] ? inode_permission+0xb4/0x570 [ 803.323746][ T2059] vfs_open+0xa0/0xd0 [ 803.323764][ T2059] path_openat+0x10e9/0x46e0 [ 803.363184][ T2059] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 803.368993][ T2059] ? kasan_slab_alloc+0xf/0x20 [ 803.369009][ T2059] ? kmem_cache_alloc+0x11a/0x6f0 [ 803.369027][ T2059] ? getname_flags+0xd6/0x5b0 [ 803.369037][ T2059] ? getname+0x1a/0x20 [ 803.369055][ T2059] ? do_sys_open+0x2c9/0x5d0 [ 803.378820][ T2059] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 803.378847][ T2059] ? __alloc_fd+0x430/0x530 [ 803.378861][ T2059] do_filp_open+0x1a1/0x280 [ 803.378879][ T2059] ? may_open_dev+0x100/0x100 14:11:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000300000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000400000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 803.397534][ T2059] ? kasan_check_read+0x11/0x20 [ 803.397553][ T2059] ? do_raw_spin_unlock+0x57/0x270 [ 803.397572][ T2059] ? _raw_spin_unlock+0x2d/0x50 [ 803.397592][ T2059] ? __alloc_fd+0x430/0x530 [ 803.406568][ T2059] do_sys_open+0x3fe/0x5d0 [ 803.406587][ T2059] ? filp_open+0x80/0x80 [ 803.406607][ T2059] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 803.406626][ T2059] ? do_syscall_64+0x26/0x610 [ 803.416113][ T2059] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.416129][ T2059] ? do_syscall_64+0x26/0x610 [ 803.416150][ T2059] __x64_sys_open+0x7e/0xc0 [ 803.416168][ T2059] do_syscall_64+0x103/0x610 [ 803.416189][ T2059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.426184][ T2059] RIP: 0033:0x4121a1 [ 803.426199][ T2059] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 803.426207][ T2059] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 803.426222][ T2059] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 803.426231][ T2059] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 803.426239][ T2059] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 803.426248][ T2059] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 803.426256][ T2059] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 803.550537][ T2071] XFS (loop0): Invalid superblock magic number 14:11:29 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8, 0x0) 14:11:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000500000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000240)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x0, 0x0) epoll_create(0x2) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4) lseek(r0, 0x59, 0x3) 14:11:29 executing program 2 (fault-call:0 fault-nth:7): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000010000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 804.321143][ T2095] FAULT_INJECTION: forcing a failure. [ 804.321143][ T2095] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 804.323112][ T2094] binder: 2091:2094 ioctl c018620c 20000440 returned -1 [ 804.342748][ T2097] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 804.342758][ T2097] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = dup3(r0, r0, 0x80000) ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, &(0x7f0000000000)={0xffffffffffffff01, "e376c97f04ff93a9cbf1f53a632ffe55f61fc3e25978babb150c2c60e1550427", 0x2, 0x1}) [ 804.390481][ T2097] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 804.390496][ T2097] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 804.457629][ T2095] CPU: 0 PID: 2095 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 804.466700][ T2095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.476766][ T2095] Call Trace: [ 804.480323][ T2095] dump_stack+0x172/0x1f0 [ 804.484658][ T2095] should_fail.cold+0xa/0x15 [ 804.489249][ T2095] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 804.495056][ T2095] ? ___might_sleep+0x163/0x280 [ 804.499916][ T2095] should_fail_alloc_page+0x50/0x60 [ 804.505112][ T2095] __alloc_pages_nodemask+0x1a1/0x7e0 [ 804.510493][ T2095] ? __alloc_pages_slowpath+0x2900/0x2900 [ 804.516219][ T2095] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 804.522292][ T2097] binder_transaction: 12 callbacks suppressed [ 804.522306][ T2097] binder: 2089:2097 transaction failed 29201/-28, size 24-8 line 3148 [ 804.522462][ T2095] alloc_pages_current+0x107/0x210 [ 804.533853][ T7653] binder_release_work: 12 callbacks suppressed [ 804.533861][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000600000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 804.536649][ T2095] __get_free_pages+0xc/0x40 [ 804.536665][ T2095] snd_malloc_pages+0x5c/0x90 [ 804.536681][ T2095] snd_pcm_attach_substream+0x414/0xb60 [ 804.536702][ T2095] snd_pcm_open_substream+0x92/0x310 [ 804.574391][ T2095] ? snd_pcm_hw_constraints_complete+0x6c0/0x6c0 [ 804.580738][ T2095] snd_pcm_oss_open.part.0+0x721/0x12c0 [ 804.580770][ T2095] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 804.580792][ T2095] ? wake_up_q+0xf0/0xf0 [ 804.580807][ T2095] ? soundcore_open+0x39c/0x610 14:11:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 804.580820][ T2095] ? find_held_lock+0x35/0x130 [ 804.580842][ T2095] ? kasan_check_write+0x14/0x20 [ 804.596304][ T2095] ? lock_downgrade+0x880/0x880 [ 804.596328][ T2095] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 804.596343][ T2095] snd_pcm_oss_open+0x41/0x60 [ 804.596367][ T2095] soundcore_open+0x456/0x610 [ 804.596384][ T2095] ? sound_devnode+0xf0/0xf0 [ 804.596397][ T2095] chrdev_open+0x247/0x6b0 [ 804.596414][ T2095] ? cdev_put.part.0+0x50/0x50 [ 804.596433][ T2095] ? security_file_open+0x8d/0x300 [ 804.596449][ T2095] do_dentry_open+0x488/0x1160 [ 804.596464][ T2095] ? kasan_check_read+0x11/0x20 [ 804.596477][ T2095] ? cdev_put.part.0+0x50/0x50 [ 804.596499][ T2095] ? chown_common+0x5c0/0x5c0 [ 804.600979][ T2098] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 804.605566][ T2095] ? inode_permission+0xb4/0x570 [ 804.605591][ T2095] vfs_open+0xa0/0xd0 [ 804.644549][ T2098] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 804.644859][ T2095] path_openat+0x10e9/0x46e0 [ 804.651611][ T2101] XFS (loop0): Invalid superblock magic number [ 804.654711][ T2095] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 804.654725][ T2095] ? kasan_slab_alloc+0xf/0x20 [ 804.654738][ T2095] ? kmem_cache_alloc+0x11a/0x6f0 [ 804.654756][ T2095] ? getname_flags+0xd6/0x5b0 [ 804.679417][ T2098] binder: 2093:2098 transaction failed 29201/-28, size 24-8 line 3148 [ 804.682267][ T2095] ? getname+0x1a/0x20 [ 804.682280][ T2095] ? do_sys_open+0x2c9/0x5d0 [ 804.682303][ T2095] ? path_lookupat.isra.0+0x8d0/0x8d0 14:11:30 executing program 2 (fault-call:0 fault-nth:8): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 804.682326][ T2095] ? __alloc_fd+0x430/0x530 [ 804.682340][ T2095] do_filp_open+0x1a1/0x280 [ 804.682362][ T2095] ? may_open_dev+0x100/0x100 [ 804.682384][ T2095] ? kasan_check_read+0x11/0x20 [ 804.682407][ T2095] ? do_raw_spin_unlock+0x57/0x270 [ 804.700748][ T2095] ? _raw_spin_unlock+0x2d/0x50 [ 804.700762][ T2095] ? __alloc_fd+0x430/0x530 [ 804.700788][ T2095] do_sys_open+0x3fe/0x5d0 [ 804.700804][ T2095] ? filp_open+0x80/0x80 [ 804.700820][ T2095] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 804.700840][ T2095] ? do_syscall_64+0x26/0x610 14:11:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000020000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 804.713424][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 804.717402][ T2095] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.717417][ T2095] ? do_syscall_64+0x26/0x610 [ 804.717437][ T2095] __x64_sys_open+0x7e/0xc0 [ 804.729755][ T2116] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 804.732035][ T2095] do_syscall_64+0x103/0x610 [ 804.732056][ T2095] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.732068][ T2095] RIP: 0033:0x4121a1 14:11:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x200) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000040)=0x10000, 0x4) [ 804.732081][ T2095] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 804.732088][ T2095] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 804.732099][ T2095] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 804.732106][ T2095] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 804.732114][ T2095] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 804.732122][ T2095] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 804.732137][ T2095] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 804.740989][ T2115] binder: 2111:2115 ioctl c018620c 20000440 returned -1 [ 804.794960][ T2116] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 804.814616][ T2118] FAULT_INJECTION: forcing a failure. [ 804.814616][ T2118] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 804.830938][ T2116] binder: 2112:2116 transaction failed 29201/-28, size 24-8 line 3148 [ 804.867319][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 804.888025][ T2118] CPU: 0 PID: 2118 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 804.928664][ T2118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.928670][ T2118] Call Trace: [ 804.928690][ T2118] dump_stack+0x172/0x1f0 [ 804.928708][ T2118] should_fail.cold+0xa/0x15 [ 804.928728][ T2118] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 804.951348][ T2118] ? ___might_sleep+0x163/0x280 [ 804.951377][ T2118] should_fail_alloc_page+0x50/0x60 [ 804.951390][ T2118] __alloc_pages_nodemask+0x1a1/0x7e0 [ 804.951409][ T2118] ? __alloc_pages_slowpath+0x2900/0x2900 [ 804.951431][ T2118] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 804.951447][ T2118] alloc_pages_current+0x107/0x210 [ 804.951466][ T2118] __get_free_pages+0xc/0x40 [ 804.965722][ T2118] snd_malloc_pages+0x5c/0x90 [ 804.965738][ T2118] snd_pcm_attach_substream+0x474/0xb60 [ 804.965762][ T2118] snd_pcm_open_substream+0x92/0x310 [ 804.965779][ T2118] ? snd_pcm_hw_constraints_complete+0x6c0/0x6c0 [ 804.965803][ T2118] snd_pcm_oss_open.part.0+0x721/0x12c0 [ 804.965831][ T2118] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 804.984868][ T2118] ? wake_up_q+0xf0/0xf0 [ 804.984886][ T2118] ? soundcore_open+0x39c/0x610 [ 804.984900][ T2118] ? find_held_lock+0x35/0x130 [ 804.984920][ T2118] ? kasan_check_write+0x14/0x20 [ 804.984935][ T2118] ? lock_downgrade+0x880/0x880 [ 804.984954][ T2118] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 804.984973][ T2118] snd_pcm_oss_open+0x41/0x60 [ 804.992568][ T2118] soundcore_open+0x456/0x610 [ 804.992588][ T2118] ? sound_devnode+0xf0/0xf0 [ 804.992601][ T2118] chrdev_open+0x247/0x6b0 [ 804.992618][ T2118] ? cdev_put.part.0+0x50/0x50 [ 804.992637][ T2118] ? security_file_open+0x8d/0x300 [ 804.992653][ T2118] do_dentry_open+0x488/0x1160 [ 804.992671][ T2118] ? kasan_check_read+0x11/0x20 [ 805.003049][ T2118] ? cdev_put.part.0+0x50/0x50 [ 805.003068][ T2118] ? chown_common+0x5c0/0x5c0 [ 805.003085][ T2118] ? inode_permission+0xb4/0x570 [ 805.003102][ T2118] vfs_open+0xa0/0xd0 [ 805.003115][ T2118] path_openat+0x10e9/0x46e0 [ 805.003130][ T2118] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 805.003142][ T2118] ? kasan_slab_alloc+0xf/0x20 [ 805.003155][ T2118] ? kmem_cache_alloc+0x11a/0x6f0 [ 805.003166][ T2118] ? getname_flags+0xd6/0x5b0 [ 805.003176][ T2118] ? getname+0x1a/0x20 [ 805.003193][ T2118] ? do_sys_open+0x2c9/0x5d0 [ 805.013298][ T2118] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 805.013329][ T2118] ? __alloc_fd+0x430/0x530 [ 805.013345][ T2118] do_filp_open+0x1a1/0x280 [ 805.013359][ T2118] ? may_open_dev+0x100/0x100 [ 805.013388][ T2118] ? kasan_check_read+0x11/0x20 [ 805.013407][ T2118] ? do_raw_spin_unlock+0x57/0x270 [ 805.108150][ T2118] ? _raw_spin_unlock+0x2d/0x50 [ 805.108173][ T2118] ? __alloc_fd+0x430/0x530 [ 805.117430][ T2118] do_sys_open+0x3fe/0x5d0 [ 805.117450][ T2118] ? filp_open+0x80/0x80 [ 805.192934][ T2118] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 805.192953][ T2118] ? do_syscall_64+0x26/0x610 [ 805.202803][ T2118] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.202815][ T2118] ? do_syscall_64+0x26/0x610 [ 805.202834][ T2118] __x64_sys_open+0x7e/0xc0 [ 805.202850][ T2118] do_syscall_64+0x103/0x610 [ 805.202867][ T2118] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.202879][ T2118] RIP: 0033:0x4121a1 [ 805.202898][ T2118] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 805.299667][ T2118] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 805.308101][ T2118] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 805.316067][ T2118] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 805.324034][ T2118] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 805.331999][ T2118] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 805.339966][ T2118] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000700000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x58240, 0x0) ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000040)) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c80, r2) 14:11:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) ioctl(0xffffffffffffffff, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000030000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:31 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) 14:11:31 executing program 2 (fault-call:0 fault-nth:9): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x9, 0x1ffc) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000040)={0x3e, 0x8, 0x1e}) [ 805.688017][ T2130] binder: 2126:2130 ioctl c018620c 20000440 returned -1 [ 805.720606][ T2137] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) ioctl(0xffffffffffffffff, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 805.734112][ T2139] FAULT_INJECTION: forcing a failure. [ 805.734112][ T2139] name failslab, interval 1, probability 0, space 0, times 0 [ 805.740247][ T2137] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 805.756854][ T2135] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 805.765718][ T2137] binder: 2131:2137 transaction failed 29201/-28, size 24-8 line 3148 [ 805.774148][ T2135] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 805.785920][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 805.801210][ T2135] binder: 2127:2135 transaction failed 29201/-28, size 24-8 line 3148 [ 805.818756][ T2139] CPU: 1 PID: 2139 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 805.827812][ T2139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.837873][ T2139] Call Trace: [ 805.840206][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 805.841180][ T2139] dump_stack+0x172/0x1f0 [ 805.841203][ T2139] should_fail.cold+0xa/0x15 [ 805.841221][ T2139] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 805.841251][ T2139] ? ___might_sleep+0x163/0x280 [ 805.867034][ T2139] __should_failslab+0x121/0x190 [ 805.872090][ T2139] should_failslab+0x9/0x14 [ 805.876601][ T2139] __kmalloc_track_caller+0x2d8/0x740 [ 805.881978][ T2139] ? rcu_read_lock_sched_held+0x110/0x130 [ 805.887879][ T2139] ? __alloc_pages_nodemask+0x599/0x7e0 [ 805.893424][ T2139] ? snd_pcm_hw_rule_add+0x3fe/0x570 [ 805.898711][ T2139] krealloc+0x66/0xd0 [ 805.902694][ T2139] snd_pcm_hw_rule_add+0x3fe/0x570 [ 805.907804][ T2139] ? snd_pcm_hw_rule_sample_bits+0x230/0x230 [ 805.913788][ T2139] ? snd_pcm_debug_name+0x190/0x190 [ 805.918984][ T2139] ? lockdep_init_map+0x1be/0x6d0 [ 805.924019][ T2139] snd_pcm_hw_constraints_init+0x4a2/0xd80 [ 805.929830][ T2139] snd_pcm_open_substream+0x15b/0x310 [ 805.935208][ T2139] ? snd_pcm_hw_constraints_complete+0x6c0/0x6c0 [ 805.941553][ T2139] snd_pcm_oss_open.part.0+0x721/0x12c0 [ 805.947110][ T2139] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 805.953616][ T2139] ? wake_up_q+0xf0/0xf0 [ 805.957856][ T2139] ? soundcore_open+0x39c/0x610 [ 805.962703][ T2139] ? find_held_lock+0x35/0x130 [ 805.967468][ T2139] ? kasan_check_write+0x14/0x20 [ 805.972406][ T2139] ? lock_downgrade+0x880/0x880 [ 805.977267][ T2139] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 805.983071][ T2139] snd_pcm_oss_open+0x41/0x60 [ 805.987749][ T2139] soundcore_open+0x456/0x610 [ 805.992437][ T2139] ? sound_devnode+0xf0/0xf0 [ 805.997020][ T2139] chrdev_open+0x247/0x6b0 [ 806.001434][ T2139] ? cdev_put.part.0+0x50/0x50 [ 806.006208][ T2139] ? security_file_open+0x8d/0x300 [ 806.011326][ T2139] do_dentry_open+0x488/0x1160 [ 806.016087][ T2139] ? kasan_check_read+0x11/0x20 [ 806.020932][ T2139] ? cdev_put.part.0+0x50/0x50 [ 806.025787][ T2139] ? chown_common+0x5c0/0x5c0 [ 806.030463][ T2139] ? inode_permission+0xb4/0x570 [ 806.035407][ T2139] vfs_open+0xa0/0xd0 [ 806.039389][ T2139] path_openat+0x10e9/0x46e0 [ 806.043977][ T2139] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 806.049781][ T2139] ? kasan_slab_alloc+0xf/0x20 [ 806.054543][ T2139] ? kmem_cache_alloc+0x11a/0x6f0 [ 806.059567][ T2139] ? getname_flags+0xd6/0x5b0 [ 806.064243][ T2139] ? getname+0x1a/0x20 [ 806.068303][ T2139] ? do_sys_open+0x2c9/0x5d0 [ 806.072898][ T2139] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 806.078273][ T2139] ? __alloc_fd+0x430/0x530 [ 806.082791][ T2139] do_filp_open+0x1a1/0x280 [ 806.087290][ T2139] ? may_open_dev+0x100/0x100 [ 806.091974][ T2139] ? kasan_check_read+0x11/0x20 [ 806.096818][ T2139] ? do_raw_spin_unlock+0x57/0x270 [ 806.101949][ T2139] ? _raw_spin_unlock+0x2d/0x50 [ 806.106799][ T2139] ? __alloc_fd+0x430/0x530 [ 806.111308][ T2139] do_sys_open+0x3fe/0x5d0 [ 806.115725][ T2139] ? filp_open+0x80/0x80 [ 806.119967][ T2139] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 806.125433][ T2139] ? do_syscall_64+0x26/0x610 [ 806.130112][ T2139] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.136182][ T2139] ? do_syscall_64+0x26/0x610 [ 806.140866][ T2139] __x64_sys_open+0x7e/0xc0 [ 806.145368][ T2139] do_syscall_64+0x103/0x610 [ 806.149958][ T2139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.155841][ T2139] RIP: 0033:0x4121a1 [ 806.159727][ T2139] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 806.179343][ T2139] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 14:11:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000040000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000a00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$bt_hidp(0x1f, 0x3, 0x6) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x0, 0x0) write$P9_RCLUNK(r2, &(0x7f0000000140)={0x7, 0x79, 0x1}, 0x7) r3 = accept(r1, &(0x7f0000000040)=@xdp, &(0x7f00000000c0)=0x80) sendmmsg$inet_sctp(r3, &(0x7f0000000500)=[{&(0x7f00000001c0)=@in={0x2, 0x4e23, @broadcast}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000200)="a7ad73bdb6bb5c1435f9b65151f0d56bab832b321bb2a624138bf9e30590645b3fda71176e772c4c2bbd60ef5ce39b9c9b730321e01da896849ed53db15b40caca09f8fe64cc9463717d370b95e11eca71ca85ffeb7de1605a4571faa570e0b6abc540f430918ae269e1fe4268f6fb08fbc2f71c8f3eedd7b82a7b865f3112c6b6edfa2bb10b3a438ee9f7ddf3c7a8e40edeb972267320a530a6903074ff21b43ecae046f0d3cf17c513181cb28e2aa4826eb2302e58720e", 0xb8}, {&(0x7f00000002c0)="5b8e359c784737d7ffcd840ba3eca211ba027a989bc36e39db0bdeb3026c21606aeab414ee543805322a6a19cc0aef1151162e546e31e1aded1d5fa9d0331dd3302d9d7e83b7fffd23454777a5f3d78d788f71e1d5a020e8224f90afbf7de8af2d7470da3f7f453fe096b62dd2873a96", 0x70}, {&(0x7f0000000340)="f1c750af9dae187a742f0ac9650d624059641b9f7297cbab0e9ed0e7cdd393a77a04ad2482b2ba7ad8c1c353d33c3340a7d2a481de4762c507600d841fb94a9bcce270fae4a4be7a13302d01b41bdb21a503b70a24c0376ec63d9c323350c599b7756318a8aee23aea093126e1aed51d4654855fc54ff1893a463cde2c15cb16a23a5b2168fa08ee0a997ea1175f7d9517005c0fc9b2ba9dd4f7d90fefab80310cca4024a67cbf7c50", 0xa9}], 0x3, &(0x7f00000004c0)=[@prinfo={0x18, 0x84, 0x5, {0x20, 0xc03}}], 0x18, 0x8000}], 0x1, 0x8000) syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) pipe2(&(0x7f0000000180), 0x800) [ 806.187748][ T2139] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 806.195750][ T2139] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 806.203717][ T2139] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 806.211681][ T2139] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 806.219652][ T2139] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x101000, 0x0) ioctl(0xffffffffffffffff, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 806.296363][ T2155] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 806.311013][ T2155] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 806.329539][ T2155] binder: 2150:2155 transaction failed 29201/-28, size 24-8 line 3148 [ 806.338145][ T2156] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000057c0)='/dev/autofs\x00', 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000005800)={0x43, 0x4, 0x1}, 0x10) syz_mount_image$xfs(&(0x7f0000000100)='xfs\x00', &(0x7f0000000380)='./file0/file0\x00', 0x99, 0x2, &(0x7f0000000240)=[{&(0x7f0000000180)="0cad90814bbb0950ca9f1fd6ca9c467cfc4ab2cf99e5b883e8f1be3c5421b4d63b66f07ce5873fca659eacaf64619d6022b121e2386e178e0dba7aa524", 0x3d, 0xeba}, {&(0x7f0000000200)="e91aec07672449ae", 0x8, 0x7fffffff}], 0x108008, &(0x7f0000000300)=ANY=[]) setxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x2) 14:11:31 executing program 2 (fault-call:0 fault-nth:10): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 806.351548][ T2136] XFS (loop0): Invalid superblock magic number [ 806.377340][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 806.406566][ T2162] binder: 2161:2162 ioctl c018620c 20000440 returned -1 [ 806.419031][ T2156] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000050000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 806.447748][ T2165] FAULT_INJECTION: forcing a failure. [ 806.447748][ T2165] name failslab, interval 1, probability 0, space 0, times 0 [ 806.455328][ T2156] binder: 2153:2156 transaction failed 29201/-28, size 24-8 line 3148 [ 806.472866][ T2165] CPU: 0 PID: 2165 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 806.481904][ T2165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.481910][ T2165] Call Trace: [ 806.481931][ T2165] dump_stack+0x172/0x1f0 [ 806.481953][ T2165] should_fail.cold+0xa/0x15 [ 806.481973][ T2165] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 806.481992][ T2165] ? ___might_sleep+0x163/0x280 [ 806.482009][ T2165] __should_failslab+0x121/0x190 [ 806.482024][ T2165] should_failslab+0x9/0x14 [ 806.482038][ T2165] __kmalloc_track_caller+0x2d8/0x740 [ 806.482049][ T2165] ? krealloc+0x7b/0xd0 [ 806.482061][ T2165] ? krealloc+0x7b/0xd0 [ 806.482080][ T2165] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 806.520845][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 806.524431][ T2165] ? __phys_addr+0xa4/0x120 [ 806.554956][ T2165] ? snd_pcm_hw_rule_add+0x3fe/0x570 [ 806.560251][ T2165] krealloc+0x3f/0xd0 [ 806.564248][ T2165] snd_pcm_hw_rule_add+0x3fe/0x570 [ 806.569359][ T2165] ? snd_pcm_hw_rule_add+0x34e/0x570 [ 806.574644][ T2165] ? snd_pcm_stop_xrun+0x160/0x160 [ 806.579812][ T2165] ? snd_pcm_debug_name+0x190/0x190 [ 806.585017][ T2165] ? snd_pcm_debug_name+0x190/0x190 [ 806.590229][ T2165] ? lockdep_init_map+0x1be/0x6d0 [ 806.595348][ T2165] snd_pcm_hw_constraints_init+0x8bb/0xd80 [ 806.601259][ T2165] snd_pcm_open_substream+0x15b/0x310 [ 806.606644][ T2165] ? snd_pcm_hw_constraints_complete+0x6c0/0x6c0 [ 806.612998][ T2165] snd_pcm_oss_open.part.0+0x721/0x12c0 [ 806.618571][ T2165] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 806.625184][ T2165] ? wake_up_q+0xf0/0xf0 [ 806.629430][ T2165] ? soundcore_open+0x39c/0x610 [ 806.634275][ T2165] ? find_held_lock+0x35/0x130 [ 806.639040][ T2165] ? kasan_check_write+0x14/0x20 [ 806.644447][ T2165] ? lock_downgrade+0x880/0x880 [ 806.649298][ T2165] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 806.655102][ T2165] snd_pcm_oss_open+0x41/0x60 [ 806.659957][ T2165] soundcore_open+0x456/0x610 [ 806.664635][ T2165] ? sound_devnode+0xf0/0xf0 [ 806.669576][ T2165] chrdev_open+0x247/0x6b0 [ 806.674006][ T2165] ? cdev_put.part.0+0x50/0x50 [ 806.678772][ T2165] ? security_file_open+0x8d/0x300 [ 806.683885][ T2165] do_dentry_open+0x488/0x1160 [ 806.688647][ T2165] ? kasan_check_read+0x11/0x20 [ 806.693495][ T2165] ? cdev_put.part.0+0x50/0x50 [ 806.698261][ T2165] ? chown_common+0x5c0/0x5c0 [ 806.702937][ T2165] ? inode_permission+0xb4/0x570 [ 806.708402][ T2165] vfs_open+0xa0/0xd0 [ 806.712412][ T2165] path_openat+0x10e9/0x46e0 [ 806.717008][ T2165] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 806.722809][ T2165] ? kasan_slab_alloc+0xf/0x20 [ 806.727571][ T2165] ? kmem_cache_alloc+0x11a/0x6f0 [ 806.732943][ T2165] ? getname_flags+0xd6/0x5b0 [ 806.737707][ T2165] ? getname+0x1a/0x20 [ 806.741771][ T2165] ? do_sys_open+0x2c9/0x5d0 [ 806.746369][ T2165] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 806.751748][ T2165] ? __alloc_fd+0x430/0x530 [ 806.756250][ T2165] do_filp_open+0x1a1/0x280 [ 806.760753][ T2165] ? may_open_dev+0x100/0x100 [ 806.765437][ T2165] ? kasan_check_read+0x11/0x20 [ 806.770373][ T2165] ? do_raw_spin_unlock+0x57/0x270 [ 806.775487][ T2165] ? _raw_spin_unlock+0x2d/0x50 [ 806.780427][ T2165] ? __alloc_fd+0x430/0x530 [ 806.785037][ T2165] do_sys_open+0x3fe/0x5d0 [ 806.789545][ T2165] ? filp_open+0x80/0x80 [ 806.793790][ T2165] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 806.799360][ T2165] ? do_syscall_64+0x26/0x610 [ 806.804036][ T2165] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.810098][ T2165] ? do_syscall_64+0x26/0x610 [ 806.816183][ T2165] __x64_sys_open+0x7e/0xc0 [ 806.820697][ T2165] do_syscall_64+0x103/0x610 [ 806.825295][ T2165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.831451][ T2165] RIP: 0033:0x4121a1 [ 806.835601][ T2165] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 806.855464][ T2165] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 806.864413][ T2165] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 806.872563][ T2165] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 806.880530][ T2165] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 806.888707][ T2165] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 806.896764][ T2165] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 806.924553][ T2172] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 806.943907][ T2172] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 806.977234][ T2172] binder: 2168:2172 transaction failed 29201/-28, size 24-8 line 3148 [ 806.990627][ T2176] binder: 2174:2176 ioctl c018620c 20000440 returned -1 [ 807.016052][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:32 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xa, 0x0) 14:11:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000001200000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:32 executing program 2 (fault-call:0 fault-nth:11): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x150, 0x0, 0x0}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x101000, 0x0) write$cgroup_int(r1, &(0x7f00000001c0)=0x3e, 0x12) write$cgroup_int(r0, &(0x7f0000000240)=0x401, 0x12) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x24200, 0x0) openat$cgroup_int(r1, &(0x7f00000014c0)='cpuset.cpu_exclusive\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000001500)=ANY=[@ANYRES32=0x0, @ANYBLOB="890000003a7ce81660f2da557ed16d638a1d5decf74bca5fef20fe81cfb0d0645e4a1f5a365bc0dbdeb08b654096355e3cf10f49ebf144cb02c2832e3950624d1686b7f26d63a92fcf895a36f35da838f8efbd6ba6966c0892e2fb4da0c9d3a084a8c561bd45303832ea0f3f0ffeb07e13b7a5af178f43415a21bed4e1f6c520f917b0a7a8aadd4016d9a1b154f1cdc5ee971206721f091c5b5d1c3d577de9022bc1fbda4d9719081bb3419d7a8761bf64d14ebd4bbf39c03bc6ec0fd83cb58a5aef7ac90757c3914f552ce97f539328df9c01d33db4e7b09b5f4a862d8956ea5deeb8be74c2e0aa114e7efebb69e6e4442ab2f25f4991945ff9ac0672d22bc65d99a4f9cf8da6331d333b3ec9fbe151966296397a81f83a7302a6a095da397450bc9c5e726b137a6046f001b0eccea8ad5811058b7285d1e9189c4cc2dc"], &(0x7f00000003c0)=0x91) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000480)={r3, 0x1000, "fb58f02c1cfeac245d7b86a8d4e1dd178d29571164aa8396f28f17a3eff41276779c2e06bb2a0bd1c32bc367e37e5c0ebcaad676ac1fdade23132f269880de3d254e1e98090f905842ccedf5be514628ebe3974ffac2ab20b51f8edd76db55d90a0d7891c8c0db077fd17eaf9a5d3fb5cea5de1ffbd91b388d49a620e5e912ed8b5577bb039bbe23575b826e13d8b58f22b30d37a872a5d045a337539cec46ab1aa5b18504ecdbade60426b992ee0f381cdb60419cddc2a1346cc831c6766d5fbd87c6c3f5b6e1907fe3ff9aaa956fc531ec0f2c1c6aa0ffab8d626f0d1b61ddcc8c0436d1e4f336a71aa7feb0f92bd3309eb913de46295318766330ca8acd7bd47799d93a1de0321b566d66a58f321d48f021894b1955f99a2cbfae7c0a8a0762b2e2f479221915f381374f84efe863fa363ac9d2882975105544f79019ded2650cccb9f7e35d5eb045671864294bbc86bca80c3397cbdd812d0c6004ac23b1eb83936cbed63df27c0e258efb795d0727e2d09c0c6be19917ef8a66d7776f4568406b729c0b190f52beeeade00de6560ff338c79b5e3ae0ea5715f427c8b5c85800c5bacb0b681a2753081731d71e3294b20785a05465e83d2bace3c1b982510278a93a78162edf23167b6ed1b3bf299346c243ab0c17d46ad561d0070e1f8c221ee45bf77c59c0fd2c5d13407179acfd26c360f6acc3a4c20d5a3d330f351de37a8aab58a948ecd647b0b49217a15333c6e5fd836aec698c5149ca0fdd8721dab396b8f654ab38f5e7cc88821c8e32ccc3702724b2550425329135ff02039f08aa4dc90d13e24b34e4363abdb112f5820cb4769737fa36ff619ab57bcf67461477e9c50adfbc295907d6e042e2c4b0db4395f716426d308293b214820ef0d4a456e98bc7173da4c4db576ee434852bef3eb6179277ea3c2282e4872dbf4b0ba42e8b41d72bb67cacd84cd3466df1a1abef50c07d772c1e3ab5307ff387b0283f0d44d0467b5ce5babcdb4740006f51f6e197a513934fbc28ca366057e3a14b7f0b02c6de6a2f6f30ed4475a9bd9e413f30558ccd9d4d9e643580fa00871d9451aeabc74cd25aa9a8e9c6ec2c434851f844bb26891a4a7d599e78772b00775fdbfa89dbb364fa6c4d8becf45f7fa3b90eeae0b322975457c55857daa3e3fa5abfd1f9410c18e9fc1ecc31422e2bd6333ec2be2b103766fbc1971500c58b2de76d1be5ef93776a158c6cc83f44aeecaf37360135de5fd9565518b552ebcde92663bd370f1a305760b1b9e336046b71eb0bde20bc14f18d4df909d2e787c206eb37bbf8adfbefd59a81899a48b1787cd1c84d3abfd8a30838aab9395180691fdc253f5b0f96ba69a82c5f442bf9508ed80b10aa503b271473d44522b2beb046d791615434b02ca2a27a1777176e3d39b03eb7d39d24194a1ac645e16b3d5f86f64205ea219735b774f26c4cb1d11eb9b24659344b1cb2ba97d554cc87a6ae944bcaa27e333db7fa6e93d40d492aea2a0ba69e3d35e7cb396541af5cf4037f0cc5d7f345d82f7c585184236b984c1c90f8818231f0eecfbcac0a790a65516449b9aec86e16d559233d43724ca71866df60ad5318685980e1f667d637d81cccd0c663cdeef8898a97ce3e22a0386f7900b6ead3e55cc16f347d9343eee239070a7a9658a82dcff73cc132304390989ab889f7ec328fe5f525d4fc1b3f161718bf9049b112459e94cc623f809a7b33441afa1fba36725104ebeb3cdf74c73ae925322ff59b716878ccd94f2bb307e744dc35164879e7ab9a68c5245e9fa4d6b949dedfcaf9aac8db96f7f2131928d92e0132e593c56798c354f12a22ec3f388247f9c08a297ac778977553b19c0d8816ff8a2c624791c78d732238c935642dcb35aa16a8641c9f163a6952852406b2a1c14cf62d7f13757c1bbc86041d6c1f6ab0e2a62d4a7ec248796495d16636a89ab641fd69eff73120d67cdbbce977a88fc5ba5b372ecccd53ec2e8253cb9758c086deb14480118fdde25d2695fd431c6ad4bf87e315f174ab6c534ac4851d0e0f3b483d5584b86536f3fe594730081bc58126a5dddbc5064f0bb241c55a84c403c8f6c74be7f1a478eb217af5d386491d6a7db857c951a2a9659da51f157932acd530114fb1b062f5c5c6e222133ac9ed2f14f10ff574d68035ea4fbfa7511d528b112c1a89d24ed11340b02b659991f90b267141a25c22016c80516f4ee590c75b53096adb64a2dcec6bba76645bbecfee90ec8196f8bd692fee3aafe0a4a2667c7461e9458935e93001af33f1626538970451e04e17492cf10d29d3b6ee8ad81df73bda7966307de04fb961590de53de580e47b9d2caf2b8e6951e8051461d29b6c59996c159807b82eddde48ce1664865dd2f71cb08ee72f6680922e4a60ac625642b9d303c1315777cc542ad78257c9ea11ac6b5a1188733670a5ef496ffa262e79be463446e8467289799e775194ca2cc4b643707c3c4629441b2d430049d354519db38bc1d726f8e093024f813d266b89b97d81a79fb7f8f626b2acd582772700239edb6afc5532058ed5bf69dce3d5c33f5f28671a3353c14ba799ddacf42be0a8b3f4600eeda860c63688cfb5fa8a49a5db43dd6eb53b976d7d4b9f9a0405d965684193262f544cda54b75dec455c3e5b940e64cbe02215c95bcb91676a7c971748e6db9d1e1b301513ef71d2d2dd82645540dec8f23300566fe223e4c811e22b0d64ba234ec633874d33e0977cb114bdb50b2bd3700bb402e5fa6fd7b07c8b510a922caaa4b66b9dfe4db4118e09838c38964c3a96ec48338bd2713899c65400a39d7ae8054ff25a1c97d935b58165a78b14883216c8c55410f638d7737c7044c7d34e5f9a6dbf415e49aed4085b38668f28362e2b70bd65b1105fbd8664c00e72e2b89a9d103f272ece7257a81c04dce9a52b75af97f760139ac332d3aa20aa3104a0523cae4895d2f0b64829ac82a9f9569dc5ab92c8763f6834a4e60bdafa553e39a334985daba84739cfaef614ced93fc2c8107e13f42b710ae9fd7177c82de2e0770c914e7a62edc49d8ddbbe3a736be8481e6f8a7efba3b6cc26db475dc9f71ccb33adaa64b12db11175b4937823cbceea118976132bf0995d0cde9a5a46ebf45bd5203fa5654b3206db025cda6954be1db8cd89218c8926d108cae3fcf269142c89504ea240710f56b87d42f12d53c809525738f86f7e6a74a10e1bd2bc231b4160f4a70e22275abe3545738df456bb7ec51a00ed8bbef6102a4b140c6a50598ea5f7c5e73d336828a797102c68846b2bd10eb62f709ec9998621da4b112f8d71e7381096d8642f8d5e9761641bad41e77b80c976d8d2398a9d7b4a3634bb2dc4be8b26cac5c1a55b106fc5587cfdddf19b2bbe10577dc9b0f7af1ab3aa443c18fa160de9b3954eedbec1b0d7f194fc14cbcdddf5134099b8c86d84712ed479d6f17e35c106ca58b1576f8023a1a666d206cb1a27af50c8b6164e19fbbab6f1fd3e5e63cacb89dcdeb94b392e68abb7d57eebe99b71f6b29d837319a5c045f2dd39e8e29c11fd5cf8ae8b2f393dd131076089a6be846355d8689aa94f56e87617cf85de852b4f16e725b6ccd0dde7f78c4c15f78c0891fe0b3ac0977e1f21005f3430b8ff3a40cf8519aed74da3b68af07bee2b51baae6b02eefb98b4cae26c717ac368d3c649d37e1aecc9655f9962a439ad8c218c103ba309cfdc2937690ddb553ac228c086a642e5d6e1d95e6be958347cf1d7db247e2bc0d17e383b34977a02db52eddec9d472ccfc8c0458d5b9ebaff277208476c72198df6be1db91e639c21362afe5ca89c3654a177dc8cc9a2468b9f575293b6f3ebd316ad661db4a9b6a6476c26ee82077ac2a1df23a7c7f027c52528e3cd572da50311367114822c466cc654c8935933f7941ad8d10a98d114cc466de40c8ca82d4f6e9f930599c64b40aee57ec3675cb8cfb13cd1a24d287a046990a76c5ac22c5c01012bcd243cdac8cbb5cd83b97da0d979a00d2de3fb92cbe5245886111d84ffdaacab6b7e21440ca906bc2ca05237f31edc60892ebbec8b2bbd85231bd758d36be85897bdac399e1bcae48e7ce70e87d5cd17ff2e7d2f655284ee7b697d18dfae24b29b8fa8e50fa632e0a434c26c3d0fee6bda6606888b80ac28ba7625a94a7479d34e646a124c0885084b30426b8f943868f1d7962ba8c8a3b811f54273fb0804c39f69059b08e83ba36cf9780ae828ae6d33ecce5c62974ce4038981727c7dec73777947a19893c06238ac3319b000804fb0d5cee9143c1798c23ee5cadfdb3dc628a7f7e8f82856da9987921f254198ba0972ca230ce329da8b4ec8c19a5f7cd830c2211e50311649353a4666effee79bd74a7c1b896272c538ad81b4e263c5b46c4bb79a10f5b6342e55ac0637f36e79be7be429ee68815cf18a26ebe298143af7eaabb44a638e7276818e32b5a069b6d810727d8906ec44047f2093080fb7cf280521c03af54638eb63cb17f65478501b4a8757c7c4b1ddd76463b225c85c8c92a18da2cf18cd00c5f267d465d0da736978b804fb0e21461c0560ef694237bf09cf8ce9d7cb44bc228623afd2089dfb7224fc5d5a1665edfb5fb57512cbbc51a6ab9cfc01916539715aa6513b3cb369df062446c91aac07debab5c1007e2e496e2471f02f4f2a74316e654a6c47b7ba9fcafe83785f8afa919d736535c2a7b66ea329707a791a186c82b99b73798324a030f9e6338924d3a052df498816600c2e0380d8e1de2b062e7ca515cfcb44d05d3d5083d08ed9b2b0d682eb74d786741374c724c8c3d744c45e32e6ad2f69c6881054a02ddb0aeacd48bdda33b6cc36eb04eb4b393ed4600d822ffa0cb81cd5a32397eda56f4ddc4a08f8cae2a2ffd3de3c8e83f0de80ee8e29ac66d0f238d5bb5e9e08de8c9de02c9d4b4b305e29622115a24610b5f2afc2f303f8b5265a26ed86fef23c5ca9b025afaf035e06cb397b1b0a0bf38d071a22cdbbe285013786c7ad34287cadca2fafa703e0c5b50001de3928605f5e12f7381126356538e7201104401ab8c3074c7983d26042610b47239565f77bb3f2f7f409986b9dd42feb933cff9c07b75d1d91fe0526095fecfa9de7d29289f3eb6d7fd37c9f5a086620e1fcec9514f976fd35043784f10d916d78451658ac3759634a52e5a83d1d818fe6eda7c417e2ae52838d1fdd461a07aa88a92eb4d13424402503bf9dd92b42a371572064adabf40d0d9f37026dc26c79215abdb8d36ba37c21f61f30be512cbe4fb2667cec823b7268a5159efee53d20c05712d86c6cff1471aadff0ebaa14f172a3833b5cfd0a072ee3961bf87ce5823c0f4729e782859523e0b7a557c666d6740272d1c0b56ade7e968fd1bad19dda28455ff33149be8022178b79b1a028697a863e237e70a42efca9008f879cf7e0efadee27d5fd8f39c29d33a468e06c8d6c1ff2b01dd1a1ee47a97ebb374a35d6973029013d7ce0de78484f3052ccc9bc00c23eabad25fbba1835a47d0d8851d44553ed1be43f7db85baa5ea3dca8c8213866d89eb83731eaf0bdb81b6ae4c3e023105e123d21fb0ad54d288346c94ea7db829f623df617c4a2f45d37b4392760b6f2300242d8b21289b2a506dda2a2c9a681de9e37bd1e5442b4d1840844d5402316e72f30c3d6ffd0ab8bb2be58abb53114f740a37757cc5d2f8503a7b7d0f0066dfecc7a215d07895eed92d4155298a5c3ecfc99255edf9e1cabaa4857aa3513028673b041a3e8f81afd50d3e"}, &(0x7f0000000400)=0x1008) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000280)={0x0, @speck128, 0x0, "227412851f5a9f21"}) lsetxattr$trusted_overlay_nlink(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='trusted.overlay.nlink\x00', &(0x7f0000000380)={'U+', 0x4}, 0x28, 0x3) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={0x0, 0x8000}, &(0x7f0000000080)=0x8) ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000200)={0x0, 0x3, {0x38, 0x23, 0x4, 0x2, 0x4000000005, 0x3, 0x1, 0x154, 0x1}}) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f00000000c0)={r4, @in={{0x2, 0x4e20, @local}}}, 0x84) 14:11:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000060000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:32 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 807.294651][ T2182] FAULT_INJECTION: forcing a failure. [ 807.294651][ T2182] name failslab, interval 1, probability 0, space 0, times 0 [ 807.306065][ T2187] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 807.338200][ T2182] CPU: 0 PID: 2182 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 807.338894][ T2187] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 807.347443][ T2182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.347465][ T2182] Call Trace: [ 807.347490][ T2182] dump_stack+0x172/0x1f0 [ 807.347511][ T2182] should_fail.cold+0xa/0x15 [ 807.347528][ T2182] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 807.347545][ T2182] ? ___might_sleep+0x163/0x280 [ 807.347562][ T2182] __should_failslab+0x121/0x190 [ 807.347579][ T2182] should_failslab+0x9/0x14 [ 807.347594][ T2182] kmem_cache_alloc_trace+0x2d1/0x760 [ 807.347607][ T2182] ? lockdep_init_map+0x1be/0x6d0 [ 807.347627][ T2182] loopback_open+0x14d/0x1050 [ 807.347644][ T2182] ? snd_pcm_hw_constraints_init+0x97c/0xd80 [ 807.347663][ T2182] snd_pcm_open_substream+0x1ca/0x310 [ 807.347678][ T2182] ? snd_pcm_hw_constraints_complete+0x6c0/0x6c0 [ 807.347698][ T2182] snd_pcm_oss_open.part.0+0x721/0x12c0 14:11:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000002000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 807.347726][ T2182] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 807.367328][ T2182] ? wake_up_q+0xf0/0xf0 [ 807.367347][ T2182] ? soundcore_open+0x39c/0x610 [ 807.367361][ T2182] ? find_held_lock+0x35/0x130 [ 807.367381][ T2182] ? kasan_check_write+0x14/0x20 [ 807.367401][ T2182] ? lock_downgrade+0x880/0x880 [ 807.375122][ T2182] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 807.387505][ T2185] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 807.390589][ T2182] snd_pcm_oss_open+0x41/0x60 [ 807.390609][ T2182] soundcore_open+0x456/0x610 [ 807.390629][ T2182] ? sound_devnode+0xf0/0xf0 [ 807.390643][ T2182] chrdev_open+0x247/0x6b0 [ 807.390659][ T2182] ? cdev_put.part.0+0x50/0x50 [ 807.390679][ T2182] ? security_file_open+0x8d/0x300 [ 807.390695][ T2182] do_dentry_open+0x488/0x1160 [ 807.390710][ T2182] ? kasan_check_read+0x11/0x20 [ 807.390723][ T2182] ? cdev_put.part.0+0x50/0x50 [ 807.390741][ T2182] ? chown_common+0x5c0/0x5c0 [ 807.390765][ T2182] ? inode_permission+0xb4/0x570 14:11:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)) [ 807.399191][ T2187] binder: 2177:2187 transaction failed 29201/-28, size 24-8 line 3148 [ 807.400192][ T2182] vfs_open+0xa0/0xd0 [ 807.400208][ T2182] path_openat+0x10e9/0x46e0 [ 807.400226][ T2182] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 807.400239][ T2182] ? kasan_slab_alloc+0xf/0x20 [ 807.400256][ T2182] ? kmem_cache_alloc+0x11a/0x6f0 [ 807.409769][ T2185] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 807.410606][ T2182] ? getname_flags+0xd6/0x5b0 14:11:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004800000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 807.410622][ T2182] ? getname+0x1a/0x20 [ 807.419349][ T2185] binder: 2181:2185 transaction failed 29201/-28, size 24-8 line 3148 [ 807.421252][ T2182] ? do_sys_open+0x2c9/0x5d0 [ 807.421282][ T2182] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 807.421306][ T2182] ? __alloc_fd+0x430/0x530 [ 807.421320][ T2182] do_filp_open+0x1a1/0x280 [ 807.421334][ T2182] ? may_open_dev+0x100/0x100 [ 807.421358][ T2182] ? kasan_check_read+0x11/0x20 [ 807.421374][ T2182] ? do_raw_spin_unlock+0x57/0x270 [ 807.421392][ T2182] ? _raw_spin_unlock+0x2d/0x50 [ 807.421410][ T2182] ? __alloc_fd+0x430/0x530 [ 807.433917][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 807.438628][ T2182] do_sys_open+0x3fe/0x5d0 [ 807.468066][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 807.468867][ T2182] ? filp_open+0x80/0x80 [ 807.567271][ T2182] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 807.567287][ T2182] ? do_syscall_64+0x26/0x610 [ 807.567302][ T2182] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.567320][ T2182] ? do_syscall_64+0x26/0x610 [ 807.604219][ T2182] __x64_sys_open+0x7e/0xc0 [ 807.604238][ T2182] do_syscall_64+0x103/0x610 [ 807.604261][ T2182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.604278][ T2182] RIP: 0033:0x4121a1 [ 807.628140][ T2182] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 807.628149][ T2182] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 14:11:33 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x400, 0x408881) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f00000000c0)={0x8, 0x5, 0x7, 0x30f, '\x00', 0x1}) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x2, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000040)={0xffffffffffffffff, 0x3, 0x0, 0x3, 0x96bf}) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000070000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 807.628164][ T2182] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 807.628173][ T2182] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 807.628181][ T2182] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 807.628196][ T2182] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 807.665069][ T2182] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 807.824743][ T2189] XFS (loop0): Invalid superblock magic number 14:11:33 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xd, 0x0) 14:11:33 executing program 2 (fault-call:0 fault-nth:12): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004c00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000a0000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x802) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 808.337271][ T2223] FAULT_INJECTION: forcing a failure. [ 808.337271][ T2223] name failslab, interval 1, probability 0, space 0, times 0 [ 808.371085][ T2223] CPU: 1 PID: 2223 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 808.383563][ T2223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.396760][ T2223] Call Trace: [ 808.400085][ T2223] dump_stack+0x172/0x1f0 [ 808.404514][ T2223] should_fail.cold+0xa/0x15 [ 808.409129][ T2223] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 808.414947][ T2223] ? ___might_sleep+0x163/0x280 [ 808.420863][ T2223] __should_failslab+0x121/0x190 [ 808.425845][ T2223] should_failslab+0x9/0x14 [ 808.430434][ T2223] kmem_cache_alloc_trace+0x2d1/0x760 [ 808.435810][ T2223] ? init_timer_key+0x122/0x370 [ 808.440762][ T2223] loopback_open+0x892/0x1050 [ 808.445449][ T2223] snd_pcm_open_substream+0x1ca/0x310 [ 808.450909][ T2223] ? snd_pcm_hw_constraints_complete+0x6c0/0x6c0 [ 808.457250][ T2223] snd_pcm_oss_open.part.0+0x721/0x12c0 [ 808.462901][ T2223] ? snd_pcm_hw_param_near.constprop.0+0x890/0x890 [ 808.469431][ T2223] ? wake_up_q+0xf0/0xf0 [ 808.473691][ T2223] ? soundcore_open+0x39c/0x610 [ 808.478549][ T2223] ? find_held_lock+0x35/0x130 [ 808.483590][ T2223] ? kasan_check_write+0x14/0x20 [ 808.488532][ T2223] ? lock_downgrade+0x880/0x880 [ 808.494519][ T2223] ? snd_pcm_oss_open.part.0+0x12c0/0x12c0 [ 808.500330][ T2223] snd_pcm_oss_open+0x41/0x60 [ 808.505037][ T2223] soundcore_open+0x456/0x610 [ 808.509924][ T2223] ? sound_devnode+0xf0/0xf0 [ 808.514516][ T2223] chrdev_open+0x247/0x6b0 [ 808.518961][ T2223] ? cdev_put.part.0+0x50/0x50 [ 808.523857][ T2223] ? security_file_open+0x8d/0x300 [ 808.528972][ T2223] do_dentry_open+0x488/0x1160 [ 808.533841][ T2223] ? kasan_check_read+0x11/0x20 [ 808.538701][ T2223] ? cdev_put.part.0+0x50/0x50 [ 808.543470][ T2223] ? chown_common+0x5c0/0x5c0 [ 808.548158][ T2223] ? inode_permission+0xb4/0x570 [ 808.553727][ T2223] vfs_open+0xa0/0xd0 [ 808.557797][ T2223] path_openat+0x10e9/0x46e0 [ 808.562387][ T2223] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 808.568370][ T2223] ? kasan_slab_alloc+0xf/0x20 [ 808.573307][ T2223] ? kmem_cache_alloc+0x11a/0x6f0 [ 808.578329][ T2223] ? getname_flags+0xd6/0x5b0 [ 808.583090][ T2223] ? getname+0x1a/0x20 [ 808.587159][ T2223] ? do_sys_open+0x2c9/0x5d0 [ 808.591934][ T2223] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 808.597318][ T2223] ? __alloc_fd+0x430/0x530 [ 808.602461][ T2223] do_filp_open+0x1a1/0x280 [ 808.606965][ T2223] ? may_open_dev+0x100/0x100 [ 808.611837][ T2223] ? kasan_check_read+0x11/0x20 [ 808.616707][ T2223] ? do_raw_spin_unlock+0x57/0x270 [ 808.621914][ T2223] ? _raw_spin_unlock+0x2d/0x50 [ 808.626861][ T2223] ? __alloc_fd+0x430/0x530 [ 808.631377][ T2223] do_sys_open+0x3fe/0x5d0 [ 808.635802][ T2223] ? filp_open+0x80/0x80 [ 808.640048][ T2223] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 808.645508][ T2223] ? do_syscall_64+0x26/0x610 [ 808.650632][ T2223] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 808.656781][ T2223] ? do_syscall_64+0x26/0x610 [ 808.662351][ T2223] __x64_sys_open+0x7e/0xc0 [ 808.666859][ T2223] do_syscall_64+0x103/0x610 [ 808.671748][ T2223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 808.679761][ T2223] RIP: 0033:0x4121a1 [ 808.685238][ T2223] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 808.707945][ T2223] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 808.717235][ T2223] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00000000004121a1 [ 808.725205][ T2223] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 14:11:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:34 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000120000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:34 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x9d8fec21c0284714, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000480)="c803881e76b92b2077c11166f43b8036579f7dc7bed18111ce9fba7a573bf9b1b5ddeb6fdd217de9c9c5a612d448197566b1254873915752a80b82d4bc73efe080a3505c1e1b47d7690d435a73155aed0b52900dea8b046ccdb94b829c06844e1c6459ca79c3231f34b50cb0b011600af853409c3c1bb91ad0bd9b2fe313b6f4002472d80608ef82e5fa0eb85588371af91224e791948a53c1abcbde5c7774b55fa9236122f05110a7ea183d45a835d66b0f121c45102fec004f18da791990dc2179f9b8111c9456a6b6700bf5122f522e00bd2d18f5ade341e6d0028cd34e4fdd15c43726c95ceca38463285c00") r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 808.733251][ T2223] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 808.742093][ T2223] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 808.750148][ T2223] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:34 executing program 2 (fault-call:0 fault-nth:13): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:34 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 808.899340][ T2224] XFS (loop0): Invalid superblock magic number [ 808.944727][ T2244] FAULT_INJECTION: forcing a failure. [ 808.944727][ T2244] name failslab, interval 1, probability 0, space 0, times 0 [ 808.967404][ T2244] CPU: 0 PID: 2244 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 808.976466][ T2244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.986525][ T2244] Call Trace: [ 808.989823][ T2244] dump_stack+0x172/0x1f0 [ 808.994161][ T2244] should_fail.cold+0xa/0x15 [ 808.998783][ T2244] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 809.004698][ T2244] ? ___might_sleep+0x163/0x280 [ 809.009561][ T2244] __should_failslab+0x121/0x190 [ 809.014534][ T2244] should_failslab+0x9/0x14 [ 809.019043][ T2244] kmem_cache_alloc_trace+0x2d1/0x760 [ 809.024418][ T2244] ? lock_acquire+0x16f/0x3f0 [ 809.029217][ T2244] ? snd_pcm_oss_change_params+0xa4/0xd0 [ 809.034857][ T2244] snd_pcm_oss_change_params_locked+0x1a7/0x3750 [ 809.041282][ T2244] ? __mutex_lock+0x3cd/0x1310 [ 809.046837][ T2244] ? putname+0xef/0x130 [ 809.051254][ T2244] ? __x64_sys_open+0x7e/0xc0 [ 809.056200][ T2244] ? mutex_trylock+0xf5/0x1e0 [ 809.060899][ T2244] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 809.067408][ T2244] ? debug_check_no_obj_freed+0x211/0x444 [ 809.073242][ T2244] ? kasan_check_write+0x14/0x20 [ 809.078274][ T2244] ? __lock_acquire+0x548/0x3fb0 [ 809.091694][ T2244] snd_pcm_oss_change_params+0x7b/0xd0 [ 809.097875][ T2244] snd_pcm_oss_make_ready+0xbe/0x170 [ 809.103271][ T2244] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 809.108909][ T2244] ? fcntl_setlk+0xcd0/0xcd0 [ 809.113632][ T2244] snd_pcm_oss_release+0x214/0x290 [ 809.118774][ T2244] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 809.124410][ T2244] __fput+0x2e5/0x8d0 [ 809.128397][ T2244] ____fput+0x16/0x20 [ 809.133077][ T2244] task_work_run+0x14a/0x1c0 [ 809.137718][ T2244] exit_to_usermode_loop+0x273/0x2c0 [ 809.143361][ T2244] do_syscall_64+0x52d/0x610 [ 809.148046][ T2244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 809.153947][ T2244] RIP: 0033:0x4121a1 [ 809.157845][ T2244] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 809.178361][ T2244] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 809.186779][ T2244] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 809.194835][ T2244] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 809.202806][ T2244] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 809.210786][ T2244] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 809.218763][ T2244] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:35 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe, 0x0) 14:11:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000080)=0x68) 14:11:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000200000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006800000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:35 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:35 executing program 2 (fault-call:0 fault-nth:14): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 809.622864][ T2257] binder_alloc_new_buf_locked: 9 callbacks suppressed [ 809.622873][ T2257] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 809.659435][ T2257] binder_alloc_new_buf_locked: 9 callbacks suppressed 14:11:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 809.659449][ T2257] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 809.698478][ T2257] binder_transaction: 9 callbacks suppressed [ 809.698492][ T2257] binder: 2254:2257 transaction failed 29201/-28, size 24-8 line 3148 [ 809.698569][ T2256] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 809.717950][T27606] binder_release_work: 9 callbacks suppressed [ 809.717956][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x800) r1 = socket(0x13, 0x80001, 0xff) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000040)={0x0, 0xffffffff}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r2, 0x3f}, 0x8) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000000)=0xffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockname$ax25(r1, &(0x7f0000000100)={{}, [@default, @netrom, @null, @remote, @default, @null, @netrom, @null]}, &(0x7f0000000180)=0x48) 14:11:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000480000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 809.750483][ T2256] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 809.767623][ T2256] binder: 2250:2256 transaction failed 29201/-28, size 24-8 line 3148 [ 809.787827][ T2265] binder: 2262:2265 ioctl c018620c 20000440 returned -1 14:11:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 809.812481][ T2256] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 809.852076][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 809.859275][ T2260] XFS (loop0): Invalid superblock magic number [ 809.868868][ T2256] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 809.887844][ T2278] FAULT_INJECTION: forcing a failure. [ 809.887844][ T2278] name failslab, interval 1, probability 0, space 0, times 0 [ 809.910992][ T2256] binder: 2250:2256 transaction failed 29201/-28, size 24-8 line 3148 [ 809.918219][ T2280] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 809.930399][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 809.933862][ T2280] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 809.949492][ T2278] CPU: 1 PID: 2278 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 809.958807][ T2278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.969133][ T2278] Call Trace: [ 809.972433][ T2278] dump_stack+0x172/0x1f0 [ 809.972485][ T2278] should_fail.cold+0xa/0x15 [ 809.981402][ T2278] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 809.987395][ T2278] ? ___might_sleep+0x163/0x280 [ 809.992266][ T2278] __should_failslab+0x121/0x190 [ 809.992281][ T2278] should_failslab+0x9/0x14 [ 809.992296][ T2278] kmem_cache_alloc_trace+0x2d1/0x760 [ 809.992311][ T2278] ? lock_acquire+0x16f/0x3f0 [ 809.992325][ T2278] ? snd_pcm_oss_change_params+0xa4/0xd0 [ 809.992344][ T2278] snd_pcm_oss_change_params_locked+0x1df/0x3750 [ 810.001936][ T2278] ? __mutex_lock+0x3cd/0x1310 [ 810.001949][ T2278] ? putname+0xef/0x130 [ 810.001963][ T2278] ? __x64_sys_open+0x7e/0xc0 [ 810.001983][ T2278] ? mutex_trylock+0xf5/0x1e0 [ 810.002006][ T2278] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 810.048829][ T2278] ? debug_check_no_obj_freed+0x211/0x444 [ 810.054821][ T2278] ? kasan_check_write+0x14/0x20 [ 810.059768][ T2278] ? __lock_acquire+0x548/0x3fb0 [ 810.064891][ T2278] snd_pcm_oss_change_params+0x7b/0xd0 [ 810.070347][ T2278] snd_pcm_oss_make_ready+0xbe/0x170 [ 810.075638][ T2278] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 810.081095][ T2278] ? fcntl_setlk+0xcd0/0xcd0 [ 810.085688][ T2278] snd_pcm_oss_release+0x214/0x290 [ 810.090800][ T2278] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 810.096433][ T2278] __fput+0x2e5/0x8d0 [ 810.100514][ T2278] ____fput+0x16/0x20 [ 810.104592][ T2278] task_work_run+0x14a/0x1c0 [ 810.109191][ T2278] exit_to_usermode_loop+0x273/0x2c0 [ 810.114999][ T2278] do_syscall_64+0x52d/0x610 [ 810.119709][ T2278] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.125598][ T2278] RIP: 0033:0x4121a1 [ 810.129489][ T2278] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 810.149172][ T2278] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 14:11:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006c00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio\x00', 0x101400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r1, &(0x7f00000000c0)={0xa, 0x4, 0xfa00, {r2}}, 0xc) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0xffffffffffffffc0, 0x0, 0x0, 0xffffffffffffff8f, 0x0, 0x0}) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000000)={0x10000010}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={0x0, @remote, @multicast1}, &(0x7f0000000180)=0xc) [ 810.157858][ T2278] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 810.165829][ T2278] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 810.174579][ T2278] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 810.182550][ T2278] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 810.190522][ T2278] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 810.221400][ T2280] binder: 2268:2280 transaction failed 29201/-28, size 24-8 line 3148 [ 810.264998][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 810.272714][ T2287] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 810.328956][ T2287] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 810.339498][ T2287] binder: 2283:2287 transaction failed 29201/-28, size 24-8 line 3148 [ 810.355663][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:11:36 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x23, 0x0) 14:11:36 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x800, 0x0) ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f0000000040)=""/214) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:36 executing program 2 (fault-call:0 fault-nth:15): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000004c0000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007400000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 810.648586][ T2295] binder: 2291:2295 ioctl c018620c 20000440 returned -1 [ 810.659729][ T2298] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 810.687290][ T2302] FAULT_INJECTION: forcing a failure. [ 810.687290][ T2302] name failslab, interval 1, probability 0, space 0, times 0 [ 810.699735][ T2298] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 810.708122][ T2302] CPU: 1 PID: 2302 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 810.719134][ T2302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.729635][ T2302] Call Trace: [ 810.732937][ T2302] dump_stack+0x172/0x1f0 [ 810.737295][ T2302] should_fail.cold+0xa/0x15 [ 810.741981][ T2302] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 810.743462][ T2298] binder: 2293:2298 transaction failed 29201/-28, size 24-8 line 3148 [ 810.747903][ T2302] ? ___might_sleep+0x163/0x280 [ 810.747923][ T2302] __should_failslab+0x121/0x190 [ 810.747939][ T2302] should_failslab+0x9/0x14 [ 810.747960][ T2302] kmem_cache_alloc_trace+0x2d1/0x760 [ 810.775741][ T2302] ? lock_acquire+0x16f/0x3f0 [ 810.780420][ T2302] ? snd_pcm_oss_change_params+0xa4/0xd0 [ 810.786059][ T2302] snd_pcm_oss_change_params_locked+0x217/0x3750 [ 810.792391][ T2302] ? __mutex_lock+0x3cd/0x1310 [ 810.797215][ T2302] ? putname+0xef/0x130 [ 810.801547][ T2302] ? __x64_sys_open+0x7e/0xc0 [ 810.806236][ T2302] ? mutex_trylock+0xf5/0x1e0 [ 810.812481][ T2302] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 810.819567][ T2302] ? debug_check_no_obj_freed+0x211/0x444 [ 810.825317][ T2302] ? kasan_check_write+0x14/0x20 [ 810.830265][ T2302] ? __lock_acquire+0x548/0x3fb0 [ 810.835220][ T2302] snd_pcm_oss_change_params+0x7b/0xd0 [ 810.840857][ T2302] snd_pcm_oss_make_ready+0xbe/0x170 [ 810.846250][ T2302] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 810.851706][ T2302] ? fcntl_setlk+0xcd0/0xcd0 [ 810.856304][ T2302] snd_pcm_oss_release+0x214/0x290 [ 810.861441][ T2302] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 810.867166][ T2302] __fput+0x2e5/0x8d0 [ 810.871680][ T2302] ____fput+0x16/0x20 [ 810.875838][ T2302] task_work_run+0x14a/0x1c0 [ 810.880479][ T2302] exit_to_usermode_loop+0x273/0x2c0 [ 810.886037][ T2302] do_syscall_64+0x52d/0x610 [ 810.890642][ T2302] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.896965][ T2302] RIP: 0033:0x4121a1 [ 810.900858][ T2302] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 810.920812][ T2302] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 810.929225][ T2302] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 810.937196][ T2302] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 810.945251][ T2302] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 810.953305][ T2302] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 810.961364][ T2302] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 810.970823][ T2300] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 810.980290][ T2300] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 810.990097][ T2300] binder: 2292:2300 transaction failed 29201/-28, size 24-8 line 3148 14:11:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getpid() [ 810.997534][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000600000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007a00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:36 executing program 2 (fault-call:0 fault-nth:16): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 811.025253][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 811.051460][ T2305] binder: 2303:2305 ioctl c018620c 20000440 returned -1 14:11:36 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x48, 0x0) 14:11:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 811.140052][ T2312] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 811.163061][ T2314] FAULT_INJECTION: forcing a failure. [ 811.163061][ T2314] name failslab, interval 1, probability 0, space 0, times 0 14:11:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f00000000c0)={0x1a, 0x2, 0x4, 0xffffffffffff3649, &(0x7f0000000040)=[{}, {}]}) [ 811.188189][ T2312] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 811.208664][ T2317] binder: 2316:2317 ioctl c018620c 20000440 returned -1 [ 811.228812][ T2313] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 811.237729][ T2312] binder: 2309:2312 transaction failed 29201/-28, size 24-8 line 3148 [ 811.249644][ T2313] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 811.260018][ T2314] CPU: 0 PID: 2314 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 811.269060][ T2314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.269066][ T2314] Call Trace: [ 811.269091][ T2314] dump_stack+0x172/0x1f0 [ 811.269111][ T2314] should_fail.cold+0xa/0x15 [ 811.269129][ T2314] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 811.269147][ T2314] ? ___might_sleep+0x163/0x280 [ 811.269163][ T2314] __should_failslab+0x121/0x190 [ 811.269178][ T2314] should_failslab+0x9/0x14 [ 811.269191][ T2314] __kmalloc+0x2dc/0x740 [ 811.269206][ T2314] ? __save_stack_trace+0x99/0x100 [ 811.269224][ T2314] ? constrain_params_by_rules+0x118/0x1180 [ 811.269242][ T2314] constrain_params_by_rules+0x118/0x1180 [ 811.269260][ T2314] ? save_stack+0xa9/0xd0 [ 811.269276][ T2314] ? save_stack+0x45/0xd0 [ 811.269290][ T2314] ? kmem_cache_alloc_trace+0x151/0x760 [ 811.269304][ T2314] ? snd_pcm_oss_change_params_locked+0x217/0x3750 [ 811.269318][ T2314] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 811.269331][ T2314] ? snd_pcm_oss_release+0x214/0x290 [ 811.269342][ T2314] ? __fput+0x2e5/0x8d0 [ 811.269361][ T2314] ? ____fput+0x16/0x20 [ 811.349202][ T2314] ? task_work_run+0x14a/0x1c0 [ 811.382018][ T2314] ? exit_to_usermode_loop+0x273/0x2c0 [ 811.387499][ T2314] ? do_syscall_64+0x52d/0x610 [ 811.392273][ T2314] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.392290][ T2314] ? is_bpf_text_address+0xac/0x170 [ 811.392305][ T2314] ? is_dynamic_key+0x1c0/0x1c0 [ 811.392316][ T2314] ? is_bpf_text_address+0xac/0x170 [ 811.392336][ T2314] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 811.392352][ T2314] ? snd_interval_refine+0x42a/0x720 [ 811.392370][ T2314] snd_pcm_hw_refine+0xbf9/0xf20 [ 811.392390][ T2314] ? constrain_params_by_rules+0x1180/0x1180 [ 811.392411][ T2314] ? snd_pcm_oss_change_params_locked+0x217/0x3750 [ 811.409748][ T2314] ? rcu_read_lock_sched_held+0x110/0x130 [ 811.409768][ T2314] ? memset+0x32/0x40 [ 811.409786][ T2314] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.409807][ T2314] ? _snd_pcm_hw_param_min+0x29d/0x560 [ 811.431718][ T2313] binder: 2310:2313 transaction failed 29201/-28, size 24-8 line 3148 [ 811.437610][ T2314] snd_pcm_oss_change_params_locked+0x6c2/0x3750 [ 811.437637][ T2314] ? mutex_trylock+0xf0/0x1e0 14:11:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000080)={0xfffffffffffffc17, 0x0, 0x0, 0x90, 0x0, 0x0}) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x2, 0xf07c3968871f0606) accept4$unix(r1, &(0x7f0000000180), &(0x7f0000000200)=0x6e, 0x80801) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000100)={{0x2, 0x4e22, @remote}, {0x7, @remote}, 0x10, {0x2, 0x4e23, @broadcast}, 'rose0\x00'}) write$UHID_GET_REPORT_REPLY(r1, &(0x7f00000000c0)={0xa, 0x4, 0x4, 0x3}, 0xa) [ 811.437658][ T2314] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 811.460580][ T2314] ? debug_check_no_obj_freed+0x211/0x444 [ 811.460606][ T2314] ? __lock_acquire+0x548/0x3fb0 [ 811.460636][ T2314] snd_pcm_oss_change_params+0x7b/0xd0 [ 811.466811][ T2324] binder: 2323:2324 ioctl c018620c 20000440 returned -1 [ 811.474456][ T2314] snd_pcm_oss_make_ready+0xbe/0x170 [ 811.474475][ T2314] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 811.474490][ T2314] ? fcntl_setlk+0xcd0/0xcd0 [ 811.474507][ T2314] snd_pcm_oss_release+0x214/0x290 [ 811.474522][ T2314] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 811.474535][ T2314] __fput+0x2e5/0x8d0 [ 811.474553][ T2314] ____fput+0x16/0x20 [ 811.474570][ T2314] task_work_run+0x14a/0x1c0 [ 811.474591][ T2314] exit_to_usermode_loop+0x273/0x2c0 [ 811.474608][ T2314] do_syscall_64+0x52d/0x610 [ 811.474637][ T2314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.497227][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 811.498016][ T2314] RIP: 0033:0x4121a1 14:11:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000fffffdfd00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fcntl$setflags(r0, 0x2, 0x1) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x51, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 811.498029][ T2314] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 811.498043][ T2314] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 811.516277][ T2314] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 811.516284][ T2314] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 811.516291][ T2314] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 14:11:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000680000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:37 executing program 2 (fault-call:0 fault-nth:17): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 811.516299][ T2314] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 811.516306][ T2314] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 811.520584][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 811.666560][ T2332] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 811.705221][ T2332] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 811.730243][ T2340] binder: 2333:2340 transaction failed 29201/-28, size 24-8 line 3148 14:11:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x200, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x80000001, 0x100) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) 14:11:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000fdfdffff00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 811.753323][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 811.759774][ T2341] binder: 2335:2341 ioctl c018620c 20000440 returned -1 [ 811.781874][ T2318] XFS (loop0): Invalid superblock magic number [ 811.804960][ T2345] FAULT_INJECTION: forcing a failure. [ 811.804960][ T2345] name failslab, interval 1, probability 0, space 0, times 0 [ 811.857429][ T2345] CPU: 1 PID: 2345 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 811.866606][ T2345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.866614][ T2345] Call Trace: [ 811.866636][ T2345] dump_stack+0x172/0x1f0 [ 811.866658][ T2345] should_fail.cold+0xa/0x15 [ 811.866676][ T2345] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 811.866702][ T2345] ? ___might_sleep+0x163/0x280 [ 811.866721][ T2345] __should_failslab+0x121/0x190 [ 811.866739][ T2345] should_failslab+0x9/0x14 [ 811.866759][ T2345] kmem_cache_alloc_trace+0x2d1/0x760 [ 811.890716][ T2345] ? memset+0x32/0x40 [ 811.890733][ T2345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.890748][ T2345] ? _snd_pcm_hw_param_min+0x29d/0x560 [ 811.890767][ T2345] snd_pcm_oss_change_params_locked+0x75c/0x3750 [ 811.890798][ T2345] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 811.890814][ T2345] ? debug_check_no_obj_freed+0x211/0x444 [ 811.890837][ T2345] ? __lock_acquire+0x548/0x3fb0 [ 811.890856][ T2345] snd_pcm_oss_change_params+0x7b/0xd0 [ 811.890874][ T2345] snd_pcm_oss_make_ready+0xbe/0x170 [ 811.912084][ T2345] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 811.912101][ T2345] ? fcntl_setlk+0xcd0/0xcd0 [ 811.912119][ T2345] snd_pcm_oss_release+0x214/0x290 [ 811.912136][ T2345] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 811.912150][ T2345] __fput+0x2e5/0x8d0 [ 811.912170][ T2345] ____fput+0x16/0x20 [ 811.921518][ T2345] task_work_run+0x14a/0x1c0 [ 811.921543][ T2345] exit_to_usermode_loop+0x273/0x2c0 [ 811.921560][ T2345] do_syscall_64+0x52d/0x610 [ 811.921581][ T2345] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.921593][ T2345] RIP: 0033:0x4121a1 [ 811.921605][ T2345] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 811.921617][ T2345] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 812.049066][ T2345] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 812.057136][ T2345] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 812.065102][ T2345] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 812.073069][ T2345] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 812.081124][ T2345] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:37 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4c, 0x0) 14:11:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000006c0000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) sendmsg$nl_netfilter(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000480)={0x11ac, 0x9, 0xf, 0x900, 0x70bd26, 0x25dfdbfd, {0xa, 0x0, 0x8}, [@nested={0x10, 0x4, [@typed={0x8, 0x33, @pid=r2}, @typed={0x4, 0x71}]}, @typed={0xc, 0x7e, @binary="bfa631b6229a"}, @generic="49409872c210", @nested={0xc, 0x1d, [@typed={0x8, 0x37, @ipv4=@dev={0xac, 0x14, 0x14, 0x1b}}]}, @typed={0x8, 0x33, @u32=0x200}, @generic="72fbabb43b6f9673", @generic="059f44ec34ba46c113d50828337cf40b845eb9516b5590f000cfac69024b29224c4ec3c5f5e6fafd59cca290dcb53fcc9e1c8d03835f535cb2f41f8b7b7b195ba1800bb025cbd32035a2c44f02711bfe5c552290b83e73aadcc54697163ce43cb764e17090b9e1dbee994025542d669918eb57c3b7c02d87", @nested={0x10e0, 0x6c, [@typed={0x14, 0x7a, @str='/dev/binder#\x00'}, @generic="b004fcecaf4ee9fafd2a9be699ff5ad36c4d7655a4851b63c24d5363915db3058b285d881e13dcbdaf77058b1bb289d6fc108dabc1c2c547ec593c40f1609baec9eed01f4aaa3fa2c63db6d4fe2e78f0b3e4d0fe5deee7d6de65e280636cfe4d3ced12ae4da515156f518881af6acd6c5c938e4bac4ce0f30a46e8c8f0aef4d94383389e7c6fd02cd87fd38c277fc2bd31f1974eb31462881546f6d5fd42540ce6314c11e8574a", @generic="281baaf000beba31973151f121b4509a0efcb8c60d171554ae9cb68d879d3f7e520609ed99ea94a1e38dab3a1434c173db788ce7099d47e58efe5366e17f29e6c8e00754e2de0a918f7dd7880b069ae4d8fa8da95790af367ab2a3881344885d72a66255a41ee1bf80a6519010a93d8d90c38e8fea19915d91e1a46b4c69846a82d6bbfcf426d4ea79cfbdb221fac6e136d9af8d38b566d20d2227d20b312f176c9dd7d208b5396cdd5585032be3a779b6d292518e6bc6afc5497e0d4d5f6ad4fca7f8e8d7fbfc800b0cb92cc6be8b13cd999ad367adb0766cad3735b94b96f8318188f66e9b0af9a5d3c85d75196d70f2969c25f6593e389d97928ef853384fb5961b50716be8d2b4cba14dd2a2cefaf1aeaa85374f0f4648183ac4eccd698c09a46f0f69851cb5989bd071d449b115877a3a85e1a46ff25b34f901cb04359020457bd8102cea96a853f33961dfd9f68859bcbd93ae7d261f930037db68b98e03637509c2b3312f422ad76f5c34792a21c2a9d470a27b36e1115e8f04bb8502d428d9cb7426d1f53f02725e4d27571eaaa72ae9628e3fc0423c867de0a8b4171b3ebb8995c7bd0734e3b33e1f5c93aebed3f37079b8ba35588da36ffe290d425f50d1ec25fab83c0469ce9a710facbe388d05acee62235a09291f96e97536919fe94b23a963bd3d222d6ffd7ca5a4d33822e123a5378adb19f07d08ff3c572345f1c41516aa3e0e37fb867965d6b91bcf1903199ead58fa800171b66241f4577ba11877f193e39d91f5651bb7f6135154fa5264e9ac095554140ba19dadc885a1affafd43129606410e495b8ae04b2b661d87cfe5f75d36a791aa3ee896b601123249bc7c4ee01458708422eb2c03c78bbc2a8320d807e0ccf9b85e0c9cb3cc312baf42be05445ec48d4c73c4c52f617b610fe368bc0c5ff3926954dd770e1ffeb2fc0cc76d1fce3e19c592847a8d8d11a9e8131945fd37b9d76cc782a7b906552129988f5b783bdcaa1db4193bb79e05eedfbc06b6574a1ea9d51a03f5792f94f489fad3c34d9d2ac6db4191b0566c6a4f7684d81036cb604a007b2facbd11700ff4ead9dfa467309ff3a9eca7b50df6d7425281dc590457b608d3d9d0abb5c3c802da159b2d63073a2e3774ed55c1f115747f24a20a504bc92a1e664def44d3ddf0c000f4a6af281d7180ba0a1dba1b3ed4f056814b339dd39d41afc33001c2816ef93bcdc9110248de7de1b690a8b0bcb8810c8b95292c933471ef55b80c6cfacc93083c8e9f7b9d6a8ca7beb13b476bb090e72ef79f93bd8f1777f9554fa6f739200f5252b5b2e7cbca33b66d9778ba6f90bb44943e613f50a0fa3e0991f187b2abc64a743f629146c8fcfcd2dac8fef59a3b0a92594c3b3922709f3e8bc6dfb953e3d8ab974c900723425a1324d7bfddeb8812848fd9b044bbe946c772ab26d80c4b96176aae14881fd7c25a7ce5647f6ea39414fdf4d40ff2d2fae9145dc8c4674d39195d6e265079e2868ee342c974f03c39f5368d27d118adab7ef4ab3c391ee3e2e02d7dbac7a6c40b202766b50196f88acfbf9fa62571bd122e63abe053eb9a9590822e234d021768de001ac59a0ca693c8491373ff41bfd50d0c49c834aa15ef29261e92aeeb6802a60d07bf5fb5401191e2b4863e0739704352ea4168f3a37e3438aedc1919f8c325bb6c2ec61f176c89fa465d25b361eab880c9c277ebde9c58edaee6613cccfd05944e1b0ad283cd2a40381aef5364b0c803067840b4a07f6956e799aefee79f00baecd6c2220fef379f29b5e4e49a507a11d6d3cca458a8e0c2a99f42c93677d3d91b9339f15149ced1421bdb0bc690c8af9d0efd0ec91bcff1a81289282d8998ef023c84cb1da58437064441536f5bb523d7ccc347b48ad61ffc696862c80417e94321c1122f1aad40787e35f652821c91365ba0db759df2005f934f1218721f243aee32d5c8f399e83837f626d2c21ea2c91ca0afa7d3f7cf8441aa742f1496fe21be48594c203f74f048b1143957467aeaf77f5faae6c1b9ff2507f912572a5e91bf31bf75eeb1d20c4b1ec8dc29c4e83cdb2702ede07d8b4225da066af192683c8244837773c58580e2575091850a728f1aaf120f116da6dea3a7971116eb106fb60928e2971ffc1477b026f73deea6b126f6d17562a4ea87f580189b08e7f3cc466387e9ede64101f93f3d073f08c460ce3eff3cc689306288e3d807986b91ad93a938195c751c2ce134fac76c155fcfbc9068a3c93cd0c70d6783ae82808ce2b4b84c5a381ab0d0412552a89076c30f1c2e0da847855c54019d0cb8acfe01f6b6ca436f8a9ae7d56e85210c02877cedff55800fe151080e89b1d8ac61a6606b3d0ddde89d0a84f75659581fad08413b5bdc2c3b2d4ebd2eb7ee75205a7ead2feb8d78ea79a660602597c40b41bbd63ee4aacc550571e0f5594e3531bb29deaed7e7cd95b52a91ff426699db77fddc31712c5a73a19ae3172ecebf5338921131eed0ef24a0f4212d1caae1085468d651d8aaaca617d0ced92d90a9e91df95bd578460d3efe5ceb47aca9e1025488b1b64332422342da952863360c3a0dd456df6ba0c2cd6607c24b52dc4888d09c710aee4849b882b35db5dae01c99c826023592dea058da696686abf202d328945760ae5911f43afac34f120a5bc97c699257490d80567618c777300c649c815c9c10f4c5945f3f7b42f95f96b3aaa5f289b971ca73269318574c4fdc203462847d2d2f85c167bfbd07ee5fb8225c37974c63fc6d0b46e96ec63c64ad41f83cecb509d0c60315dc7a05f3af37b0372a66f5c471ba73c0efedaa18ec8021f84f5ef2fb4e878ea18d85afd2aab696ae72751f9a7aca797ab3158b2bc84307169ab37d09b04e7ad5e55af3463415bd3932b2fa9583981f9b58e9dd1af7f56dd2ad053636fc7a33eebb8a9f1122b313d394bdc533fbc7a9b6e9c85a787fb3c792457f63718e7eafd43a0de565f3e9ed5e74e10b2713172be1d87fc7d46600d759886ed7282b645403fcc4f05b06c38e0aba1c619dc33643fedb7cfcbd8f50119ad140ca6196484946e0a77a505b0914fc07130a2fba2ddef0d55ba8242e595d1fc004c2464ada6d3d6263e065b4d28aa3b5ee6731e57cdffa816f8d4813b161b2d3faa66892091653cc45c3c7d97066eef63ee36bd313368db0c44f7378d044b3bea753f41af1c95411f7fb33c9c52c829fb0c930082b6f2cac127d052c02d543b6b4b17a76a706a7c97144431a3e63629548e368972939f47c46ba18def920fef409f1df404fed240d38df36682d2629fc8cb30d1eca10e9184c89e178bc8f8ad070ef3760553a4a50ccdf88463e07002456b052417ea250c85b3a0110d5f142c74a33e3d1bfbd42b2a659f4650fe9f452e444506f39a2535fe80c9c04e8c6e2936bd2a5cf065a85d870a45ff39b8a1f6e282035015816b04da2f3cc2ca491e499791df87804e561a3321182044af32545c2395425ea3247a6c8e98c58b6a5b3370c4e158bf6701af545bea0526e7add1c6551ef7512608c6b93bdf3d43e0de84a924fd73167737508f3bdae0a2b7be9a64860c4bf8e175c6d69444b10e9fa8e061cddf9b6ca922ee9b300dcbd4e5e0cdb0318ade882eef0158fada8f15b36a04e4a51b32f9a3e156f813969508e304a64eace6299b30fdc11b751ccb689267687ef870194ac6c9d6fc81f33970e6a0100f00b6902d9d0ed60dcf8a8cc4e55a1b3a16061a0bc5488abbca26f16cd0f24f5c1e0b67cf05b152c8fc051ead3e297fa881b41caa2275edefff92f5017bb5a9f599fce6c79bc434d32e82413bb2dd09ed299afb3b12d50be3307e6b61a0305c5a4a03010a3e6bee06a077783dca47c941deb65b979ee2f0c9624f050e6c060cf99aa124ccef44c96f1024df064094c1ee6c6e838bf584034e6e318fce83b15fc55c20a04105748d1b018ec08674a3bed688eab9f2ccb7abf4dcff81d9b8caf7d6d4ec27596c4149d76fb138e1f013107816baab7fed5ba35d8578719574a2ddf31b624c76627efd9bff5b13a9441eef1b7dfe954620821d30deb1a92e30bc526511f8f2c04d918afeccd4c366d5121b5b16b81110880995ea41f12e72fb0eae9970af78ad9b0d0cf66d4806837cc042ee6a020066915694e0bc6297f11fcde23ad95390cda8c40ab67e171ebdfa28ccb8e90ff23a6c30d0f2dbb2f621abc52274e24da2d5602f6abf83418bba85ccb4ff98872f0cde598643a5f6c876dd1f660d96d5a9f5bcc4e17183328d816c954cba23e7a19a653ccbc3b50f5e97b8478743e1cc8404e70a6e227b210bd8ecdd48e194e3a0fea71fb7be2331d36fb8d90fd26bdb396d1747143a9da27aec34ec4bccc83d9b9e6b1b9595c174e8209fd1d975971e1bc178b414df3cc2bc5264095c02f08e78b3adc30e3976dffddb67de736527c9e776cbe758a1758fc048c7212e2034bd659bf32c2cbb0c88b9b947a2d24ce5e5304fff996290c4d106e1ed0fe343b4a3a91c9ef205208d0250f998230eefd483ad4164527209fd87db2a58784cdaaaf2ae67878fb08cb9b797f56e0a27cd6f892d8f49423e907d6877eb8bc70f387b0c59681dfadb24e674be5cacd518d30af04634ce21128258b49406904cc7f7c1a38fcc6baaa4d10478340947168ad6a70aaf3d5e9a1ffa55f64b1174b224b0dedd07a6e9f2ed9ea0d692ac09493792f4a5eddf5a85265825ab7fadb7722aee88c762c84008008679a2a0e6f231e5d66dfcfa7ad3247aa5baa08b38c551b045e41aaa11557bf27310bc914003c3cea823a0df7e383ade1fb84766728f16b50c4fd1bcb42e67ec359107697903cef8030c6c06d1dd4d039c7c457aa9cc681af90781652dab92e6f81936668b84baf30ea5f11a0b9b8c9df47ba0ab9508773e8cee69d9cdc3819340cb96a60be6baed6ed3adc2ebf9128e7d617d1e6d1789654e858099b598df3c8091abdb72ea2a607fe7e3a9f4751af1487cfd082b1cefc382e50b66e78b5311dee4e0a5b3d48287915b52613880765122f823363e2203cf73d6a9451b7e3f9cebad4c27e6d6972716fe71a277d644b260e02c912868be48c02a13b2bc38e0d8cc5efe224cbd1d8fc1c422bd2f9d217993b8f7340d7c3efc19ce0f875fa7aee83fb5193833704ca59212782f911bc39e7da41c857e1d5ca5638bd49f869defe901418bb71f5b9ef920d7893ec3fb429289d81bf3ae655f9bc03097fa71ed72d2d50164760a7ba5dda2071342ddd1b07223cad598da84e0bdf39d2eb4c7de99b614d4797c03738bec6656d5d095a52c2308d08bdf7d3d04eb221c4949b61815dd8b061b36660fe9c64b33c5d0894f0b7ff161988db872dd7e1513810038f67a4b7e4acde6904e2bdf9816825cdb39fd6d0f56b01b0e2c116d3283f9c9f8b841030aea8028a44859d13efd04388e6dbcd01a441537a3bdd5df921357e9b072b16998e59e894e0d818143b0705880ed5b633170e2f4b2997505416543ff28ca42028e1bfd008b140715a3246d4ce5f9b7994e35f02abce5a50d746f1a2f098409524f5446b89eb744ef9a1969a3ea0bb4480ebcb1396e91867d81e84a517edbfbc91c2c7902e5e05b35f9bd3b02dd9668189d758c9d3b6c2bebc1ccb124a849d43382e05c15ac9e5388d1946cacecf2bca97e5c3aec0b2a28983c48039a0f0d8151c4104a04e34c2517e78e231b26f32bb249d070b4f2ce2ae2dddc98e37c2c35f38937c814126375ec24063d9c9bc5947eb72ee652ff178cb8cdf1e", @generic="ccd4e38a60", @generic="9098040e046d5b30b36be648808fd402dbd9856bf86c9c16d9a3d61b"]}]}, 0x11ac}, 0x1, 0x0, 0x0, 0x40000}, 0x40) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000001000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:37 executing program 2 (fault-call:0 fault-nth:18): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 812.517194][ T2358] FAULT_INJECTION: forcing a failure. [ 812.517194][ T2358] name failslab, interval 1, probability 0, space 0, times 0 [ 812.538353][ T2361] binder: 2353:2361 ioctl c018620c 20000440 returned -1 [ 812.540981][ T2358] CPU: 1 PID: 2358 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 812.554349][ T2358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.564782][ T2358] Call Trace: [ 812.568116][ T2358] dump_stack+0x172/0x1f0 [ 812.572476][ T2358] should_fail.cold+0xa/0x15 [ 812.577085][ T2358] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 812.582986][ T2358] ? ___might_sleep+0x163/0x280 [ 812.587839][ T2358] __should_failslab+0x121/0x190 [ 812.592776][ T2358] should_failslab+0x9/0x14 [ 812.597545][ T2358] __kmalloc+0x2dc/0x740 [ 812.602046][ T2358] ? __save_stack_trace+0x99/0x100 [ 812.607170][ T2358] ? constrain_params_by_rules+0x118/0x1180 [ 812.613674][ T2358] constrain_params_by_rules+0x118/0x1180 [ 812.619395][ T2358] ? save_stack+0xa9/0xd0 [ 812.623721][ T2358] ? save_stack+0x45/0xd0 [ 812.628051][ T2358] ? kmem_cache_alloc_trace+0x151/0x760 [ 812.633592][ T2358] ? snd_pcm_oss_change_params_locked+0x75c/0x3750 [ 812.641659][ T2358] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 812.647457][ T2358] ? snd_pcm_oss_release+0x214/0x290 [ 812.652743][ T2358] ? __fput+0x2e5/0x8d0 [ 812.656908][ T2358] ? ____fput+0x16/0x20 [ 812.661062][ T2358] ? task_work_run+0x14a/0x1c0 [ 812.665825][ T2358] ? exit_to_usermode_loop+0x273/0x2c0 [ 812.671370][ T2358] ? do_syscall_64+0x52d/0x610 [ 812.676132][ T2358] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.682206][ T2358] ? is_bpf_text_address+0xac/0x170 [ 812.687588][ T2358] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 812.693221][ T2358] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 812.699458][ T2358] ? snd_interval_refine+0x42a/0x720 [ 812.704744][ T2358] snd_pcm_hw_refine+0xbf9/0xf20 [ 812.709690][ T2358] ? constrain_params_by_rules+0x1180/0x1180 [ 812.715663][ T2358] ? snd_interval_refine+0x42a/0x720 [ 812.720950][ T2358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.727187][ T2358] ? _snd_pcm_hw_param_set.constprop.0+0x282/0x590 [ 812.733684][ T2358] ? snd_pcm_oss_change_params_locked+0x75c/0x3750 [ 812.740267][ T2358] ? rcu_read_lock_sched_held+0x110/0x130 [ 812.745982][ T2358] ? snd_pcm_oss_open+0x60/0x60 [ 812.750828][ T2358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.757060][ T2358] ? _snd_pcm_hw_param_min+0x29d/0x560 [ 812.762517][ T2358] snd_pcm_oss_change_params_locked+0xc9f/0x3750 [ 812.768852][ T2358] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 812.775348][ T2358] ? debug_check_no_obj_freed+0x211/0x444 [ 812.781259][ T2358] ? __lock_acquire+0x548/0x3fb0 [ 812.786332][ T2358] snd_pcm_oss_change_params+0x7b/0xd0 [ 812.791798][ T2358] snd_pcm_oss_make_ready+0xbe/0x170 [ 812.797086][ T2358] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 812.802556][ T2358] ? fcntl_setlk+0xcd0/0xcd0 [ 812.807152][ T2358] snd_pcm_oss_release+0x214/0x290 [ 812.813948][ T2358] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 812.819670][ T2358] __fput+0x2e5/0x8d0 [ 812.823662][ T2358] ____fput+0x16/0x20 [ 812.827642][ T2358] task_work_run+0x14a/0x1c0 [ 812.832247][ T2358] exit_to_usermode_loop+0x273/0x2c0 [ 812.837530][ T2358] do_syscall_64+0x52d/0x610 [ 812.842119][ T2358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.848005][ T2358] RIP: 0033:0x4121a1 [ 812.851895][ T2358] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 812.871490][ T2358] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 812.879892][ T2358] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 812.887858][ T2358] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 812.895821][ T2358] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 812.903786][ T2358] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 14:11:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x200000080, 0x0) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000040)=0x400, 0x4) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f0000000080)) 14:11:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000002000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 812.911844][ T2358] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x157, 0x0, 0x0}) 14:11:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000740000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:38 executing program 2 (fault-call:0 fault-nth:19): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 813.093541][ T2380] binder: 2373:2380 ioctl c018620c 20000440 returned -1 [ 813.132466][ T2385] FAULT_INJECTION: forcing a failure. [ 813.132466][ T2385] name failslab, interval 1, probability 0, space 0, times 0 [ 813.143879][ T2369] XFS (loop0): Invalid superblock magic number [ 813.154785][ T2385] CPU: 1 PID: 2385 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 813.163836][ T2385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 813.173886][ T2385] Call Trace: [ 813.177193][ T2385] dump_stack+0x172/0x1f0 [ 813.181620][ T2385] should_fail.cold+0xa/0x15 [ 813.186369][ T2385] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 813.192193][ T2385] ? ___might_sleep+0x163/0x280 [ 813.197049][ T2385] __should_failslab+0x121/0x190 [ 813.201988][ T2385] should_failslab+0x9/0x14 [ 813.206494][ T2385] kmem_cache_alloc_trace+0x2d1/0x760 [ 813.211962][ T2385] snd_pcm_hw_param_near.constprop.0+0xec/0x890 [ 813.218200][ T2385] ? mark_held_locks+0xa4/0xf0 [ 813.222969][ T2385] ? snd_pcm_oss_change_params_locked+0x2b1b/0x3750 [ 813.229641][ T2385] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 813.235979][ T2385] ? snd_pcm_oss_change_params_locked+0x2b1b/0x3750 [ 813.242581][ T2385] snd_pcm_oss_change_params_locked+0xa10/0x3750 [ 813.249008][ T2385] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 813.255505][ T2385] ? debug_check_no_obj_freed+0x211/0x444 [ 813.261237][ T2385] ? __lock_acquire+0x548/0x3fb0 [ 813.266183][ T2385] snd_pcm_oss_change_params+0x7b/0xd0 [ 813.271644][ T2385] snd_pcm_oss_make_ready+0xbe/0x170 [ 813.276934][ T2385] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 813.282395][ T2385] ? fcntl_setlk+0xcd0/0xcd0 [ 813.286987][ T2385] snd_pcm_oss_release+0x214/0x290 [ 813.292096][ T2385] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 813.297730][ T2385] __fput+0x2e5/0x8d0 [ 813.301719][ T2385] ____fput+0x16/0x20 [ 813.305707][ T2385] task_work_run+0x14a/0x1c0 [ 813.310999][ T2385] exit_to_usermode_loop+0x273/0x2c0 [ 813.317184][ T2385] do_syscall_64+0x52d/0x610 [ 813.321877][ T2385] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.327764][ T2385] RIP: 0033:0x4121a1 [ 813.331661][ T2385] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 813.351521][ T2385] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 813.359935][ T2385] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 813.368165][ T2385] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 813.376244][ T2385] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 813.384213][ T2385] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 813.392360][ T2385] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:39 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x58, 0x0) 14:11:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f00000000c0)={0x3, 0x9, 0x4, {0x0, 0x1c9c380}, 0x7, 0x7}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x25a, 0x0, &(0x7f0000000240)=[@acquire={0x40046305, 0x1}, @release={0x40046306, 0x3}], 0xfffffffffffffc86, 0x0, &(0x7f0000000440)="e81082d14c2eab253aa5a6dcf34c0a2365f7ad9f6638c6012680074f7e667f5a0e75bc20194d723bedf53efd204a6b7df5fd0f5336cb2de33c57a065d03382e15f189e191976b8152ad85b3ce3430a2d3bb8f13ebaa764a8f8961462a847205cccdcdd16ab5b285863d1858f5d649be37a62e68049167e8ddc07e5a1dfeff14da7abc3361ebce17b521ba16f5b3811abc47b2e2f9c8b578c1a27382563b60b26376404b71f76c846d99ab15c7b09970213a1a746d40fc8c02fdd5ffa7e827defa057e1ca623ff03303b133dd17376ae43e668c968b62e1e8bc9dfa54100199b22924534b12d181cc1d565000c3c4ed066c3672e664b70db702996e521cbd757de012af75b85948adb5b0b38bc5f4f2f79a48dc41edddc6af333f13020ca7b8f16ce68681a141114c6d1feca46558095576706e3e3efa31ceb349ca04ebd78a09e654daa9b613dc73482ecd1ea31025276281810bae6b881e1f673f2336d6fb59d850dba367a8de136dbf2e9f1401b154c672ba4d2bec27e818c4eaa5e441cc3f0a39b9d9941917cf29b9ca436d8d37fbbd759ca29edfd065969c7140595f910accfa849522ea52a6cdae70e4cd2ca08801a24106909f92a829775fd662398eb57c0aff4975694a390b911c92a84b3e5d9f408c85440473872f5b1fab3232391d833fa4123ab8e13570b4274addad60a5ed0e8c06569d8e506a2f4cbc548ca989ec58419c7596cda54c2e48c505747809b0eac24cdd689978a8f2d812df8df254e4e2a07cd258208178d5dfe2e09a33d43968cc765540819e0e3620ec313231c3451baeeeee33bc67633ca82e337d45ad532d1cbb26d7e96e22d2eef53cb7200e38e552ce395991c2c4c643327041fa605186ef41dc2daa0593740ead05935cc0c98293d49a9d2714dd56c20bef4fbfc13d198cefa4c2fd5327c91e9b76f06f96135c8eb51957f5fb3df2d95583648dccc2bd393e3d86934b3de111192bed896c65dfb9ec62b8f8f579af07bd3afe1c0817638a4860f3f72741f033fb829a99e5096377ab412580c6a2d0ca7ae444ddfd98b16f419e9145fc5da9da8b00e9d49809f2c5ac7c1fe367ea1c8bc7c5eb8fbd2a939e16ac3e56fd82ab29c6478363186191b4248cce9b9c29dbcff04a497131ba70782cdeb340dc1e722aefe3794c5df98db4df48d60c9ff45e36e4b11f399efab80112a6fceabf00d18fc4eca8fa25c002a3d4156f859e1ed65eb3ea2fafbb57142740ab0008c401d7c850da29336646d7089183ee7917257f1973060fe9d33138c0d1cecc6bdb5da75bade27958a51617c3430380364682f4e8c1ab9c18d21795673c21a27515627d160f2c7ebd661d9e61a0e71c9a000a6b81261bdc414fdf202ce4d98aa010ba6454ebfe063e2641d03c1f6178c220e00b34a089b995565aa505158b118a1763141024da764ea9f71c47912cf03813abce8da7b7a071d63a4bf8554c0fc70ddf4af2ee0154a00bc729dd147ff777618e9f3ed21285e00358ee17f8290056caf7498701228367f4705f83b3e5c0e9b19145bd089d441e396c85940a7cd62677ce411b8a715aa825f73b5477a973a137ee4996943864b2ab0f824f803daee72d90f6e83e40dc83939df791f999cc81809ae1baa8ea0efd6ccf134e5dd1058d884e466c4ba638d22fefdf26af048b33ce1806d68e2a2727abd332d2ea1becee581871e92578ccaa50b76a63a195b36439dba6b0875126df0fec0cdf3dce91222d75191986b9789d0bd172f4c782009e7e677d6f443bbec87c40cdc0e0e15fcbe9eafea6ab91f94fa9b3e95b1f6c810cc7093c6a938967421166315b8418bf3c75f4bce8b995410dd7b5f4375b0e440541bce7072ded1e5cb76f52723e08761eb952c29bc06cac6be966cf99581da9c7f89ac2c36b45ff8000a6dfa122452bbc475b6bd0bdf171dc282c323111295f3e11945a08e1760018d3b9965100b5ff7024e21810de189c7d133cc3a7db4fd94a11095fe63288b20d3e0316236facd9a89ff3c4d19e21376bf6f983f29633dea581e7852a1d6adfd6cce7f0f1cdabef4a34a0a7cac337254ce7ae7607e759a18a0d2f7724d45428870265dfab0fa29e776611a4f78ab0848d26e7f49d632b48a947ad8e8d1f96a34bce439243c393eedcfc26c22a51bd9464df930311c36117a54eded3bf5248aacb663e1a267cc1e2966f44204c961246cd60afc8d142a1b2c046e176e20496d690edf7e2d810e5af55bfa511d206342c459d87ab72d4b6cb96fec4876224790102c68e6ce52469a8c12a0dabe69de194a8781ded71cd127e3e6715e913885e6348177324887e20f06d1e5b87490a35160ce0fd96aad0f72d61ffc321ea2263f9a0d60253bcd0dca5a3415a906108b6efa77e9d87c90830968b39e5b0cc6ee23f71d87c8e8d6f6d595673c302109b781305cd083c689a414d26397d373c0328e9d05b69fef7449640cf1a0317b565b1d8bb24f9f6d844db241f1148cb4ce198aef05c3935516f69b8d0f78d1ad9335769d23bae6a41484ec7bdf402fd515578e540371166ed2caf5070bdbfc7f8381ef3fa83d1a2bcbc2f261c7216f4a79dbdf255ba6c8f05a0d4c3e03560fbfd9c7c33e26260ecaa5b11832dbc3d15550ec4fda8856b488c533382b581fc6b33f41ec9aab6afea8b52a6766fca67773e6f0524a60fa97872898d4ef43324fea2a8ca6c3afe0cab8096c22532290562b4362891cd7b326fd4b34716e6b4c15ee256cecfe207a69bacd97aa39e3e031dfca70836f04e5d3fa90e34ecdde7a5b66ebee0bf689d0aae9fb6ceab6beacecce3869b91e6be635a3d1e9ab17109518d1554a0a5fd0d1f10d9461de052d87aea4a3d18be16bf3b1d66851e84c312d619696e1904a5eadf2ccb854e0e3ab77cb73844132e36ba2b9f37ed3898fb5d9bcdc0887ac5cceead184e46ce3a5d9f34e49c4d60a5f560627cb15e5aa78c2e160d7f57214b183dae0af331e87e0b8dc4ed1b9340c80225f5a4af3e49ed80537f676613a228dc3b887d0bed6bd8d09354bcbd7c9ee930e9d0d6674d353ce6b4eab40e51b6d38456d77bbb133b4e95d5a90702387f5b5a32e1e5bb654517e5d83bd868e9626d2f5526a5438b7edd14ab3c24835c58d19571738bc016823bceabe9eabbde3bb1af0d3bce0dbc8c7254f3d0b83fcd2128d7dbc2922cbfa73cc9c67118d6189ca871e4540e2a354cfcb1342b3cb0794d407bff61dbe1b5ecc122ac69dbf3002dc03cb4470426961ba9bda9c3a3884cad8adc22786c9b38dfa482fdb98c53b15718fc3ef6943a783a5ed27995d7d1e9724b2036eda45de4879d5461b7ea4a4d251ccaef563ac08d8279b9d5f963ef170512a75272007a5deab87698a79d2172fc1303b09037ecfd0506e28350d1bddff8e260eda276a9bb3edc95905b4cf4dc6f996c018b8d92967351affca99152cb430c8df1e6dd1b90d71b83f6d1a6a47e6c61beba1e8b40cde972d422ed90e62de60bf29a9db2f9760d345e11176f19a1250287455cffde668cf2063523285ac003e2c05985ae589a0b80a579f17260093a5c27e4864228efe5d965cf28264fffaa6a23a45329c2724b32b073920d927f483047219b0db55b598b0025ca6582fb371d0e9af3f0135a83f891635f3161690c1527e6d117236ae44a8f51ca9d13ef423ed75f9834b2d52aab682406aa2c718e70584046c6eb7bc5d975cf4c0227620b3bdc050cbdc0de11468c90ee63d1081baafd877e3e85c86c2570f350e0e235a133cd2f50c825249601637d51105a38a5c4d10d06f0bd78f59b7cca75f799558165f9ce7d3decec3e007fc50a28e973175c493bfcda0f040ee2a948e3ec3ae4476e87b35ecec989bb69c5538a54a38856c2477b17a9a0644edec7b2ced4ecb88a55ec581bc34c13a373a6f1ea317a1093873998d541c294e9a1564f80f4abdf64948e08c942a76d07cbb1a0a7910fb26cd9bf4a4997b4404f60deed981569eb51dda2bbad5c2337972736ea108544beade72a496900ada0ccd8eb611b9ffe8392e4f1ea78fdd7caa6ae100169a0b6af97b3222b6ec369fed1dce09360b72479b20a6fb91b287cd83de785dfaa3f03552248f0230a3254db88cef04f3377af7f93f7cd75f41a77656cef232a80a3913a4d9d71c4c38b415f83687bf85522f9cc83c6fabeb263d544154afd34b4bf44be714c5450093eca6f66f8d57928f940ef86bfaebc3c7637f9bc847b51e6055f37f74a1e17eb4bcbcf8f9dec162447339b6bb6b0e9f2c164de41e46f23ffc2b05b51f75777e6ad5abf64526f50833cfdbd1d20791f76f0d199af6d9728f525731741224ead93091090e0dbed9e318dbef6bd5f735dfc420ec274ae72f55db1b78feed922febb8bc3b0299d5c5a136a4547a16e40b0f7c19bb8217251ddd47ca838dfb9c8772ca1edbda30c7d3927b99f6019ba5876553035b431825072a0f3366caafa2c0bc7d084d6633e0d4f452d3b3b7330e3e4141d8dd8d41932508094e0bc95bade9e8d17855baffc41edc79393d37825fd0af876606b0bec8d82a38194883cdc0641859dde9a1d8a194936dc2250fa4e51600eca1cdbb6f388c4dcfa025b9a83462dfac23ea41e2d77cb31c83a006ac57a6ee0107062d1f31b3e277e80d8603cc3b6daaf39597abdafe41a981832c04bc6d5b4d29a98bfe41879796cb01419675c75fa85f5df7c59b57b143009ba85c8d6ad7b5d93cbfaa62f78f2d41614b904db8b069da75da03c6140ca496a42e5da313dc1079e6723d08e478b8d7bd9cfda0615f2ba55855978c1d2d17f5c0dcd6ec191bad40ff48855ad24ca376b0c39d904a20e0a7185151070e8880ade874a4cb5da67eb071bfd9a281dd589ebe8229d7a4de5c1be5ab0c07b4def7f1872a086a5579c65e22b09c0fdaa8d7e422a879b516bce62753248eb7fed39c7fb4793ac95216902761c82a369c38939314499eb715c9363a5a5aaa642bb3b8c79955367f93b477127ab934257f76fc302889ddc8a3df9216ff3cb4dec7060214b049f5afb761ab0f34ea377f163a45f57897f159cd0137e420190955d4173b95b36d3c82398ec327fb164f7ab9b8073670105a4e0c1f8472d2269e7bc54c0267081cb69edcd4c6a7ce9420f5f61037ba5bb393c5118eb1bc703b993201183894b99fa48fa7d06c35305f2f0a0b7f744979d301c1b559bca65efd076f4deb2892d286cad3701e41ccce6348705cd9a3f99cc606d4b71652b9b31b95af43c881bd08c56634e720f8179dfcc019d50ca98b8f72c68fed1f88922863887f925632dde5ce5e011a69c0316a7b5985e20e07034a541bfb75df2edd8d95a90f3aef1c575a4757dcf8579213b7abfdcf7c3501c480e5032058653cccdd6a7d42f1f8a03977bad9ae683b45a8d7bdf58cf8ff2f5a988e0a59c8014f94b11d9bcc12840c6b052d8d076aa9a305af8f418593a3b7615f5b91af51e5a2ad69ededcc3dc63ba74d1c77f13c0d268a9ff168525e4d240ffd0be8f20c87d86c3f6a6f1f47afa1bae6607001106eb85b487e8d20d997e339d650057bef403fba3d05fa76bb4e801ff1d6607c996b22e965f96ffeee6b3c99ee62c48383d9f8c7a6d2396c7d01704817ea692ab0c780492bf0148a180c904f4a0675d79402c6506d3578ed46ed026a58665edf9b8a6077eaadbe5acc45dcf3a1836ea821fb00e892cb72581e62abef77ef1f7991f48fa09d57382adc838dcad9842f0cab547377beb3a3a2ae643688ee894f589a1ec35f8d796a57fbd9dcd2d1e16fe06b4"}) ioctl$VIDIOC_ENUMOUTPUT(r1, 0xc0485630, &(0x7f00000002c0)={0x0, "c45f4e8af7a6c66deb673c7df5bdb3bdf31c26c38a58eb3d68ff4be32bc32f68", 0x2, 0x401, 0x79, 0x40000, 0x6}) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000280)={0x5, &(0x7f00000001c0)=[{0x3, 0x7f, 0x1, 0x5}, {0x8ee, 0xffffffffffffff80, 0xa1, 0x200}, {0x5, 0x2, 0x0, 0xfffffffffffffff8}, {0x3f, 0x5, 0x7fffffff, 0x1}, {0xdb, 0x8, 0x2, 0x1}]}, 0x10) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000180)='trusted.overlay.origin\x00', &(0x7f0000000200)='y\x00', 0x2, 0x1) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000000)={0xfffffd9a, 0x0, 0x0, 0x121, 0x0, 0x0}) 14:11:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000003000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000007a0000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:39 executing program 2 (fault-call:0 fault-nth:20): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 814.227950][ T2399] FAULT_INJECTION: forcing a failure. [ 814.227950][ T2399] name failslab, interval 1, probability 0, space 0, times 0 [ 814.242350][ T2398] binder: 2395:2398 ioctl c018620c 20000440 returned -1 [ 814.252949][ T2399] CPU: 0 PID: 2399 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 814.262009][ T2399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.272070][ T2399] Call Trace: 14:11:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000020000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 814.275381][ T2399] dump_stack+0x172/0x1f0 [ 814.279733][ T2399] should_fail.cold+0xa/0x15 [ 814.284432][ T2399] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 814.290279][ T2399] ? ___might_sleep+0x163/0x280 [ 814.296115][ T2399] __should_failslab+0x121/0x190 [ 814.301069][ T2399] should_failslab+0x9/0x14 [ 814.305749][ T2399] __kmalloc+0x2dc/0x740 [ 814.309996][ T2399] ? kasan_check_read+0x11/0x20 [ 814.314849][ T2399] ? constrain_params_by_rules+0x118/0x1180 [ 814.322237][ T2399] constrain_params_by_rules+0x118/0x1180 [ 814.329384][ T2399] ? kernel_text_address+0x73/0xf0 [ 814.334519][ T2399] ? __kernel_text_address+0xd/0x40 [ 814.339757][ T2399] ? unwind_get_return_address+0x61/0xa0 [ 814.345489][ T2399] ? __save_stack_trace+0x99/0x100 [ 814.350607][ T2399] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 814.356531][ T2399] ? save_stack+0xa9/0xd0 [ 814.360878][ T2399] ? save_stack+0x45/0xd0 [ 814.365495][ T2399] ? __kasan_slab_free+0x102/0x150 [ 814.370623][ T2399] ? kasan_slab_free+0xe/0x10 [ 814.375478][ T2399] ? kfree+0xcf/0x230 [ 814.379479][ T2399] ? snd_pcm_hw_param_near.constprop.0+0x7c0/0x890 [ 814.386154][ T2399] ? snd_pcm_oss_change_params_locked+0xa10/0x3750 [ 814.392661][ T2399] ? snd_pcm_oss_change_params+0x7b/0xd0 [ 814.398296][ T2399] ? snd_pcm_oss_make_ready+0xbe/0x170 [ 814.404042][ T2399] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 814.409680][ T2399] ? snd_pcm_oss_release+0x214/0x290 [ 814.414966][ T2399] ? __fput+0x2e5/0x8d0 [ 814.419123][ T2399] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 814.425363][ T2399] ? snd_interval_refine+0x42a/0x720 [ 814.430826][ T2399] snd_pcm_hw_refine+0xbf9/0xf20 [ 814.435868][ T2399] ? constrain_params_by_rules+0x1180/0x1180 [ 814.442284][ T2399] ? lock_downgrade+0x880/0x880 [ 814.447928][ T2399] ? mark_held_locks+0xa4/0xf0 [ 814.452700][ T2399] ? kfree+0x173/0x230 [ 814.456853][ T2399] ? snd_pcm_hw_param_near.constprop.0+0x7c0/0x890 [ 814.463352][ T2399] ? kfree+0x173/0x230 [ 814.467795][ T2399] snd_pcm_hw_param_first+0x34a/0x6f0 [ 814.473266][ T2399] snd_pcm_hw_param_near.constprop.0+0x5a6/0x890 [ 814.479682][ T2399] ? mark_held_locks+0xa4/0xf0 [ 814.484479][ T2399] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 814.490730][ T2399] ? snd_pcm_oss_change_params_locked+0x2b1b/0x3750 [ 814.497331][ T2399] snd_pcm_oss_change_params_locked+0xa10/0x3750 [ 814.504036][ T2399] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 814.511062][ T2399] ? debug_check_no_obj_freed+0x211/0x444 [ 814.516800][ T2399] ? __lock_acquire+0x548/0x3fb0 [ 814.522185][ T2399] snd_pcm_oss_change_params+0x7b/0xd0 [ 814.527830][ T2399] snd_pcm_oss_make_ready+0xbe/0x170 [ 814.533213][ T2399] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 814.539894][ T2399] ? fcntl_setlk+0xcd0/0xcd0 [ 814.544760][ T2399] snd_pcm_oss_release+0x214/0x290 [ 814.549963][ T2399] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 814.555618][ T2399] __fput+0x2e5/0x8d0 [ 814.559615][ T2399] ____fput+0x16/0x20 [ 814.563947][ T2399] task_work_run+0x14a/0x1c0 [ 814.568637][ T2399] exit_to_usermode_loop+0x273/0x2c0 [ 814.573959][ T2399] do_syscall_64+0x52d/0x610 [ 814.578572][ T2399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.584493][ T2399] RIP: 0033:0x4121a1 [ 814.588653][ T2399] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 814.608444][ T2399] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 14:11:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000004000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 814.621856][ T2399] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 814.632098][ T2399] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 814.640474][ T2399] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 814.648927][ T2399] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 814.656902][ T2399] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 814.674517][ T2403] binder: 2396:2403 Acquire 1 refcount change on invalid ref 1 ret -22 14:11:40 executing program 2 (fault-call:0 fault-nth:21): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 814.713912][ T2403] binder: 2396:2403 Release 1 refcount change on invalid ref 3 ret -22 [ 814.732640][ T2407] binder_alloc_new_buf_locked: 11 callbacks suppressed [ 814.732656][ T2407] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 814.742568][ T2403] binder: 2396:2403 unknown command 0 14:11:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 814.769611][ T2403] binder: 2396:2403 ioctl c0306201 20000140 returned -22 [ 814.789027][ T2413] FAULT_INJECTION: forcing a failure. [ 814.789027][ T2413] name failslab, interval 1, probability 0, space 0, times 0 [ 814.802044][ T2407] binder_alloc_new_buf_locked: 11 callbacks suppressed [ 814.802059][ T2407] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 814.834314][ T2413] CPU: 0 PID: 2413 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 814.843386][ T2413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.853472][ T2413] Call Trace: [ 814.855539][ T2417] binder: 2414:2417 ioctl c018620c 20000440 returned -1 [ 814.856882][ T2413] dump_stack+0x172/0x1f0 [ 814.856905][ T2413] should_fail.cold+0xa/0x15 [ 814.856925][ T2413] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 814.856944][ T2413] ? ___might_sleep+0x163/0x280 [ 814.884511][ T2413] __should_failslab+0x121/0x190 [ 814.889677][ T2413] should_failslab+0x9/0x14 [ 814.894220][ T2413] kmem_cache_alloc_trace+0x2d1/0x760 [ 814.899689][ T2413] ? snd_pcm_hw_param_first+0x327/0x6f0 [ 814.907084][ T2413] snd_pcm_hw_param_near.constprop.0+0xec/0x890 [ 814.913380][ T2413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.920083][ T2413] ? _snd_pcm_hw_param_set.constprop.0+0x282/0x590 [ 814.926689][ T2413] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 814.932853][ T2413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.932869][ T2413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.932891][ T2413] snd_pcm_oss_change_params_locked+0x1704/0x3750 [ 814.932917][ T2413] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 814.932932][ T2413] ? debug_check_no_obj_freed+0x211/0x444 [ 814.932955][ T2413] ? __lock_acquire+0x548/0x3fb0 [ 814.932976][ T2413] snd_pcm_oss_change_params+0x7b/0xd0 [ 814.932995][ T2413] snd_pcm_oss_make_ready+0xbe/0x170 [ 814.952231][ T2413] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 814.952248][ T2413] ? fcntl_setlk+0xcd0/0xcd0 [ 814.952267][ T2413] snd_pcm_oss_release+0x214/0x290 [ 814.952285][ T2413] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 814.952300][ T2413] __fput+0x2e5/0x8d0 [ 814.952320][ T2413] ____fput+0x16/0x20 [ 814.952337][ T2413] task_work_run+0x14a/0x1c0 [ 814.952361][ T2413] exit_to_usermode_loop+0x273/0x2c0 [ 815.008412][ T2419] binder: 2418:2419 ioctl c018620c 20000440 returned -1 [ 815.009438][ T2413] do_syscall_64+0x52d/0x610 14:11:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c12") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 815.009467][ T2413] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 815.009484][ T2413] RIP: 0033:0x4121a1 [ 815.041515][ T2413] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 815.061235][ T2413] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 815.069924][ T2413] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 815.071679][ T2407] binder_transaction: 11 callbacks suppressed [ 815.071694][ T2407] binder: 2404:2407 transaction failed 29201/-28, size 24-8 line 3148 [ 815.079478][ T2413] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 815.079487][ T2413] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 815.079494][ T2413] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 815.079501][ T2413] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 815.080407][ T2408] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 815.097764][ T2408] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 815.126917][ T2408] binder: 2406:2408 transaction failed 29201/-28, size 24-8 line 3148 [ 815.150166][ T2423] binder: 2421:2423 ioctl c018620c 20000440 returned -1 [ 815.165146][T27606] binder_release_work: 11 callbacks suppressed [ 815.165153][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 815.190895][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 815.224185][ T2411] XFS (loop0): Invalid superblock magic number 14:11:41 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x60, 0x0) 14:11:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r0, 0xc0385720, &(0x7f00000000c0)={0x0, {0x77359400}, 0x80}) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x11) getsockopt$inet_udp_int(r1, 0x11, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x4) 14:11:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000030000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c12") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000005000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:41 executing program 2 (fault-call:0 fault-nth:22): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 815.672528][ T2429] binder: 2428:2429 ioctl c0385720 200000c0 returned -22 [ 815.683659][ T2435] FAULT_INJECTION: forcing a failure. [ 815.683659][ T2435] name failslab, interval 1, probability 0, space 0, times 0 [ 815.692730][ T2437] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 815.710565][ T2433] binder: 2432:2433 ioctl c018620c 20000440 returned -1 [ 815.719009][ T2429] binder: 2428:2429 ioctl c0385720 200000c0 returned -22 [ 815.721922][ T2437] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 815.742968][ T2435] CPU: 1 PID: 2435 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 815.752021][ T2435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.762074][ T2435] Call Trace: [ 815.762099][ T2435] dump_stack+0x172/0x1f0 [ 815.762122][ T2435] should_fail.cold+0xa/0x15 [ 815.762141][ T2435] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 815.762161][ T2435] ? ___might_sleep+0x163/0x280 [ 815.762178][ T2435] __should_failslab+0x121/0x190 [ 815.762198][ T2435] should_failslab+0x9/0x14 [ 815.774373][ T2435] __kmalloc+0x2dc/0x740 [ 815.774391][ T2435] ? __save_stack_trace+0x99/0x100 [ 815.774410][ T2435] ? constrain_params_by_rules+0x118/0x1180 [ 815.774431][ T2435] constrain_params_by_rules+0x118/0x1180 [ 815.774450][ T2435] ? save_stack+0xa9/0xd0 14:11:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000006000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 815.774465][ T2435] ? save_stack+0x45/0xd0 [ 815.774485][ T2435] ? kmem_cache_alloc_trace+0x151/0x760 [ 815.785082][ T2437] binder: 2436:2437 transaction failed 29201/-28, size 24-8 line 3148 [ 815.785207][ T2435] ? snd_pcm_hw_param_near.constprop.0+0xec/0x890 [ 815.785226][ T2435] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 815.785238][ T2435] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 815.785257][ T2435] ? snd_pcm_oss_release+0x214/0x290 [ 815.802782][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 815.804456][ T2435] ? __fput+0x2e5/0x8d0 [ 815.804470][ T2435] ? ____fput+0x16/0x20 [ 815.804486][ T2435] ? task_work_run+0x14a/0x1c0 [ 815.804501][ T2435] ? exit_to_usermode_loop+0x273/0x2c0 [ 815.804514][ T2435] ? do_syscall_64+0x52d/0x610 [ 815.804530][ T2435] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 815.804552][ T2435] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 815.902890][ T2435] ? snd_pcm_oss_release+0x214/0x290 [ 815.908177][ T2435] ? __fput+0x2e5/0x8d0 [ 815.912340][ T2435] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 815.918585][ T2435] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 815.924218][ T2435] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 815.929940][ T2435] ? snd_interval_refine+0x42a/0x720 [ 815.935230][ T2435] snd_pcm_hw_refine+0xbf9/0xf20 [ 815.940173][ T2435] ? constrain_params_by_rules+0x1180/0x1180 [ 815.946156][ T2435] ? snd_pcm_hw_param_near.constprop.0+0xec/0x890 [ 815.952564][ T2435] ? rcu_read_lock_sched_held+0x110/0x130 [ 815.958719][ T2435] ? snd_pcm_hw_param_first+0x327/0x6f0 [ 815.964265][ T2435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.970530][ T2435] ? _snd_pcm_hw_param_min+0x29d/0x560 [ 815.975995][ T2435] snd_pcm_hw_param_near.constprop.0+0x244/0x890 [ 815.982327][ T2435] ? _snd_pcm_hw_param_set.constprop.0+0x282/0x590 [ 815.988828][ T2435] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 815.994985][ T2435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.001330][ T2435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.007585][ T2435] snd_pcm_oss_change_params_locked+0x1704/0x3750 [ 816.014013][ T2435] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 816.020513][ T2435] ? debug_check_no_obj_freed+0x211/0x444 [ 816.026240][ T2435] ? __lock_acquire+0x548/0x3fb0 [ 816.031185][ T2435] snd_pcm_oss_change_params+0x7b/0xd0 [ 816.036643][ T2435] snd_pcm_oss_make_ready+0xbe/0x170 [ 816.041935][ T2435] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 816.047391][ T2435] ? fcntl_setlk+0xcd0/0xcd0 [ 816.051985][ T2435] snd_pcm_oss_release+0x214/0x290 [ 816.057095][ T2435] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 816.062725][ T2435] __fput+0x2e5/0x8d0 [ 816.066710][ T2435] ____fput+0x16/0x20 [ 816.070692][ T2435] task_work_run+0x14a/0x1c0 [ 816.075285][ T2435] exit_to_usermode_loop+0x273/0x2c0 [ 816.080578][ T2435] do_syscall_64+0x52d/0x610 [ 816.085186][ T2435] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.091074][ T2435] RIP: 0033:0x4121a1 [ 816.094961][ T2435] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 816.114576][ T2435] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 816.123071][ T2435] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 816.131052][ T2435] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 816.139020][ T2435] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 816.146994][ T2435] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 816.154958][ T2435] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 816.163489][ T2431] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c12") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 816.175089][ T2431] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 816.184985][ T2431] binder: 2430:2431 transaction failed 29201/-28, size 24-8 line 3148 [ 816.195057][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000040000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:41 executing program 2 (fault-call:0 fault-nth:23): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 816.223260][ T2446] binder: 2443:2446 ioctl c018620c 20000440 returned -1 14:11:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) timer_create(0x7, &(0x7f0000000280)={0x0, 0x33, 0x2, @thr={&(0x7f0000000100)="e48be7a7a79c21ca84d4079b2987df67856d3726ef0df409f970e2930c6c111cad71fdf1e6fa22c8bcccfe961bdcc7f01e5fbbd857a77a9e46a756de7ca850ca9f2fad2fccb28429dd6b17f5c31a6b8e4e0eb67728ed7124eeffab8bf3b6ea18547b8d0a21a84230eb964ae104dda32c0bd1e8883ad9a8d06275d28f3f3c936fd7c2465a1a2582c5a84a4b6e", &(0x7f00000001c0)="97160a5528b2259560fd814755b142288867efaba9e4710a8476970c1bb3fd31d7f20b722a4ebd70597092c217dea635f4cf0b7c3d8d40f75752250326dd0235ef23becdf22c6456f7efb249b99cf444239b1224e9d6b9ecdb9b0acdbda34a9038f3a47924076ad5e2c72afb5cac2ae3c4b1320a470403d22bd6e060d2ccab6701c2b8bf870deaaecf1c41e2e9dd85fb2c697bf33c4534ab1fc3feac5b04e1d37fb5020ad7438b279d6c8df183c3a221e43632e00fb2c118"}}, &(0x7f00000002c0)=0x0) timer_gettime(r1, &(0x7f0000000300)) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cachefiles\x00', 0x8000, 0x0) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000480)=""/161) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/67, 0x43}, {&(0x7f0000000080)=""/25, 0x19}], 0x2) [ 816.252002][ T2450] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 816.280865][ T2450] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 816.306118][ T2455] FAULT_INJECTION: forcing a failure. [ 816.306118][ T2455] name failslab, interval 1, probability 0, space 0, times 0 [ 816.326868][ T2453] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 816.331535][ T2455] CPU: 0 PID: 2455 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 816.336007][ T2450] binder: 2447:2450 transaction failed 29201/-28, size 24-8 line 3148 [ 816.344245][ T2455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.344251][ T2455] Call Trace: [ 816.344274][ T2455] dump_stack+0x172/0x1f0 [ 816.344303][ T2455] should_fail.cold+0xa/0x15 [ 816.344325][ T2455] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 816.344343][ T2455] ? ___might_sleep+0x163/0x280 [ 816.344369][ T2455] __should_failslab+0x121/0x190 [ 816.359354][ T2453] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 816.362569][ T2455] should_failslab+0x9/0x14 [ 816.362585][ T2455] __kmalloc+0x2dc/0x740 [ 816.362599][ T2455] ? kasan_check_read+0x11/0x20 [ 816.362617][ T2455] ? constrain_params_by_rules+0x118/0x1180 [ 816.362632][ T2455] constrain_params_by_rules+0x118/0x1180 [ 816.362647][ T2455] ? kernel_text_address+0x73/0xf0 [ 816.362661][ T2455] ? __kernel_text_address+0xd/0x40 [ 816.362682][ T2455] ? unwind_get_return_address+0x61/0xa0 [ 816.370485][ T2453] binder: 2452:2453 transaction failed 29201/-28, size 24-8 line 3148 [ 816.374883][ T2455] ? __save_stack_trace+0x99/0x100 [ 816.374903][ T2455] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 816.374926][ T2455] ? save_stack+0xa9/0xd0 [ 816.374941][ T2455] ? save_stack+0x45/0xd0 [ 816.374954][ T2455] ? __kasan_slab_free+0x102/0x150 [ 816.374965][ T2455] ? kasan_slab_free+0xe/0x10 [ 816.374975][ T2455] ? kfree+0xcf/0x230 [ 816.374996][ T2455] ? snd_pcm_hw_param_near.constprop.0+0x7c0/0x890 [ 816.400836][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 816.404465][ T2455] ? snd_pcm_oss_change_params_locked+0x1704/0x3750 [ 816.404479][ T2455] ? snd_pcm_oss_change_params+0x7b/0xd0 [ 816.404497][ T2455] ? snd_pcm_oss_make_ready+0xbe/0x170 [ 816.513005][ T2455] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 816.518651][ T2455] ? snd_pcm_oss_release+0x214/0x290 [ 816.523938][ T2455] ? __fput+0x2e5/0x8d0 [ 816.528091][ T2455] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 816.534327][ T2455] ? snd_interval_refine+0x42a/0x720 [ 816.534345][ T2455] snd_pcm_hw_refine+0xbf9/0xf20 [ 816.534364][ T2455] ? constrain_params_by_rules+0x1180/0x1180 [ 816.534378][ T2455] ? lock_downgrade+0x880/0x880 [ 816.534400][ T2455] ? mark_held_locks+0xa4/0xf0 [ 816.560142][ T2455] ? kfree+0x173/0x230 [ 816.564212][ T2455] ? snd_pcm_hw_param_near.constprop.0+0x7c0/0x890 [ 816.570704][ T2455] ? kfree+0x173/0x230 [ 816.574776][ T2455] snd_pcm_hw_param_first+0x34a/0x6f0 [ 816.580154][ T2455] snd_pcm_hw_param_near.constprop.0+0x5a6/0x890 [ 816.586499][ T2455] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 816.592665][ T2455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.598923][ T2455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.605172][ T2455] snd_pcm_oss_change_params_locked+0x1704/0x3750 [ 816.611627][ T2455] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 816.618129][ T2455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 816.623583][ T2455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 816.629045][ T2455] ? trace_hardirqs_on_caller+0x6a/0x220 [ 816.634677][ T2455] ? __lock_acquire+0x548/0x3fb0 [ 816.639695][ T2455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 816.645158][ T2455] snd_pcm_oss_change_params+0x7b/0xd0 [ 816.650617][ T2455] snd_pcm_oss_make_ready+0xbe/0x170 [ 816.655905][ T2455] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 816.661364][ T2455] ? fcntl_setlk+0xcd0/0xcd0 [ 816.665954][ T2455] snd_pcm_oss_release+0x214/0x290 [ 816.671063][ T2455] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 816.676691][ T2455] __fput+0x2e5/0x8d0 [ 816.680687][ T2455] ____fput+0x16/0x20 [ 816.684671][ T2455] task_work_run+0x14a/0x1c0 [ 816.689276][ T2455] exit_to_usermode_loop+0x273/0x2c0 [ 816.694566][ T2455] do_syscall_64+0x52d/0x610 [ 816.699158][ T2455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.705051][ T2455] RIP: 0033:0x4121a1 [ 816.708944][ T2455] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 816.728551][ T2455] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 816.736962][ T2455] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 816.745016][ T2455] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 14:11:42 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x62, 0x0) 14:11:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000040)={0x6, 0x0, [{0x0, 0x80, 0x2, 0x8f, 0x7}, {0xc0000001, 0x7, 0x6ec, 0x8, 0x519d}, {0x80000007, 0x5, 0x5, 0x1000, 0x9}, {0x8000001f, 0x1864, 0x7, 0x2, 0x10000}, {0x1, 0x1c00000000000, 0x1, 0x5, 0x7}, {0xc0000001, 0x377, 0x1, 0x7, 0x3}]}) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000050000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 816.752982][ T2455] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 816.760950][ T2455] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 816.768915][ T2455] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 816.788726][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000007000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 816.805903][ T2461] binder: 2458:2461 ioctl c018620c 20000440 returned -1 [ 816.832416][ T2467] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 816.843463][ T2467] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x802) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000080)={0xffffffffffffff57, 0x0, 0x0, 0xfffffffffffffddb, 0x0, 0x0}) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) 14:11:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000060000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 816.856364][ T2467] binder: 2463:2467 transaction failed 29201/-28, size 24-8 line 3148 [ 816.866211][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 816.897896][ T2470] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 816.910388][ T2470] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 816.920127][ T2470] binder: 2469:2470 transaction failed 29201/-28, size 24-8 line 3148 [ 816.929901][ T2470] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 816.930020][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:11:42 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x68, 0x0) 14:11:42 executing program 2 (fault-call:0 fault-nth:24): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 816.983456][ T2470] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 816.989005][ T2476] binder: 2475:2476 ioctl c018620c 20000440 returned -1 14:11:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 817.025283][ T2470] binder: 2469:2470 transaction failed 29201/-28, size 24-8 line 3148 [ 817.025365][ T2477] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 817.061571][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000a000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 817.072874][ T2482] FAULT_INJECTION: forcing a failure. [ 817.072874][ T2482] name failslab, interval 1, probability 0, space 0, times 0 [ 817.099599][ T2477] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 817.113927][ T2477] binder: 2474:2477 transaction failed 29201/-28, size 24-8 line 3148 [ 817.122690][ T2482] CPU: 0 PID: 2482 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 817.131725][ T2482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.141869][ T2482] Call Trace: [ 817.145166][ T2482] dump_stack+0x172/0x1f0 [ 817.149524][ T2482] should_fail.cold+0xa/0x15 [ 817.154125][ T2482] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 817.160023][ T2482] ? ___might_sleep+0x163/0x280 [ 817.164885][ T2482] __should_failslab+0x121/0x190 [ 817.169826][ T2482] should_failslab+0x9/0x14 [ 817.174337][ T2482] __kmalloc+0x2dc/0x740 [ 817.178587][ T2482] ? __save_stack_trace+0x99/0x100 [ 817.183709][ T2482] ? constrain_params_by_rules+0x118/0x1180 [ 817.189602][ T2482] constrain_params_by_rules+0x118/0x1180 [ 817.195326][ T2482] ? save_stack+0xa9/0xd0 [ 817.199650][ T2482] ? save_stack+0x45/0xd0 [ 817.203976][ T2482] ? kmem_cache_alloc_trace+0x151/0x760 [ 817.209519][ T2482] ? snd_pcm_hw_param_near.constprop.0+0xec/0x890 [ 817.215930][ T2482] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 817.221735][ T2482] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 817.227362][ T2482] ? snd_pcm_oss_release+0x214/0x290 [ 817.232643][ T2482] ? __fput+0x2e5/0x8d0 [ 817.236797][ T2482] ? ____fput+0x16/0x20 [ 817.240954][ T2482] ? task_work_run+0x14a/0x1c0 [ 817.245713][ T2482] ? exit_to_usermode_loop+0x273/0x2c0 [ 817.251169][ T2482] ? do_syscall_64+0x52d/0x610 [ 817.255942][ T2482] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 817.262009][ T2482] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 817.267633][ T2482] ? snd_pcm_oss_release+0x214/0x290 [ 817.272914][ T2482] ? __fput+0x2e5/0x8d0 [ 817.277068][ T2482] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 817.283574][ T2482] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 817.289205][ T2482] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 817.295450][ T2482] ? snd_interval_refine+0x42a/0x720 [ 817.300734][ T2482] snd_pcm_hw_refine+0xbf9/0xf20 [ 817.305943][ T2482] ? constrain_params_by_rules+0x1180/0x1180 [ 817.311929][ T2482] ? snd_pcm_hw_param_near.constprop.0+0xec/0x890 [ 817.318513][ T2482] ? rcu_read_lock_sched_held+0x110/0x130 [ 817.324228][ T2482] ? kmem_cache_alloc_trace+0x354/0x760 [ 817.329779][ T2482] ? snd_pcm_hw_param_first+0x327/0x6f0 [ 817.335319][ T2482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.341554][ T2482] ? _snd_pcm_hw_param_min+0x29d/0x560 [ 817.347022][ T2482] snd_pcm_hw_param_near.constprop.0+0x244/0x890 [ 817.353353][ T2482] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 817.359506][ T2482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.365746][ T2482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.371993][ T2482] snd_pcm_oss_change_params_locked+0x1779/0x3750 [ 817.378456][ T2482] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 817.384966][ T2482] ? debug_check_no_obj_freed+0x211/0x444 [ 817.390702][ T2482] ? __lock_acquire+0x548/0x3fb0 [ 817.395652][ T2482] snd_pcm_oss_change_params+0x7b/0xd0 [ 817.401109][ T2482] snd_pcm_oss_make_ready+0xbe/0x170 [ 817.406395][ T2482] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 817.411853][ T2482] ? fcntl_setlk+0xcd0/0xcd0 [ 817.416443][ T2482] snd_pcm_oss_release+0x214/0x290 [ 817.421552][ T2482] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 817.427186][ T2482] __fput+0x2e5/0x8d0 [ 817.431220][ T2482] ____fput+0x16/0x20 [ 817.435211][ T2482] task_work_run+0x14a/0x1c0 [ 817.439810][ T2482] exit_to_usermode_loop+0x273/0x2c0 [ 817.445093][ T2482] do_syscall_64+0x52d/0x610 [ 817.449687][ T2482] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 817.455584][ T2482] RIP: 0033:0x4121a1 [ 817.459559][ T2482] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 817.479171][ T2482] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 817.487589][ T2482] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 817.495554][ T2482] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 817.503525][ T2482] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 817.511493][ T2482] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 817.519460][ T2482] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:43 executing program 3: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e21, @remote}}, 0x4, 0x4, 0x99db, 0x5, 0x6}, &(0x7f0000000280)=0x98) prctl$PR_GET_DUMPABLE(0x3) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000f00)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f0000001000)=0xe8) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000001040)={@multicast1, @remote, r2}, 0xc) r3 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) ioctl$BINDER_WRITE_READ(r3, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x440600, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r4, 0x0, 0x480, &(0x7f0000000080), &(0x7f00000000c0)=0x40) ioctl$KDDELIO(r4, 0x4b35, 0x3) 14:11:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000070000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000012000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 817.543688][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 817.581910][ T2494] binder: 2488:2494 ioctl c018620c 20000440 returned -1 14:11:43 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6c, 0x0) 14:11:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2aa, 0x0, 0x0}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x44a00, 0x0) r2 = signalfd(r1, &(0x7f0000001880)={0x80000001}, 0x8) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000080)=0x8000000) setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f00000000c0)=0xffff, 0x4) r3 = fcntl$getown(r0, 0x9) r4 = getgid() pipe(&(0x7f00000016c0)) sendmsg$unix(r1, &(0x7f0000001840)={&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001640)=[{&(0x7f0000000180)="412ae1818340f9396c973f66bf9b250589e7b2b94dd36ac02016d2a8020ed908f128ebfd0d9173f3548a3dc6b37ffe52c31d0540675c6cc49ea9f0c112ce6d32a5b709b052b37e8337182f58718bd2cbccfff4dec98013b8fe78f07903cecca3a6ee627175b4f1cc07a8437c4a13d2ca3d4be133cdb8bf01f571566f16efe7c415afb6769a09edcd63bafdd19c257b6f98110e5ed9dee22b8e04bb4d", 0x9c}, {&(0x7f0000000240)="5f4bdf4898b9da21a42db9209047e0f10b84e4399feaf2e1839a2940566d965831ea976b5359737d504541", 0x2b}, {&(0x7f0000000280)="f33fb313f0393b311adb900e4264ed343321a29097f77a14f9033519036e14d1809a67bedcdd65ec1ca46ded4dcc0373026d884bea739ba6b3176d5488805381855576f81d97c7bbac18c02e674bfb21e94ae68924104e58210a359070a1ea4d725586d7a38dea83e8dc", 0x6a}, {&(0x7f0000000300)="b41514876081cb0f8149d8157edc7b1ba651e0ee475018c1cb5ebd33302ec486f6abf6e51d0a07efe36560817b9acfac349b69ef3f9ad721247c638466b1054c3349f8e6424b13f4eecbfff71b4d7a752ea827cdf47fb5fc559864a0f1d3da239ac9ebe1d2a1ca38aebb89e8bc8ff4dabf3a3058c0c3b87d0864710fd28f5f8e91b5029d4ab5d86a574517e20fc27c289d475822651fc90e9fe41d581cddd4a20159071a37faee0d9d9e6dbcf452409c59917689b2cec2eed4a1bf2f03db98479f1a9a773e998ea8abaf89be123b77bb898b6f74a3671e88ef", 0xd9}, {&(0x7f0000000440)="848174b3eb30b43efaa31c6f31a3225f0cda509125c0d1e4cee889f3d4c3e516dfdef0f79254a95aa2618d53acad41d222955c7be6491d8785e6165c72da4b", 0x3f}, {&(0x7f0000000480)="b0234ced0a998a887bf9424e9eb76c9dc503ecb6461ceaa7f1baa83138ca429bb0a15436aa43f831c2c31e320dd677bb3b4313e7c8f6380568193555286cbbbaf66a37417795009937bfada74ce32329eb097c0b54bead9fa1bf17783b9da1ba08e453c308fcfc66b11bef7d1863dbd938a30adbc8d5678700b99d24fed6e30434d298b33640e67ace80853aee0b258097d2749d7f8389cf0bfd6b777d4fe88256fce90bf2a1e9fdae0a878d7be0d43095b8d8e6fb8b83c37ec84795a26a42ad65b811f621c7a58dfe89dc497d938fcac2e2fd5623f4f10e9356aa62befdef1b1cb57f59f3f2875f7f806ee9bde84bf9e25f0b64d543c2613d", 0xf9}, {&(0x7f0000000580)="c9e53f10e3297f5a4c8b10d1d189f8188d62ccf2823176cd735f1083a513c0fefab6789b0411fe0e9f910374cb010801534300d20c528ca2a9ffc9d0d44faea21aeaf82694ef58276e28770415e9620d6aa64936d59dbc1730bee5185b021e6ada7d12e7afe2b572f172c8b58e842577f9b63770673c80bdb24897d488d59852027e14e0266bec03c20b207b7bef849d1b1a245d7a627bc0", 0x98}, {&(0x7f0000000640)="9c772418eadae0df00a3319b607f51245308bab8f45f39dfdc5d16361a64b264a27bb66ef99c4d7033be266ddb8445405b2dd50e5e78b12dbed602ff6a1987e76f9c9e6dfaa19970646dc33b04705beee01b31f4171fb24f30b77646f5e3a5c0494d53222d19c0c3e341827aa5dc14dd5109e91a4257dc21b7cb6cb4eeceeff22e59c0930e5812e340a66e612a0c6e032df3d7b6e25d0791c82d29d1cff36e798d67a0c4ed183222f1c99fa735fd4c60572380fdef743c8055a17a3976aff40f8e6187c4ae6c09a0f95a228bc7b1bb4761129e51bc22471ad8eb9b98fc8edc1aba6f37b65d413b51e812bc732a00ab795997a707a52979394f243953b5f9fb118995b145ad0ad7d41ac8b1a4f35580c5f75c24cb65cdfe09ca0a203df01e2cf1c5131f32f39100f4e7c1b1d93f16611916be6a34875c7727a8d7c80236b0ebcc4114cbfa0d355cb661916eb536abff02b6ef21d95c05c71a0837e161ba87f92bfadd86a871670834a62ca1823896cca36e54d5e19d0dedf0589c196975315fd75c19517fbdad99898670dd63d6b5747cf1b7350910a2e8dca623a3c5841efe7d97839d3a74e04d23ad7dac83c5c17acdf90ed58a81d6632c0450d5037d79bfae9dc2dc19c6d5b44c637e20d48501bfc5e0175aa0521038fc232ad0effe27c13eec74d29d4c739ae31fe9e9aa388d9150e5bb783909a1410e5e3b9e5f1c29c97b4ea94549228f229fcd3f7c60c1dd71ff2673f7beb054530eaab785c8d4b23b9921fa7a8fa6e2dfe6b9acbf922f63e6e2804a38962ba9c9715c24416e8c87ad35a2ec56bd360670584d14c3cbc441d06748309969162759ba30c40d2f36626a9c79da080bb33ce4c7bd39d341e00cac4d33b4967b07ab46e492bc62bbe7ebfb6e1e25c3cf7deb7e21ae7f0af4edba72ba053228aff76fdb575f8870477c5e9de418902530abaa134d496a5ea736e00dde98c878b55a27307dda24c4a1666b82c41b4d3002a3419a476d87ca7adf915710b786dd1e70a3f66c17cf330ea374f4ed1ea1aa69f865f479a2928bfafb6d2aee31c42bb5fa5304621049bab99da6061eb7868066523cc332d7fde2d35c698a219fcea634be5e1077414878f310b6edff61ae37a52ab9f44d68cd424c798ff99cabbf4b37b1eefdb7d15445bc210b7da051b80096d867fbb18318976b6e370107cc49f4fbe7af40bf7d876778c5bf525afcf9764773edfc7482e1690085b62762f89ea66ed9b145afd1de77c35f0cfd726153e6890d089f2ea54395a1d14805112c89594a2cf51326f8778241a5d987b3cfd12c35e554253de9ce3ea7f27c6053d33a69813572c41b842bcb182f300b07bc1f70ea1c625cd7aa7ba7fc38330ef118f02ece109132f2e487f03fac3e69b32a09069acc092d7cddf43309c417f1e5a454abbb0be0419b9c45571019faeac171cffea0964877b2e0bdcd807a1773002d8d10023cb568c883ad005f4c1c1727e37be86d0972ab73f5611dfef5cf7bce17bb4e8ab663b5177738bc41733bcee6117e5c98aa4bd21ca1bafe7d49b35b635ccaf109371a7559ec2277b39538b24fb01293168b094f0efefae8295637bf79cdf4b8269bc7fca72b07aa3eb3c050485c732d4d50b998fe5c9170a62746ee7ebc99ea1233d679fb52e7b121297f7ea7fd834790509c4e603abb4246827640d0e4683a435c3f0e5601f6fd74095d18da2ddc451cbd1a398255576cab25db7e3fbb539b78956346ee930d378ee833a22d16dbc0acba8eb2e072ef7cddfa1ef96ee552b9fd0aa7618c054d3caf6761fb0975c98456651e2d8b05fbed8ef026d8838aea8558c7c6c651d7a45e33ecfddb8e4d5d8fb344d6fdd54f4e27e0f1a42cceaec1995811ffdfc2432870c072e9bc9a6fc12446efaadd58aa0333b8ae9e2900aa3c3357ecafaee2665c739c2350d213e9dd304446fa4d4d56cff5d41d1f59511e574651749c80905677edf8df443620270599e3df8f1464746e5424cdad5dfb08a8aadf3b4d716953a14d92b2a5e74036bd2fc3792e88fd14e95220592a864bf0f27e2e3f915ccbe7a2340806d5d03cca5aafad3059b391386bf7822b31bf1078d34b1fce02ca0b60cd1bccb8224ddf92a2dca8813591ec3129af09d7ed45cfb66f26eca2cdb5aa57f43021b682d2c84012879e522fe44a5b43f52f2bc8b4cf44de4bbac92939b1b6d1141dbefb2d95a3fbd4a1ba239e70cd7ea19767faeef47f7c2ca04476c9e25d3f8ed41e5a5756d8b45b66623e7cbcb7763235d864ce61ee1b7c302731457a9e01144cb399609bcfa9dcc99f63628ea033dceeb39750ffa0fadf6df9aec3d0fa572e42f034473dcc06c550c31f0f76f27375e2c75a124edc768f504795a78c9c31b0c7609b936e796540552a0d6a1223521e97450d08440b28c766ddef87741f8c9de8580b7a375d83080a388e9f5bc5cfcb8b3fc64f9d3182814b752c01df99e2a9aa437b7a1c83a6219bd86601269cd1734213a7a10a787db50f7efb31e3d3e34bd88855944252fdff7789f12df0669a3bb397f653b6317a55e4dd6085e64159b7ff8c43a2e2ac89fb08d502ab8f09237c39f83d3be9e83e7369050111317d040d89ca092804cf4028e62ef7563cd1d91d88f217c93da991b2660dc4ca810af4269a96d46e442b7371e24e55bc4b758b9005728b1cea855502a39065b53933fe67c8eb8f269e5c2fae2344f784121e22371fe61d03f5fe665fd650a3e2539e6234e8cb83f4821001bc7efa24ee5190d0ea5f66899c3eabadbc2d05d8f0d16e97ee42e71720f2213b6c0d612a3cde441561ba07b25d998fa3d57da6b91ff5d3b3c7aacf76e776a2ca6560da8991754ded077758a17783c52e855ce949cf55c7e96326e7fae7d7c7a8402e3e07f845cc2603a4030fa08534d12c3f08e6bd15929ba2428867331d11e128863d91f1be5139dce2304c541ab6f7a9ca0b9f0d0c5c24ef355c461ccd8bc5e6f49e96ed435b2c0ee4770fd8de74f62ccbb3e4a2ae3101fad30bc4e0094f302f0495f10f26c4ff2352624ba3b222762d3a0b8806721c89a94e01a021bfe559f6bcc62ed682b8d596cec3d984a51a89d0f3990ddae152acf6557a3e74dbaa5accc214cc5f9ac9d1970c4c9ae5e39d8d31e4af409f8c53a41c9df8c6256be787775c90676790044a85a2d93817c0ec00a966bb24fb3635725852ee4ef02a9f54f4999cb630116949958f05e2c4c3ec321aacf682162ea7feb56713eb0ff0e80683b06a545bf3a7e680a933f03ef3008e0f1e1dc67b18d2690e5cb07e47fd093ddb65cea74283e55d26e208d70564a0922c9db33e708aa0fbe41f5dab69d8c1d79381300cc5aaddd06702dcfd50954b40d565f0d079c027a705963a0c522adc746db6bce1d409496cb592ca5e7b1183a5150d651bd7507f7bfeb095042e503c1e7f023db718109599c3a18c3c890afd59c3fbbed8605387c55e60d8ebde53e5426fffeaf04aabba7035e86d437b1e6c5dc0d986df4e698ef06b2ee0bade10570f6f80396c8b1418e3a98f2915b0abc0ea2b07c245a09b8f6c137132ffd674f09b23ed5e40371a586c923f6ff244ee91ff2a443c7f09ce749d316113f964d4c5a9b015d1e4d4a6fe915d1bf1af2abb9da53388895b25ca8b962868c154e25f2f6c9b70485aa4bf2e3324160f0d17d6a1deba821fed9d1536ad08f658ef4ea82f06f3062645b4be78a8723cc0d42e2e0646347ccb00628d9341f64efdc4d5183d8b6f136ce91646e62b4c08a6db9187fb09b3759c79f666a4ebaf3dfafe7c8df2ab2c539e57d9298a5b5e2efdea1fe448e5e88aa24bc4743485ce1fe8a80a15cfe44e6292ab1cbc8095aad670b0ca524a120d22e38c9f7badb54340ad4d4dcb4e9c6256cb95051268b242cd7a846d0187844a7b0940dfa89ec132aa304bd49605b7a6f23698c85970253bd74bb6a5f0fdc08ebdfb38218ac64ec20d7de4cdef495dc13e119b1ad3a00ca97efbf8dd0261f78d60557071274a1a2f56e1171b12421501c4eff0eb2a14103902a0d815cf60d8d357954490da3286851364ff38b62b957757394fff065fcc3c0dd81db33bda4ab3ea893c735cbc2d108627d0c516348af69ed026f4097314ea2a3e3cb7d5a64daa8ddae801e8b0f588fc86edd99bc4d76f821ddefcdcc3cbcdb715ff631c201e49e0920ee27a246e7bbcda66c3e0bbdb66199767f5a2449b88aa1c383e5556a54a3e320b6c4363852ce5e2c3dba7c7b7c8ca04b796e8e862470e9f295fd17163a9c771a2e6858e6662d8d1a8d4a91f06878733215075416163bee6b955d2efc8b365ca96ec4f1ecf8613c2290a8b326cc079ae45e4dcfafc363050f902394c0937481e5f04a8c30b3a8939da093411d178c7cde185890bf4aa596b92c2dcfc6e1cc40a908c7b9628826b01764c056a84c63197cd5ee846c5c6f505a9eec9b655dab3d6431e74a4912d4f073cf278e58b6084cf5de371ee1a490235528b63bb68127ffaf5f07fa09b7cac7e219ce64241bef2e77ea8301bd40b970a9dc47a797f5a8e70baf43389ccc126a764a7932214256f2546cc5a2397aa3c910894c926f058311af9f489e33bea866ef2507ce1c5b8b7274852536eaf8ed2c0744ad6b17b2d6444fb1d3ad497a0410d1bb6517d9eb6471e4bcb70e0ed955fc2f08c1c8e08912ad3f79585fa10814b67f0cf25b73e2a4611e6536de5c9a5f7c48d7c549d408fa3064ec191913e3de47d9ec451d6ae5f03dd24716d5a05d8b40ea6dc91b95b4c8107ac8a244a3e9edaa43f28c894a360535dd2e9fca1d1ffcd22a7674ac6f942c169b958253609d243dad29937277794eb4ef016be804d0f2947e43e547073ecb6f540852e8c1d702a195164ce78bd2c0270e5200590d99e1d8493f1fcbe159953377759dbb7a1e770974254ef10f0d693de70c153ffc5d999435aa082ddd5ffaeac98a28988331dd20c561ec9541d8f28580e03679ece6529c226c7f7c98b5393a029300249f6ac15c09a0f0fae20fd4a4341d7e106a24fb6407038d76fc67e495601c6f0df5ca96fc585d048f8f5212891c999da2083bb9e83a64625ca017c5c517e29b6f311ae87ba9f34430c650b945a9c36a9f4d84ddc0ddd6f36b57f76d1a5c4a900d4bdddaa5de250fc9741e37fa25721cc86adfd8594f912189048082aea4a2208cb27e5c2f62c329ab78672f0074d9552216d39233ddc0ce5415fbfb34a5399dac9bbd7490451195025e83ab9977bc991223676dbbddc2d603c95823693fc61b62e12459f93d1995b80844630219560a0a07d96ed1a860b0a45eaa4acd7fce465e42d14e0d636d3850d3e5ace0c8f0a91a3d135522498bada31679c891e498da3031a7ae44a5e0c0939877e3b1148594cd7548eb7b38415888e08af6e05387460adc7c8f71be8035aeb9435a48f235ce98789983a785a4ff73850263b2285537d160b092a90d42227eb83b9a4a4a4d1986682e46ffc0575e6be39ca4f8f77d70a4195195af8c42eecd46cc7951d71358aed691ca09ae9ffde04296bb77638dc1cdc07f96576631fc956ba8e19113db707d1711fa9507281cfda4629783ec8df26915f52b7c1022ee294a1629dd7bbc0f4dfa270e5f0e0e2d2ab71694166229f14d0c0111b1be5a4c1039de8df097df902882edf6746fb1b6055c246b0e979bb97a973c170bfb3be3382d9d6f39dedbb64b3f4575bc5158a43f8faf4500f92bd96ae13fc4fa3896732985e690d6f3e4e1e7da137ff773b5aca1ed2dbb5b36b2311edbec425f9077425", 0x1000}], 0x8, &(0x7f0000001800)=[@cred={0x20, 0x1, 0x2, r3, 0x0, r4}], 0x20, 0x20000040}, 0x440d1) getsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000001700), &(0x7f0000001740)=0x8) 14:11:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000a0000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:43 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xc72f, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000280)={0x0, 0xfffffed3, 0x1200000000001f, 0xffffffffffffffff, 0x0, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "77100b6a1cc076a15ad9f0552d5b12bfc338e5269b12ac2a4ee4202c64122b0a"}}) r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000000c0)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000080)={r2, 0x878, 0x9}, 0x8) ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 817.706034][ T2506] binder: 2505:2506 ioctl c018620c 20000440 returned -1 14:11:43 executing program 2 (fault-call:0 fault-nth:25): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000020000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:43 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x74, 0x0) 14:11:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000120000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:devicekit_exec_t:s0\x00', 0x26, 0x1) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000480000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 817.852614][ T2517] binder: 2516:2517 ioctl c018620c 20000440 returned -1 [ 817.877158][ T2524] FAULT_INJECTION: forcing a failure. [ 817.877158][ T2524] name failslab, interval 1, probability 0, space 0, times 0 [ 817.915858][ T2524] CPU: 1 PID: 2524 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 817.924909][ T2524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.934980][ T2524] Call Trace: [ 817.935004][ T2524] dump_stack+0x172/0x1f0 [ 817.935024][ T2524] should_fail.cold+0xa/0x15 [ 817.935042][ T2524] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 817.935061][ T2524] ? ___might_sleep+0x163/0x280 [ 817.935080][ T2524] __should_failslab+0x121/0x190 14:11:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x40042, 0x0) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x1f, 0x5, 0x1, "c81a94fd09d0f57d30c241cbd01197db4f6502fc4b130bc48e84acdeac0512b9101e11738ac22c70a239683742254078208bb94f7247c34fb652f6813e4b7156", "97c8d7c9f10cc6607f295c610473317a28a228217d6f1cca4a291e94a32db629", [0xe, 0x4]}) [ 817.953033][ T2524] should_failslab+0x9/0x14 [ 817.953050][ T2524] __kmalloc+0x2dc/0x740 [ 817.953065][ T2524] ? __save_stack_trace+0x99/0x100 [ 817.953086][ T2524] ? constrain_params_by_rules+0x118/0x1180 [ 817.962954][ T2524] constrain_params_by_rules+0x118/0x1180 [ 817.962976][ T2524] ? save_stack+0xa9/0xd0 [ 817.962991][ T2524] ? save_stack+0x45/0xd0 [ 817.963006][ T2524] ? kmem_cache_alloc_trace+0x151/0x760 [ 817.963027][ T2524] ? snd_pcm_hw_param_near.constprop.0+0xec/0x890 [ 817.976845][ T2524] ? snd_pcm_mmap_status_fault+0x240/0x240 14:11:43 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x76, 0x0) [ 817.976861][ T2524] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 817.976879][ T2524] ? snd_pcm_oss_release+0x214/0x290 [ 818.002622][ T2524] ? __fput+0x2e5/0x8d0 [ 818.002636][ T2524] ? ____fput+0x16/0x20 [ 818.002651][ T2524] ? task_work_run+0x14a/0x1c0 [ 818.002675][ T2524] ? exit_to_usermode_loop+0x273/0x2c0 [ 818.014950][ T2524] ? do_syscall_64+0x52d/0x610 [ 818.014967][ T2524] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.014988][ T2524] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 818.030033][ T2524] ? snd_pcm_oss_release+0x214/0x290 [ 818.049194][ T2524] ? __fput+0x2e5/0x8d0 [ 818.049210][ T2524] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 818.049237][ T2524] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 818.060923][ T2524] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 818.060943][ T2524] ? snd_interval_refine+0x42a/0x720 [ 818.060961][ T2524] snd_pcm_hw_refine+0xbf9/0xf20 [ 818.060982][ T2524] ? constrain_params_by_rules+0x1180/0x1180 [ 818.061005][ T2524] ? snd_pcm_hw_param_near.constprop.0+0xec/0x890 [ 818.070426][ T2524] ? rcu_read_lock_sched_held+0x110/0x130 [ 818.070458][ T2524] ? kmem_cache_alloc_trace+0x354/0x760 [ 818.070474][ T2524] ? snd_pcm_hw_param_first+0x327/0x6f0 [ 818.070494][ T2524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.082687][ T2524] ? _snd_pcm_hw_param_min+0x29d/0x560 [ 818.082710][ T2524] snd_pcm_hw_param_near.constprop.0+0x244/0x890 [ 818.082730][ T2524] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 818.082748][ T2524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.082767][ T2524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.164907][ T2524] snd_pcm_oss_change_params_locked+0x1779/0x3750 [ 818.171343][ T2524] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 818.177845][ T2524] ? debug_check_no_obj_freed+0x211/0x444 [ 818.183571][ T2524] ? __lock_acquire+0x548/0x3fb0 [ 818.188515][ T2524] snd_pcm_oss_change_params+0x7b/0xd0 [ 818.193971][ T2524] snd_pcm_oss_make_ready+0xbe/0x170 [ 818.199259][ T2524] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 818.204827][ T2524] ? fcntl_setlk+0xcd0/0xcd0 [ 818.209426][ T2524] snd_pcm_oss_release+0x214/0x290 [ 818.214634][ T2524] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 818.220265][ T2524] __fput+0x2e5/0x8d0 [ 818.224261][ T2524] ____fput+0x16/0x20 [ 818.228251][ T2524] task_work_run+0x14a/0x1c0 [ 818.232846][ T2524] exit_to_usermode_loop+0x273/0x2c0 [ 818.238394][ T2524] do_syscall_64+0x52d/0x610 [ 818.242988][ T2524] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.248875][ T2524] RIP: 0033:0x4121a1 [ 818.252768][ T2524] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 818.272366][ T2524] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 818.280781][ T2524] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 818.288745][ T2524] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 818.296885][ T2524] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 818.304851][ T2524] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 14:11:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000048000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 818.312823][ T2524] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000004c0000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:43 executing program 2 (fault-call:0 fault-nth:26): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r2, 0x300, 0x70bd2c, 0x25dfdbfe, {{}, 0x0, 0x800b, 0x0, {0x8, 0x2, 0x2}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) socket$bt_rfcomm(0x1f, 0x1, 0x3) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:43 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 818.380615][ T2545] binder: 2543:2545 ioctl c018620c 20000440 returned -1 14:11:43 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7a, 0x0) 14:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000004c000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000600000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x200980, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000040)={0x0, 0x0, @pic={0x4, 0x4, 0x8c9, 0x7, 0x6, 0x7, 0xcd, 0x8b1d, 0x5, 0x6, 0x6, 0x6, 0x4, 0x0, 0x2b4, 0x6e0e}}) 14:11:44 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000060000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f00000000c0)={0x264, 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0}) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x10001, 0x80) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040), &(0x7f0000000080)=0x4) 14:11:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000680000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 818.601820][ T2560] FAULT_INJECTION: forcing a failure. [ 818.601820][ T2560] name failslab, interval 1, probability 0, space 0, times 0 [ 818.657047][ T2560] CPU: 0 PID: 2560 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 818.666118][ T2560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 818.676352][ T2560] Call Trace: [ 818.679652][ T2560] dump_stack+0x172/0x1f0 [ 818.683999][ T2560] should_fail.cold+0xa/0x15 [ 818.688596][ T2560] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 818.694410][ T2560] ? ___might_sleep+0x163/0x280 [ 818.699278][ T2560] __should_failslab+0x121/0x190 [ 818.704219][ T2560] should_failslab+0x9/0x14 [ 818.708715][ T2560] __kmalloc+0x2dc/0x740 [ 818.708730][ T2560] ? kasan_check_read+0x11/0x20 [ 818.708747][ T2560] ? constrain_params_by_rules+0x118/0x1180 [ 818.708766][ T2560] constrain_params_by_rules+0x118/0x1180 [ 818.729412][ T2560] ? __kernel_text_address+0xd/0x40 [ 818.734611][ T2560] ? unwind_get_return_address+0x61/0xa0 [ 818.740249][ T2560] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 818.746069][ T2560] ? save_stack+0xa9/0xd0 [ 818.750405][ T2560] ? __lock_acquire+0x548/0x3fb0 [ 818.755337][ T2560] ? snd_pcm_oss_change_params_locked+0x1779/0x3750 [ 818.761919][ T2560] ? snd_pcm_oss_change_params+0x7b/0xd0 [ 818.767542][ T2560] ? snd_pcm_oss_make_ready+0xbe/0x170 [ 818.772993][ T2560] ? snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 818.778619][ T2560] ? snd_pcm_oss_release+0x214/0x290 [ 818.784425][ T2560] ? __fput+0x2e5/0x8d0 [ 818.788574][ T2560] ? ____fput+0x16/0x20 [ 818.792734][ T2560] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 818.798468][ T2560] ? snd_interval_refine+0x42a/0x720 [ 818.803846][ T2560] snd_pcm_hw_refine+0xbf9/0xf20 [ 818.808780][ T2560] ? snd_pcm_stream_unlock_irq+0x9c/0xc0 [ 818.815835][ T2560] ? constrain_params_by_rules+0x1180/0x1180 [ 818.822062][ T2560] ? mark_held_locks+0xa4/0xf0 [ 818.826832][ T2560] ? _raw_spin_unlock_irq+0x28/0x90 [ 818.832028][ T2560] ? snd_pcm_stream_unlock_irq+0x9c/0xc0 [ 818.837663][ T2560] ? _raw_spin_unlock_irq+0x28/0x90 [ 818.843121][ T2560] ? lockdep_hardirqs_on+0x418/0x5d0 [ 818.848407][ T2560] ? kasan_check_read+0x11/0x20 [ 818.853260][ T2560] snd_pcm_hw_params+0x233/0x1c20 [ 818.858284][ T2560] ? snd_pcm_hw_refine+0xf20/0xf20 [ 818.863402][ T2560] ? snd_pcm_hw_param_near.constprop.0+0x61c/0x890 [ 818.869909][ T2560] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 818.876078][ T2560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.882339][ T2560] snd_pcm_kernel_ioctl+0xc3/0x1f0 [ 818.887453][ T2560] snd_pcm_oss_change_params_locked+0x17b2/0x3750 [ 818.893911][ T2560] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 818.900417][ T2560] ? debug_check_no_obj_freed+0x211/0x444 [ 818.906148][ T2560] ? __lock_acquire+0x548/0x3fb0 [ 818.911096][ T2560] snd_pcm_oss_change_params+0x7b/0xd0 [ 818.916551][ T2560] snd_pcm_oss_make_ready+0xbe/0x170 [ 818.921836][ T2560] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 818.927379][ T2560] ? fcntl_setlk+0xcd0/0xcd0 [ 818.931973][ T2560] snd_pcm_oss_release+0x214/0x290 [ 818.937088][ T2560] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 818.942717][ T2560] __fput+0x2e5/0x8d0 [ 818.946702][ T2560] ____fput+0x16/0x20 [ 818.950695][ T2560] task_work_run+0x14a/0x1c0 [ 818.955290][ T2560] exit_to_usermode_loop+0x273/0x2c0 [ 818.960578][ T2560] do_syscall_64+0x52d/0x610 [ 818.965172][ T2560] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.971064][ T2560] RIP: 0033:0x4121a1 [ 818.974960][ T2560] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 818.994554][ T2560] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 14:11:44 executing program 3: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x0) [ 819.003050][ T2560] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 819.011017][ T2560] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 819.018987][ T2560] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 819.026950][ T2560] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 819.034921][ T2560] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 14:11:44 executing program 2 (fault-call:0 fault-nth:27): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000006c0000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000068000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:44 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:44 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14:11:44 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r0, &(0x7f0000f67fe4), 0x1c) 14:11:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000740000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000006c000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, 0x0) 14:11:44 executing program 3: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file0/file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file1\x00', 0x0) rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='./file0/file1\x00') [ 819.204500][ T2586] XFS (loop0): Invalid superblock magic number 14:11:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000007a0000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000074000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 819.340907][ T2609] binder: 2605:2609 ioctl c018620c 0 returned -14 [ 819.388582][ T2612] FAULT_INJECTION: forcing a failure. [ 819.388582][ T2612] name failslab, interval 1, probability 0, space 0, times 0 [ 819.437151][ T2612] CPU: 1 PID: 2612 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 819.446199][ T2612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.446206][ T2612] Call Trace: [ 819.446228][ T2612] dump_stack+0x172/0x1f0 [ 819.446248][ T2612] should_fail.cold+0xa/0x15 [ 819.446270][ T2612] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 819.459778][ T2612] ? ___might_sleep+0x163/0x280 [ 819.459800][ T2612] __should_failslab+0x121/0x190 [ 819.459815][ T2612] should_failslab+0x9/0x14 [ 819.459834][ T2612] __kmalloc+0x2dc/0x740 [ 819.468895][ T2612] ? mark_held_locks+0xa4/0xf0 [ 819.468911][ T2612] ? kfree+0x173/0x230 [ 819.468927][ T2612] ? constrain_params_by_rules+0x8c2/0x1180 [ 819.468939][ T2612] ? constrain_params_by_rules+0x118/0x1180 [ 819.468957][ T2612] constrain_params_by_rules+0x118/0x1180 [ 819.479832][ T2612] ? constrain_params_by_rules+0x8c2/0x1180 [ 819.479857][ T2612] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 819.479870][ T2612] ? sched_set_itmt_core_prio+0x1a0/0x1d0 [ 819.479891][ T2612] ? snd_pcm_mmap_status_fault+0x240/0x240 [ 819.542896][ T2612] ? save_stack+0xa9/0xd0 [ 819.547225][ T2612] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 819.553461][ T2612] ? snd_interval_refine+0x42a/0x720 [ 819.558752][ T2612] snd_pcm_hw_refine+0xbf9/0xf20 [ 819.563686][ T2612] ? ____fput+0x16/0x20 [ 819.567847][ T2612] ? constrain_params_by_rules+0x1180/0x1180 [ 819.573817][ T2612] ? snd_pcm_stream_unlock_irq+0x9c/0xc0 [ 819.579451][ T2612] ? constrain_params_by_rules+0x1180/0x1180 [ 819.585428][ T2612] ? mark_held_locks+0xa4/0xf0 [ 819.590189][ T2612] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 819.596427][ T2612] ? snd_pcm_hw_param_value+0x118/0x5a0 [ 819.601985][ T2612] snd_pcm_hw_param_first+0x34a/0x6f0 [ 819.607363][ T2612] snd_pcm_hw_params+0x28f/0x1c20 [ 819.612390][ T2612] ? snd_pcm_hw_refine+0xf20/0xf20 [ 819.617499][ T2612] ? snd_pcm_hw_param_near.constprop.0+0x61c/0x890 [ 819.624016][ T2612] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 819.630166][ T2612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.636410][ T2612] snd_pcm_kernel_ioctl+0xc3/0x1f0 [ 819.643102][ T2612] snd_pcm_oss_change_params_locked+0x17b2/0x3750 [ 819.649641][ T2612] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 819.656148][ T2612] ? debug_check_no_obj_freed+0x211/0x444 [ 819.661893][ T2612] ? __lock_acquire+0x548/0x3fb0 [ 819.666932][ T2612] snd_pcm_oss_change_params+0x7b/0xd0 [ 819.672391][ T2612] snd_pcm_oss_make_ready+0xbe/0x170 [ 819.677681][ T2612] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 819.683146][ T2612] ? fcntl_setlk+0xcd0/0xcd0 [ 819.687737][ T2612] snd_pcm_oss_release+0x214/0x290 [ 819.692845][ T2612] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 819.698474][ T2612] __fput+0x2e5/0x8d0 [ 819.702467][ T2612] ____fput+0x16/0x20 [ 819.706452][ T2612] task_work_run+0x14a/0x1c0 [ 819.711047][ T2612] exit_to_usermode_loop+0x273/0x2c0 [ 819.716336][ T2612] do_syscall_64+0x52d/0x610 [ 819.721019][ T2612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.726903][ T2612] RIP: 0033:0x4121a1 [ 819.730798][ T2612] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 819.750396][ T2612] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 819.758803][ T2612] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 819.766775][ T2612] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 819.774741][ T2612] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 14:11:45 executing program 2 (fault-call:0 fault-nth:28): syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000300000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:45 executing program 3: umount2(&(0x7f0000000080)='./file1\x00', 0x0) [ 819.783019][ T2612] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 819.790992][ T2612] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 819.861609][ T2615] binder_alloc_new_buf_locked: 24 callbacks suppressed [ 819.861619][ T2615] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 819.886752][ T2615] binder_alloc_new_buf_locked: 24 callbacks suppressed [ 819.886768][ T2615] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 819.933478][ T2618] FAULT_INJECTION: forcing a failure. [ 819.933478][ T2618] name failslab, interval 1, probability 0, space 0, times 0 [ 819.952449][ T2618] CPU: 1 PID: 2618 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 819.961505][ T2618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.961511][ T2618] Call Trace: [ 819.961534][ T2618] dump_stack+0x172/0x1f0 [ 819.961556][ T2618] should_fail.cold+0xa/0x15 [ 819.961573][ T2618] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 819.961595][ T2618] ? ___might_sleep+0x163/0x280 [ 819.974922][ T2618] __should_failslab+0x121/0x190 [ 819.974940][ T2618] should_failslab+0x9/0x14 [ 819.974972][ T2618] kmem_cache_alloc_node_trace+0x270/0x720 [ 820.010191][ T2618] ? ___might_sleep+0x163/0x280 [ 820.015050][ T2618] alloc_vmap_area+0x142/0xa20 [ 820.019820][ T2618] ? purge_vmap_area_lazy+0x40/0x40 [ 820.025019][ T2618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.031270][ T2618] __get_vm_area_node+0x179/0x3a0 [ 820.036294][ T2618] __vmalloc_node_range+0xd4/0x790 [ 820.041401][ T2618] ? _snd_pcm_lib_alloc_vmalloc_buffer+0x14c/0x200 [ 820.048085][ T2618] __vmalloc+0x44/0x50 [ 820.052159][ T2618] ? _snd_pcm_lib_alloc_vmalloc_buffer+0x14c/0x200 [ 820.058656][ T2618] _snd_pcm_lib_alloc_vmalloc_buffer+0x14c/0x200 [ 820.064980][ T2618] ? loopback_hw_free+0x1a0/0x1a0 [ 820.070028][ T2618] loopback_hw_params+0x52/0x60 [ 820.074875][ T2618] snd_pcm_hw_params+0xb33/0x1c20 [ 820.079900][ T2618] ? snd_pcm_hw_refine+0xf20/0xf20 [ 820.085029][ T2618] ? snd_pcm_hw_param_near.constprop.0+0x61c/0x890 [ 820.091621][ T2618] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 820.097776][ T2618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.104026][ T2618] snd_pcm_kernel_ioctl+0xc3/0x1f0 [ 820.109144][ T2618] snd_pcm_oss_change_params_locked+0x17b2/0x3750 [ 820.115571][ T2618] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 820.122086][ T2618] ? debug_check_no_obj_freed+0x211/0x444 [ 820.127812][ T2618] ? __lock_acquire+0x548/0x3fb0 [ 820.132753][ T2618] snd_pcm_oss_change_params+0x7b/0xd0 [ 820.138216][ T2618] snd_pcm_oss_make_ready+0xbe/0x170 [ 820.143504][ T2618] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 820.149051][ T2618] ? fcntl_setlk+0xcd0/0xcd0 [ 820.153712][ T2618] snd_pcm_oss_release+0x214/0x290 [ 820.158834][ T2618] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 820.164463][ T2618] __fput+0x2e5/0x8d0 [ 820.168458][ T2618] ____fput+0x16/0x20 [ 820.172447][ T2618] task_work_run+0x14a/0x1c0 [ 820.177052][ T2618] exit_to_usermode_loop+0x273/0x2c0 [ 820.182345][ T2618] do_syscall_64+0x52d/0x610 [ 820.186970][ T2618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 820.192853][ T2618] RIP: 0033:0x4121a1 [ 820.196751][ T2618] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 820.216521][ T2618] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 820.225012][ T2618] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 820.232976][ T2618] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 820.240948][ T2618] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 820.249011][ T2618] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 820.256997][ T2618] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 820.276594][ T2618] syz-executor.2: vmalloc: allocation failure: 2097152 bytes, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 820.299233][ T2618] CPU: 0 PID: 2618 Comm: syz-executor.2 Not tainted 5.1.0-rc2-next-20190326 #11 [ 820.308276][ T2618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.318325][ T2618] Call Trace: [ 820.321617][ T2618] dump_stack+0x172/0x1f0 [ 820.325963][ T2618] warn_alloc.cold+0x87/0x17f [ 820.330638][ T2618] ? zone_watermark_ok_safe+0x260/0x260 [ 820.336177][ T2618] ? __get_vm_area_node+0x30f/0x3a0 [ 820.341367][ T2618] ? kfree+0x173/0x230 [ 820.345437][ T2618] ? lockdep_hardirqs_on+0x418/0x5d0 [ 820.350716][ T2618] ? trace_hardirqs_on+0x67/0x230 [ 820.355737][ T2618] ? __get_vm_area_node+0x30f/0x3a0 [ 820.360941][ T2618] ? __get_vm_area_node+0x2df/0x3a0 [ 820.366319][ T2618] __vmalloc_node_range+0x48a/0x790 [ 820.371523][ T2618] __vmalloc+0x44/0x50 [ 820.375594][ T2618] ? _snd_pcm_lib_alloc_vmalloc_buffer+0x14c/0x200 [ 820.382096][ T2618] _snd_pcm_lib_alloc_vmalloc_buffer+0x14c/0x200 [ 820.388421][ T2618] ? loopback_hw_free+0x1a0/0x1a0 [ 820.393439][ T2618] loopback_hw_params+0x52/0x60 [ 820.398292][ T2618] snd_pcm_hw_params+0xb33/0x1c20 [ 820.403317][ T2618] ? snd_pcm_hw_refine+0xf20/0xf20 [ 820.408515][ T2618] ? snd_pcm_hw_param_near.constprop.0+0x61c/0x890 [ 820.415029][ T2618] ? snd_pcm_oss_release_file.part.0+0xa0/0xa0 [ 820.421182][ T2618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.427419][ T2618] snd_pcm_kernel_ioctl+0xc3/0x1f0 [ 820.432530][ T2618] snd_pcm_oss_change_params_locked+0x17b2/0x3750 [ 820.438964][ T2618] ? _snd_pcm_hw_param_set.constprop.0+0x590/0x590 [ 820.445551][ T2618] ? debug_check_no_obj_freed+0x211/0x444 [ 820.451275][ T2618] ? __lock_acquire+0x548/0x3fb0 [ 820.456220][ T2618] snd_pcm_oss_change_params+0x7b/0xd0 [ 820.461702][ T2618] snd_pcm_oss_make_ready+0xbe/0x170 [ 820.466989][ T2618] snd_pcm_oss_sync.isra.0+0x1c4/0x7e0 [ 820.472443][ T2618] ? fcntl_setlk+0xcd0/0xcd0 [ 820.477641][ T2618] snd_pcm_oss_release+0x214/0x290 [ 820.482754][ T2618] ? snd_pcm_oss_sync.isra.0+0x7e0/0x7e0 [ 820.488383][ T2618] __fput+0x2e5/0x8d0 [ 820.492371][ T2618] ____fput+0x16/0x20 [ 820.496354][ T2618] task_work_run+0x14a/0x1c0 [ 820.500953][ T2618] exit_to_usermode_loop+0x273/0x2c0 [ 820.506236][ T2618] do_syscall_64+0x52d/0x610 [ 820.510849][ T2618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 820.516733][ T2618] RIP: 0033:0x4121a1 [ 820.520623][ T2618] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 820.540397][ T2618] RSP: 002b:00007fb2a8c007a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 820.548801][ T2618] RAX: ffffffffffffffea RBX: 6666666666666667 RCX: 00000000004121a1 [ 820.556771][ T2618] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 00007fb2a8c00850 [ 820.564743][ T2618] RBP: 000000000073bf00 R08: 000000000000000f R09: 0000000000000000 [ 820.572707][ T2618] R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb2a8c016d4 [ 820.580673][ T2618] R13: 00000000004c6c88 R14: 00000000004dc2c8 R15: 0000000000000003 [ 820.602993][ T2618] Mem-Info: [ 820.607816][ T2618] active_anon:126680 inactive_anon:191 isolated_anon:0 [ 820.607816][ T2618] active_file:7911 inactive_file:41066 isolated_file:0 [ 820.607816][ T2618] unevictable:0 dirty:84 writeback:50 unstable:0 [ 820.607816][ T2618] slab_reclaimable:19088 slab_unreclaimable:103879 [ 820.607816][ T2618] mapped:58583 shmem:245 pagetables:1524 bounce:0 [ 820.607816][ T2618] free:1230326 free_pcp:557 free_cma:0 14:11:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000007a000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, 0x0) 14:11:46 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) 14:11:46 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xae, 0x0) 14:11:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000500000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 820.664329][ T2618] Node 0 active_anon:504644kB inactive_anon:764kB active_file:31496kB inactive_file:164264kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:234332kB dirty:336kB writeback:0kB shmem:980kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 133120kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 820.729028][ T2618] Node 1 active_anon:0kB inactive_anon:0kB active_file:148kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 820.752340][ T2627] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 820.764444][ T2628] binder: 2620:2628 ioctl c018620c 0 returned -14 14:11:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ioctl$BINDER_WRITE_READ(r0, 0xc018620c, 0x0) [ 820.780089][ T2627] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 820.799257][ T2625] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 820.813380][ T2627] binder_transaction: 25 callbacks suppressed [ 820.813398][ T2627] binder: 2623:2627 transaction failed 29201/-28, size 24-8 line 3148 [ 820.820380][ T2618] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 820.861226][ T2625] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 820.862796][T27606] binder_release_work: 25 callbacks suppressed [ 820.862803][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 820.879951][ T2625] binder: 2622:2625 transaction failed 29201/-28, size 24-8 line 3148 14:11:46 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4}}}, 0x108) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r1, &(0x7f0000000100), 0x2df, 0x80000000000) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x0, 0x0) 14:11:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000fffffdfd000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 820.930876][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 820.948909][ T2618] lowmem_reserve[]: 0 2553 2555 2555 [ 820.963570][ T2635] binder: 2633:2635 ioctl c018620c 0 returned -14 14:11:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000600000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 820.973660][ T2618] Node 0 DMA32 free:1118276kB min:36232kB low:45288kB high:54344kB active_anon:508904kB inactive_anon:764kB active_file:31496kB inactive_file:164264kB unevictable:0kB writepending:400kB present:3129332kB managed:2618000kB mlocked:0kB kernel_stack:7840kB pagetables:6096kB bounce:0kB free_pcp:1976kB local_pcp:1188kB free_cma:0kB [ 821.008945][ T2618] lowmem_reserve[]: 0 0 2 2 [ 821.014346][ T2618] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 821.042777][ T2618] lowmem_reserve[]: 0 0 0 0 [ 821.047404][ T2618] Node 1 Normal free:3784620kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:148kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 821.077259][ T2618] lowmem_reserve[]: 0 0 0 0 [ 821.083382][ T2618] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 821.098467][ T2618] Node 0 DMA32: 4865*4kB (UE) 2906*8kB (UME) 1990*16kB (UME) 1063*32kB (UME) 668*64kB (UM) 130*128kB (UME) 24*256kB (UME) 8*512kB (UM) 4*1024kB (UM) 6*2048kB (UME) 226*4096kB (UM) = 1120276kB [ 821.147461][ T2640] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 821.164640][ T2618] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 821.171731][ T2640] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 821.191057][ T2618] Node 1 Normal: 63*4kB (UE) 254*8kB (UME) 226*16kB (UME) 63*32kB (UE) 11*64kB (UME) 12*128kB (UE) 10*256kB (UME) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784620kB [ 821.209751][ T2641] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 821.223963][ T2640] binder: 2638:2640 transaction failed 29201/-28, size 24-8 line 3148 [ 821.242440][ T2641] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 821.243006][ T2618] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 821.261867][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 821.271617][ T2618] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 821.284471][ T2618] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 821.298622][ T2641] binder: 2639:2641 transaction failed 29201/-28, size 24-8 line 3148 [ 821.312177][ T2618] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 821.328618][ T2618] 49221 total pagecache pages [ 821.334209][ T2618] 0 pages in swap cache [ 821.338521][ T2618] Swap cache stats: add 0, delete 0, find 0/0 [ 821.345078][ T2618] Free swap = 0kB [ 821.349017][ T2618] Total swap = 0kB [ 821.353665][ T2618] 1965979 pages RAM [ 821.358527][ T2618] 0 pages HighMem/MovableOnly [ 821.363615][ T2641] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 821.363891][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 821.378516][ T2618] 339405 pages reserved [ 821.383426][ T2618] 0 pages cma reserved [ 821.383550][ T2641] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:46 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:46 executing program 5: clone(0x2103001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) 14:11:46 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xc4, 0x0) 14:11:46 executing program 3: 14:11:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000700000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:46 executing program 5: [ 821.402669][ T2641] binder: 2639:2641 transaction failed 29201/-28, size 24-8 line 3148 [ 821.436428][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000002000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:47 executing program 3: [ 821.465549][ T2659] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 821.497578][ T2659] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:47 executing program 3: [ 821.533305][ T2655] XFS (loop0): Invalid superblock magic number [ 821.537191][ T2659] binder: 2651:2659 transaction failed 29201/-28, size 24-8 line 3148 14:11:47 executing program 5: 14:11:47 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='5dev/dsp#\x00', 0x1, 0x4000) 14:11:47 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0) close(r0) close(0xffffffffffffffff) [ 821.579871][ T2673] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 821.612315][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 821.618847][ T2673] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 821.661359][ T2659] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 821.669825][ T2673] binder: 2672:2673 transaction failed 29201/-28, size 24-8 line 3148 [ 821.683391][ T2659] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 821.700557][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:47 executing program 5: 14:11:47 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/.ev/dsp#\x00', 0x1, 0x4000) [ 821.715411][ T2659] binder: 2651:2659 transaction failed 29201/-28, size 24-8 line 3148 [ 821.743380][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:47 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x106, 0x0) 14:11:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000003000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000a00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:47 executing program 3: 14:11:47 executing program 5: 14:11:47 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='//ev/dsp#\x00', 0x1, 0x4000) 14:11:47 executing program 3: 14:11:47 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/d/v/dsp#\x00', 0x1, 0x4000) 14:11:47 executing program 5: [ 822.391485][ T2698] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 822.417055][ T2698] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 822.438231][ T2700] binder: 2693:2700 transaction failed 29201/-28, size 24-8 line 3148 [ 822.446996][ T2698] binder: 2694:2698 transaction failed 29201/-28, size 24-8 line 3148 14:11:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000001200000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000004000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 822.490850][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 822.497690][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:11:48 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev5dsp#\x00', 0x1, 0x4000) [ 822.626619][ T2709] XFS (loop0): Invalid superblock magic number 14:11:48 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x128, 0x0) 14:11:48 executing program 3: 14:11:48 executing program 5: 14:11:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000005000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000002000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:48 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/.sp#\x00', 0x1, 0x4000) 14:11:49 executing program 3: 14:11:49 executing program 5: 14:11:49 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev//sp#\x00', 0x1, 0x4000) 14:11:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000006000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004800000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:49 executing program 5: 14:11:49 executing program 3: 14:11:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000007000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:49 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x164, 0x0) 14:11:49 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/d/p#\x00', 0x1, 0x4000) 14:11:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004c00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:49 executing program 5: 14:11:49 executing program 3: 14:11:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000a000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:49 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp5\x00', 0x1, 0x4000) 14:11:49 executing program 5: 14:11:49 executing program 3: 14:11:49 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x180, 0x0) 14:11:49 executing program 3: 14:11:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000012000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006800000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:49 executing program 5: 14:11:49 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x02', 0x1, 0x4000) 14:11:49 executing program 3: 14:11:49 executing program 5: 14:11:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000048000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006c00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:49 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x03', 0x1, 0x4000) 14:11:49 executing program 3: [ 824.171752][ T2780] XFS (loop0): Invalid superblock magic number 14:11:50 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x1b8, 0x0) 14:11:50 executing program 5: 14:11:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000004c000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007400000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:50 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x04', 0x1, 0x4000) 14:11:50 executing program 3: [ 824.977597][ T2810] binder_alloc_new_buf_locked: 18 callbacks suppressed [ 824.977607][ T2810] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:50 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x05', 0x1, 0x4000) 14:11:50 executing program 3: 14:11:50 executing program 5: [ 825.037297][ T2810] binder_alloc_new_buf_locked: 18 callbacks suppressed [ 825.037313][ T2810] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 825.066669][ T2815] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 825.077601][ T2815] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:50 executing program 3: 14:11:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000060000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007a00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 825.175043][ T2824] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 825.194255][ T2824] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:50 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x20e, 0x0) 14:11:50 executing program 5: 14:11:50 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x06', 0x1, 0x4000) 14:11:50 executing program 3: 14:11:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000068000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 825.249097][ T2828] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 825.263043][ T2828] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000010000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:50 executing program 5: 14:11:50 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\a', 0x1, 0x4000) 14:11:50 executing program 3: [ 825.376718][ T2834] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 825.410800][ T2834] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000006c000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:50 executing program 3: 14:11:51 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\b', 0x1, 0x4000) [ 825.444484][ T2843] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 825.474787][ T2836] XFS (loop0): Invalid superblock magic number [ 825.501750][ T2843] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 825.540269][ T2854] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 825.582317][ T2854] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:51 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:11:51 executing program 5: 14:11:51 executing program 3: 14:11:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000020000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:51 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\n', 0x1, 0x4000) 14:11:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000074000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:51 executing program 3: 14:11:51 executing program 5: [ 826.202672][ T2864] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 826.240874][ T2864] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:51 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\v', 0x1, 0x4000) [ 826.265614][ T2868] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 826.310442][ T2864] binder_transaction: 24 callbacks suppressed [ 826.310461][ T2864] binder: 2863:2864 transaction failed 29201/-28, size 24-8 line 3148 [ 826.320883][ T2868] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 826.348548][ T7653] binder_release_work: 24 callbacks suppressed 14:11:51 executing program 5: 14:11:51 executing program 3: 14:11:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000030000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 826.348555][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 826.375571][ T2868] binder: 2867:2868 transaction failed 29201/-28, size 24-8 line 3148 [ 826.409471][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 826.423335][ T2873] XFS (loop0): Invalid superblock magic number [ 826.444809][ T2887] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 826.484475][ T2887] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 826.504621][ T2887] binder: 2886:2887 transaction failed 29201/-28, size 24-8 line 3148 [ 826.519577][ T2887] binder: 2886:2887 transaction failed 29201/-28, size 24-8 line 3148 [ 826.539302][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 826.549034][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:52 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x300, 0x0) 14:11:52 executing program 5: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/net\x00') setns(r0, 0x0) 14:11:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000007a000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:52 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x6, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="d4fb9bd73161be139d7a500568f3610aeed56313b00a2153967f15324eef863d064988e37c5df1eb961856449065b6eac4a33698bb2f2919ecc8cf8743b07b7b720df0d7757b791b5daaac0d4bdd5fcf65ba48ed563170a972287227e15462564d2e926e390948ac6037e218d88f7e31891dc5169660c5c5c65357ab5ee23a36b8806b18fc8e441ecc1f71d98ed0efd5aca1a5ff30f74c88597c971d2a9bfd6dfaa24a9ad6ab218373a97acce82426a4049de1", @ANYRESOCT], 0xca) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 14:11:52 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\r', 0x1, 0x4000) 14:11:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000040000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 827.207726][ T2896] binder: 2895:2896 transaction failed 29201/-28, size 24-8 line 3148 [ 827.231610][ T2900] binder: 2898:2900 transaction failed 29201/-28, size 24-8 line 3148 [ 827.252931][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:52 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(0x0) 14:11:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/c\'rou\xd8O\xec0\x19\x92+\xc5n\xde\xcd\xecA\xa0\x0f\xae\xe8\xe3u\xd7\x17}\xac\x96lF<\xefk\a/\xf91C@\xa8^Q4') 14:11:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000030000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000050000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:52 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x0e', 0x1, 0x4000) [ 827.280889][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:52 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x0f', 0x1, 0x4000) [ 827.399465][ T2922] binder: 2918:2922 transaction failed 29201/-28, size 24-8 line 3148 [ 827.418547][ T2926] binder: 2916:2926 transaction failed 29201/-28, size 24-8 line 3148 [ 827.426558][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 827.427347][ T2906] XFS (loop0): Invalid superblock magic number [ 827.475229][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:53 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x340, 0x0) 14:11:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000050000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00') setns(r1, 0x0) 14:11:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000060000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:53 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:11:53 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x10', 0x1, 0x4000) [ 828.228863][ T2938] binder: 2937:2938 transaction failed 29201/-28, size 24-8 line 3148 [ 828.261630][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000070000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000060000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:53 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x11', 0x1, 0x4000) [ 828.275230][ T2947] binder: 2936:2947 transaction failed 29201/-28, size 24-8 line 3148 [ 828.286740][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:53 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000070000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000a0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 828.378098][ T2944] XFS (loop5): Invalid superblock magic number [ 828.467355][ T2957] XFS (loop0): Invalid superblock magic number [ 828.535006][ T2970] XFS (loop3): Invalid superblock magic number [ 828.970564][ T2957] XFS (loop0): Invalid superblock magic number 14:11:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000120000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:54 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x18', 0x1, 0x4000) 14:11:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000a0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:54 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:11:54 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3c8, 0x0) 14:11:54 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000200000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000120000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:55 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000200000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:55 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 829.571087][ T2999] XFS (loop3): Invalid superblock magic number 14:11:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000480000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000480000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:55 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 829.668433][ T3001] XFS (loop5): Invalid superblock magic number [ 829.679688][ T3015] XFS (loop0): Invalid superblock magic number 14:11:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000004c0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:55 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:11:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000004c0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000600000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:55 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:55 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:55 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3e2, 0x0) [ 830.226212][ T3055] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 830.226222][ T3055] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 830.327191][ T3055] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 830.327205][ T3055] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 830.350904][ T3057] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000600000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:55 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x500, 0x0) [ 830.381970][ T3057] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 830.391687][ T3051] XFS (loop3): Invalid superblock magic number 14:11:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000680000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:55 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 830.477365][ T3090] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 830.490823][ T3090] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 830.508002][ T3071] XFS (loop5): Invalid superblock magic number 14:11:56 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 830.527009][ T3094] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 830.541771][ T3094] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000680000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 830.567962][ T3080] XFS (loop0): Invalid superblock magic number [ 830.627288][ T3108] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 830.655216][ T3108] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:56 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000006c0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000006c0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:56 executing program 5: syz_mount_image$xfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:11:56 executing program 3: syz_mount_image$xfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 831.013672][ T3117] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 831.032243][ T3117] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 831.055473][ T3114] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:11:56 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000740000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 831.077759][ T3114] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 831.177870][ T3133] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 831.210740][ T3133] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:11:56 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x600, 0x0) 14:11:56 executing program 3: syz_mount_image$xfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000740000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:56 executing program 5: syz_mount_image$xfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:11:56 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000007a0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 831.303620][ T3146] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 831.321773][ T3146] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 831.331844][ T3146] binder_transaction: 23 callbacks suppressed [ 831.331858][ T3146] binder: 3134:3146 transaction failed 29201/-28, size 24-8 line 3148 14:11:56 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 831.350738][ T3142] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 831.359190][ T3142] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 831.390865][ T3142] binder: 3138:3142 transaction failed 29201/-28, size 24-8 line 3148 14:11:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000007a0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 831.402383][T27606] binder_release_work: 23 callbacks suppressed [ 831.402391][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 831.431342][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000100000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:56 executing program 5: syz_mount_image$xfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 831.460980][ T3155] XFS (loop0): Invalid superblock magic number 14:11:57 executing program 3: syz_mount_image$xfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:57 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 831.518730][ T3173] binder: 3170:3173 transaction failed 29201/-28, size 24-8 line 3148 [ 831.547991][ T3178] binder: 3177:3178 transaction failed 29201/-28, size 24-8 line 3148 [ 831.557298][ T3173] binder: 3170:3173 transaction failed 29201/-28, size 24-8 line 3148 [ 831.557402][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 831.626341][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 831.661513][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:57 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x601, 0x0) 14:11:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000001000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000200000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:57 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x0, 0x0, 0x280, 0x0) 14:11:57 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#@', 0x1, 0x4000) 14:11:57 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:57 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000002000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000300000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 832.229853][ T3207] binder: 3204:3207 transaction failed 29201/-28, size 24-8 line 3148 [ 832.238948][ T3208] binder: 3195:3208 transaction failed 29201/-28, size 24-8 line 3148 [ 832.245319][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 832.267470][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:57 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:57 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x0, 0x0, 0x280, 0x0) [ 832.399178][ T3213] binder: 3212:3213 transaction failed 29201/-28, size 24-8 line 3148 [ 832.421519][ T3220] binder: 3217:3220 transaction failed 29201/-28, size 24-8 line 3148 [ 832.432319][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 832.446794][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:11:57 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 832.531186][ T3219] XFS (loop0): Invalid superblock magic number 14:11:58 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x700, 0x0) 14:11:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000003000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000400000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:58 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x0, 0x0, 0x280, 0x0) 14:11:58 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0) 14:11:58 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x1f', 0x1, 0x4000) 14:11:58 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\a', 0x1, 0x4000) 14:11:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000500000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000004000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 833.367996][ T3252] binder: 3251:3252 transaction failed 29201/-28, size 24-8 line 3148 [ 833.392182][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:11:59 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:11:59 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:11:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000600000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 833.625100][ T3268] XFS (loop0): Invalid superblock magic number [ 833.702671][ T3289] XFS (loop5): Invalid superblock magic number [ 833.721764][ T3286] XFS (loop3): Invalid superblock magic number 14:11:59 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900, 0x0) 14:11:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000005000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:59 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\v', 0x1, 0x4000) 14:11:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000700000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000a00000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:59 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:11:59 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:11:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000006000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:59 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:11:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000001200000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:11:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000007000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:11:59 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 834.318109][ T3321] XFS (loop0): Invalid superblock magic number [ 834.341487][ T3340] XFS (loop3): Invalid superblock magic number [ 834.359232][ T3332] XFS (loop5): Invalid superblock magic number 14:12:00 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xa00, 0x0) 14:12:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000002000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000a000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:00 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000012000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:00 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:00 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:12:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000004800000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:00 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:12:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000020000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000004c00000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:00 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 835.039278][ T3374] XFS (loop0): Invalid superblock magic number [ 835.091746][ T3391] XFS (loop5): Invalid superblock magic number [ 835.111918][ T3389] XFS (loop3): Invalid superblock magic number [ 835.551337][ T3374] XFS (loop0): Invalid superblock magic number 14:12:01 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xd00, 0x0) 14:12:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000048000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:01 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:01 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:12:01 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x600, 0x0) [ 836.011728][ T3424] binder_alloc_new_buf_locked: 31 callbacks suppressed [ 836.011738][ T3424] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:01 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 836.064122][ T3424] binder_alloc_new_buf_locked: 31 callbacks suppressed [ 836.064137][ T3424] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 836.088421][ T3429] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000004c000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006800000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 836.132351][ T3433] XFS (loop5): Invalid superblock magic number [ 836.142596][ T3428] XFS (loop3): Invalid superblock magic number [ 836.153621][ T3429] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 836.223629][ T3462] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 836.239594][ T3462] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 836.250082][ T3463] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 836.259389][ T3463] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:01 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006c00000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 836.262721][ T3448] XFS (loop0): Invalid superblock magic number [ 836.270355][ T3462] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 836.290294][ T3462] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000060000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 836.363939][ T3469] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 836.396352][ T3469] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 836.418242][ T3469] binder_transaction: 28 callbacks suppressed [ 836.418258][ T3469] binder: 3468:3469 transaction failed 29201/-28, size 24-8 line 3148 [ 836.421642][ T3471] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 836.440078][ T3471] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 836.451471][ T7653] binder_release_work: 28 callbacks suppressed [ 836.451478][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 836.458702][ T3471] binder: 3470:3471 transaction failed 29201/-28, size 24-8 line 3148 [ 836.484681][ T3471] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 836.498915][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 836.508758][ T3471] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 836.527865][ T3471] binder: 3470:3471 transaction failed 29201/-28, size 24-8 line 3148 [ 836.546307][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:02 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe00, 0x0) 14:12:02 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000007400000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000068000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:02 executing program 3 (fault-call:0 fault-nth:0): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:02 executing program 5 (fault-call:0 fault-nth:0): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 837.218590][ T3482] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 837.230261][ T3485] FAULT_INJECTION: forcing a failure. [ 837.230261][ T3485] name failslab, interval 1, probability 0, space 0, times 0 [ 837.232287][ T3486] FAULT_INJECTION: forcing a failure. [ 837.232287][ T3486] name failslab, interval 1, probability 0, space 0, times 0 [ 837.254547][ T3482] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 837.279162][ T3480] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 837.287769][ T3482] binder: 3481:3482 transaction failed 29201/-28, size 24-8 line 3148 [ 837.294982][ T3486] CPU: 0 PID: 3486 Comm: syz-executor.3 Not tainted 5.1.0-rc2-next-20190326 #11 [ 837.303704][ T3480] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 837.304939][ T3486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.304945][ T3486] Call Trace: [ 837.304968][ T3486] dump_stack+0x172/0x1f0 [ 837.304990][ T3486] should_fail.cold+0xa/0x15 [ 837.325541][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 837.327918][ T3486] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 837.327939][ T3486] ? ___might_sleep+0x163/0x280 [ 837.348963][ T3480] binder: 3479:3480 transaction failed 29201/-28, size 24-8 line 3148 [ 837.353673][ T3486] __should_failslab+0x121/0x190 [ 837.353690][ T3486] should_failslab+0x9/0x14 [ 837.353704][ T3486] __kmalloc+0x2dc/0x740 [ 837.353717][ T3486] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 837.353736][ T3486] ? fput_many+0x12c/0x1a0 [ 837.386400][ T3486] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 837.392636][ T3486] ? strnlen_user+0x1f0/0x280 [ 837.397312][ T3486] ? __x64_sys_memfd_create+0x13c/0x470 [ 837.402867][ T3486] __x64_sys_memfd_create+0x13c/0x470 [ 837.408238][ T3486] ? memfd_fcntl+0x1550/0x1550 [ 837.413168][ T3486] ? do_syscall_64+0x26/0x610 [ 837.417841][ T3486] ? lockdep_hardirqs_on+0x418/0x5d0 [ 837.423130][ T3486] ? trace_hardirqs_on+0x67/0x230 [ 837.428155][ T3486] do_syscall_64+0x103/0x610 [ 837.432745][ T3486] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 837.438630][ T3486] RIP: 0033:0x458209 [ 837.442520][ T3486] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 837.462117][ T3486] RSP: 002b:00007f490e391a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 837.470607][ T3486] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 14:12:03 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000006c000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 837.478578][ T3486] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 837.486636][ T3486] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 837.494868][ T3486] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f490e3926d4 [ 837.502843][ T3486] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 837.511054][ T3485] CPU: 1 PID: 3485 Comm: syz-executor.5 Not tainted 5.1.0-rc2-next-20190326 #11 [ 837.520171][ T3485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.530221][ T3485] Call Trace: [ 837.530246][ T3485] dump_stack+0x172/0x1f0 [ 837.537823][ T3485] should_fail.cold+0xa/0x15 [ 837.542414][ T3485] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 837.542434][ T3485] ? ___might_sleep+0x163/0x280 [ 837.542450][ T3485] __should_failslab+0x121/0x190 [ 837.542466][ T3485] should_failslab+0x9/0x14 [ 837.542479][ T3485] __kmalloc+0x2dc/0x740 [ 837.542497][ T3485] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 837.559613][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 837.562608][ T3485] ? fput_many+0x12c/0x1a0 [ 837.562626][ T3485] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 837.562640][ T3485] ? strnlen_user+0x1f0/0x280 [ 837.562652][ T3485] ? __x64_sys_memfd_create+0x13c/0x470 [ 837.562668][ T3485] __x64_sys_memfd_create+0x13c/0x470 [ 837.562683][ T3485] ? memfd_fcntl+0x1550/0x1550 [ 837.562698][ T3485] ? do_syscall_64+0x26/0x610 [ 837.562713][ T3485] ? lockdep_hardirqs_on+0x418/0x5d0 [ 837.562727][ T3485] ? trace_hardirqs_on+0x67/0x230 [ 837.562745][ T3485] do_syscall_64+0x103/0x610 [ 837.599564][ T3494] binder: 3492:3494 transaction failed 29201/-28, size 24-8 line 3148 [ 837.600251][ T3485] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 837.600264][ T3485] RIP: 0033:0x458209 [ 837.600276][ T3485] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 837.600289][ T3485] RSP: 002b:00007f517e5bda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 14:12:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000007a00000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000074000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:03 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 837.606426][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 837.610385][ T3485] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 837.610395][ T3485] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 837.610404][ T3485] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 837.610413][ T3485] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f517e5be6d4 [ 837.610421][ T3485] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 14:12:03 executing program 5 (fault-call:0 fault-nth:1): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 837.739138][ T3499] binder: 3498:3499 transaction failed 29201/-28, size 24-8 line 3148 [ 837.752541][ T3504] binder: 3500:3504 transaction failed 29201/-28, size 24-8 line 3148 [ 837.770481][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 837.798591][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 837.844312][ T3511] FAULT_INJECTION: forcing a failure. [ 837.844312][ T3511] name failslab, interval 1, probability 0, space 0, times 0 [ 837.861227][ T3493] XFS (loop0): Invalid superblock magic number [ 837.876691][ T3511] CPU: 0 PID: 3511 Comm: syz-executor.5 Not tainted 5.1.0-rc2-next-20190326 #11 [ 837.885747][ T3511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.895796][ T3511] Call Trace: [ 837.899100][ T3511] dump_stack+0x172/0x1f0 [ 837.903432][ T3511] should_fail.cold+0xa/0x15 [ 837.908023][ T3511] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 837.913856][ T3511] ? ___might_sleep+0x163/0x280 [ 837.918795][ T3511] __should_failslab+0x121/0x190 [ 837.923727][ T3511] ? shmem_destroy_callback+0xc0/0xc0 [ 837.929093][ T3511] should_failslab+0x9/0x14 [ 837.933589][ T3511] kmem_cache_alloc+0x2b2/0x6f0 [ 837.938432][ T3511] ? __alloc_fd+0x430/0x530 [ 837.942931][ T3511] ? shmem_destroy_callback+0xc0/0xc0 [ 837.948299][ T3511] shmem_alloc_inode+0x1c/0x50 [ 837.953055][ T3511] alloc_inode+0x66/0x190 [ 837.957386][ T3511] new_inode_pseudo+0x19/0xf0 [ 837.962055][ T3511] new_inode+0x1f/0x40 [ 837.966125][ T3511] shmem_get_inode+0x84/0x780 [ 837.970822][ T3511] __shmem_file_setup.part.0+0x7e/0x2b0 [ 837.976370][ T3511] shmem_file_setup+0x66/0x90 [ 837.981042][ T3511] __x64_sys_memfd_create+0x2a2/0x470 [ 837.986409][ T3511] ? memfd_fcntl+0x1550/0x1550 [ 837.991163][ T3511] ? do_syscall_64+0x26/0x610 [ 837.995832][ T3511] ? lockdep_hardirqs_on+0x418/0x5d0 [ 838.001126][ T3511] ? trace_hardirqs_on+0x67/0x230 [ 838.006149][ T3511] do_syscall_64+0x103/0x610 [ 838.010742][ T3511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.016622][ T3511] RIP: 0033:0x458209 [ 838.020520][ T3511] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.040202][ T3511] RSP: 002b:00007f517e5bda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 838.048603][ T3511] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 838.056567][ T3511] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 838.064536][ T3511] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 838.072500][ T3511] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f517e5be6d4 [ 838.080473][ T3511] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 14:12:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe02, 0x0) 14:12:04 executing program 3 (fault-call:0 fault-nth:1): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:04 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000200000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000007a000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:04 executing program 5 (fault-call:0 fault-nth:2): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 838.528592][ T3519] FAULT_INJECTION: forcing a failure. [ 838.528592][ T3519] name failslab, interval 1, probability 0, space 0, times 0 [ 838.541532][ T3520] FAULT_INJECTION: forcing a failure. [ 838.541532][ T3520] name failslab, interval 1, probability 0, space 0, times 0 [ 838.559625][ T3522] binder: 3515:3522 transaction failed 29201/-28, size 24-8 line 3148 [ 838.560896][ T3521] binder: 3513:3521 transaction failed 29201/-28, size 24-8 line 3148 [ 838.568259][ T3520] CPU: 1 PID: 3520 Comm: syz-executor.3 Not tainted 5.1.0-rc2-next-20190326 #11 [ 838.584989][ T3520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 838.595049][ T3520] Call Trace: [ 838.598507][ T3520] dump_stack+0x172/0x1f0 [ 838.602903][ T3520] should_fail.cold+0xa/0x15 [ 838.607597][ T3520] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 838.613405][ T3520] ? ___might_sleep+0x163/0x280 [ 838.618276][ T3520] __should_failslab+0x121/0x190 [ 838.619671][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 838.623224][ T3520] ? shmem_destroy_callback+0xc0/0xc0 [ 838.623248][ T3520] should_failslab+0x9/0x14 [ 838.623265][ T3520] kmem_cache_alloc+0x2b2/0x6f0 [ 838.623280][ T3520] ? __alloc_fd+0x430/0x530 [ 838.623296][ T3520] ? shmem_destroy_callback+0xc0/0xc0 [ 838.623307][ T3520] shmem_alloc_inode+0x1c/0x50 [ 838.623318][ T3520] alloc_inode+0x66/0x190 [ 838.623331][ T3520] new_inode_pseudo+0x19/0xf0 [ 838.623344][ T3520] new_inode+0x1f/0x40 [ 838.623356][ T3520] shmem_get_inode+0x84/0x780 14:12:04 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000300000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 838.623373][ T3520] __shmem_file_setup.part.0+0x7e/0x2b0 [ 838.623387][ T3520] shmem_file_setup+0x66/0x90 [ 838.623402][ T3520] __x64_sys_memfd_create+0x2a2/0x470 [ 838.623415][ T3520] ? memfd_fcntl+0x1550/0x1550 [ 838.623429][ T3520] ? do_syscall_64+0x26/0x610 [ 838.623447][ T3520] ? lockdep_hardirqs_on+0x418/0x5d0 [ 838.643805][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 838.644278][ T3520] ? trace_hardirqs_on+0x67/0x230 [ 838.718459][ T3520] do_syscall_64+0x103/0x610 [ 838.723153][ T3520] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.729055][ T3520] RIP: 0033:0x458209 [ 838.732957][ T3520] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.752560][ T3520] RSP: 002b:00007f490e391a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 838.760970][ T3520] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 838.768943][ T3520] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 14:12:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000fffffdfd000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 838.776923][ T3520] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 838.784900][ T3520] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f490e3926d4 [ 838.792874][ T3520] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 838.802091][ T3519] CPU: 0 PID: 3519 Comm: syz-executor.5 Not tainted 5.1.0-rc2-next-20190326 #11 [ 838.812491][ T3519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 838.822544][ T3519] Call Trace: [ 838.825861][ T3519] dump_stack+0x172/0x1f0 [ 838.830189][ T3519] should_fail.cold+0xa/0x15 [ 838.834787][ T3519] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 838.840590][ T3519] ? ___might_sleep+0x163/0x280 [ 838.845530][ T3519] __should_failslab+0x121/0x190 [ 838.850472][ T3519] should_failslab+0x9/0x14 [ 838.854971][ T3519] kmem_cache_alloc+0x2b2/0x6f0 [ 838.859822][ T3519] ? current_time+0x6b/0x140 [ 838.864415][ T3519] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 838.870221][ T3519] ? lockdep_hardirqs_on+0x418/0x5d0 [ 838.875505][ T3519] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.881739][ T3519] ? timespec64_trunc+0xf0/0x180 [ 838.886673][ T3519] __d_alloc+0x2e/0x8c0 [ 838.890824][ T3519] d_alloc_pseudo+0x1e/0x30 [ 838.895328][ T3519] alloc_file_pseudo+0xe2/0x280 [ 838.900174][ T3519] ? alloc_file+0x4d0/0x4d0 [ 838.904696][ T3519] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 838.910937][ T3519] __shmem_file_setup.part.0+0x108/0x2b0 [ 838.916565][ T3519] shmem_file_setup+0x66/0x90 [ 838.921266][ T3519] __x64_sys_memfd_create+0x2a2/0x470 [ 838.926633][ T3519] ? memfd_fcntl+0x1550/0x1550 [ 838.931394][ T3519] ? do_syscall_64+0x26/0x610 [ 838.936062][ T3519] ? lockdep_hardirqs_on+0x418/0x5d0 [ 838.941361][ T3519] ? trace_hardirqs_on+0x67/0x230 [ 838.946470][ T3519] do_syscall_64+0x103/0x610 [ 838.951061][ T3519] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.956946][ T3519] RIP: 0033:0x458209 [ 838.960836][ T3519] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.980430][ T3519] RSP: 002b:00007f517e5bda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 838.988921][ T3519] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 838.996883][ T3519] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 839.004847][ T3519] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 839.013821][ T3519] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f517e5be6d4 [ 839.021785][ T3519] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 14:12:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000400000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:04 executing program 3 (fault-call:0 fault-nth:2): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:04 executing program 5 (fault-call:0 fault-nth:3): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 839.131454][ T3539] FAULT_INJECTION: forcing a failure. [ 839.131454][ T3539] name failslab, interval 1, probability 0, space 0, times 0 [ 839.147520][ T3542] FAULT_INJECTION: forcing a failure. [ 839.147520][ T3542] name failslab, interval 1, probability 0, space 0, times 0 [ 839.158765][ T3539] CPU: 0 PID: 3539 Comm: syz-executor.5 Not tainted 5.1.0-rc2-next-20190326 #11 [ 839.169151][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 839.179207][ T3539] Call Trace: [ 839.179234][ T3539] dump_stack+0x172/0x1f0 [ 839.179257][ T3539] should_fail.cold+0xa/0x15 [ 839.179274][ T3539] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 839.179293][ T3539] ? ___might_sleep+0x163/0x280 [ 839.179312][ T3539] __should_failslab+0x121/0x190 [ 839.197377][ T3539] should_failslab+0x9/0x14 [ 839.197396][ T3539] kmem_cache_alloc+0x2b2/0x6f0 [ 839.197408][ T3539] ? current_time+0x6b/0x140 [ 839.197428][ T3539] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 839.216524][ T3539] ? lockdep_hardirqs_on+0x418/0x5d0 [ 839.216540][ T3539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 839.216559][ T3539] ? timespec64_trunc+0xf0/0x180 [ 839.226931][ T3539] __d_alloc+0x2e/0x8c0 [ 839.226950][ T3539] d_alloc_pseudo+0x1e/0x30 [ 839.226971][ T3539] alloc_file_pseudo+0xe2/0x280 [ 839.257021][ T3539] ? alloc_file+0x4d0/0x4d0 [ 839.261521][ T3539] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 839.267768][ T3539] __shmem_file_setup.part.0+0x108/0x2b0 [ 839.273394][ T3539] shmem_file_setup+0x66/0x90 [ 839.278067][ T3539] __x64_sys_memfd_create+0x2a2/0x470 [ 839.283443][ T3539] ? memfd_fcntl+0x1550/0x1550 [ 839.288462][ T3539] ? do_syscall_64+0x26/0x610 [ 839.293141][ T3539] ? lockdep_hardirqs_on+0x418/0x5d0 [ 839.298568][ T3539] ? trace_hardirqs_on+0x67/0x230 [ 839.303592][ T3539] do_syscall_64+0x103/0x610 [ 839.308248][ T3539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 839.314248][ T3539] RIP: 0033:0x458209 [ 839.318137][ T3539] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 839.338005][ T3539] RSP: 002b:00007f517e5bda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 839.346411][ T3539] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 839.354377][ T3539] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 839.362359][ T3539] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 839.370328][ T3539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f517e5be6d4 [ 839.378293][ T3539] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 839.386459][ T3542] CPU: 1 PID: 3542 Comm: syz-executor.3 Not tainted 5.1.0-rc2-next-20190326 #11 [ 839.395656][ T3542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 839.395663][ T3542] Call Trace: [ 839.395683][ T3542] dump_stack+0x172/0x1f0 [ 839.395707][ T3542] should_fail.cold+0xa/0x15 [ 839.395728][ T3542] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 839.424391][ T3542] ? ___might_sleep+0x163/0x280 [ 839.424410][ T3542] __should_failslab+0x121/0x190 [ 839.424429][ T3542] should_failslab+0x9/0x14 [ 839.438960][ T3542] kmem_cache_alloc+0x2b2/0x6f0 [ 839.443894][ T3542] ? current_time+0x6b/0x140 [ 839.443908][ T3542] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 839.443921][ T3542] ? lockdep_hardirqs_on+0x418/0x5d0 [ 839.443933][ T3542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 839.443944][ T3542] ? timespec64_trunc+0xf0/0x180 [ 839.443959][ T3542] __d_alloc+0x2e/0x8c0 [ 839.443973][ T3542] d_alloc_pseudo+0x1e/0x30 [ 839.443987][ T3542] alloc_file_pseudo+0xe2/0x280 [ 839.444005][ T3542] ? alloc_file+0x4d0/0x4d0 [ 839.454641][ T3542] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 839.454662][ T3542] __shmem_file_setup.part.0+0x108/0x2b0 [ 839.454679][ T3542] shmem_file_setup+0x66/0x90 [ 839.454694][ T3542] __x64_sys_memfd_create+0x2a2/0x470 [ 839.454710][ T3542] ? memfd_fcntl+0x1550/0x1550 [ 839.454723][ T3542] ? do_syscall_64+0x26/0x610 [ 839.454735][ T3542] ? lockdep_hardirqs_on+0x418/0x5d0 [ 839.454750][ T3542] ? trace_hardirqs_on+0x67/0x230 [ 839.454773][ T3542] do_syscall_64+0x103/0x610 [ 839.466272][ T3542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 839.475367][ T3542] RIP: 0033:0x458209 [ 839.545865][ T3542] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 839.565465][ T3542] RSP: 002b:00007f490e391a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 839.573881][ T3542] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 839.581854][ T3542] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 839.589847][ T3542] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 839.597828][ T3542] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f490e3926d4 [ 839.605883][ T3542] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 14:12:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x1020, 0x0) 14:12:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000fdfdffff000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:05 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:05 executing program 5 (fault-call:0 fault-nth:4): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000500000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:05 executing program 3 (fault-call:0 fault-nth:3): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000010000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 840.016963][ T3546] FAULT_INJECTION: forcing a failure. [ 840.016963][ T3546] name failslab, interval 1, probability 0, space 0, times 0 [ 840.037193][ T3553] FAULT_INJECTION: forcing a failure. [ 840.037193][ T3553] name failslab, interval 1, probability 0, space 0, times 0 [ 840.077377][ T3546] CPU: 0 PID: 3546 Comm: syz-executor.5 Not tainted 5.1.0-rc2-next-20190326 #11 [ 840.086433][ T3546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.096515][ T3546] Call Trace: [ 840.099825][ T3546] dump_stack+0x172/0x1f0 [ 840.104368][ T3546] should_fail.cold+0xa/0x15 [ 840.109591][ T3546] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 840.115422][ T3546] ? ___might_sleep+0x163/0x280 [ 840.120322][ T3546] __should_failslab+0x121/0x190 14:12:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000020000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 840.125268][ T3546] should_failslab+0x9/0x14 [ 840.129781][ T3546] kmem_cache_alloc+0x2b2/0x6f0 [ 840.134641][ T3546] ? rcu_read_lock_sched_held+0x110/0x130 [ 840.140367][ T3546] ? kmem_cache_alloc+0x32e/0x6f0 [ 840.145404][ T3546] security_file_alloc+0x39/0x170 [ 840.150476][ T3546] __alloc_file+0xac/0x300 [ 840.154903][ T3546] alloc_empty_file+0x72/0x170 [ 840.159675][ T3546] alloc_file+0x5e/0x4d0 [ 840.163928][ T3546] alloc_file_pseudo+0x189/0x280 [ 840.168961][ T3546] ? alloc_file+0x4d0/0x4d0 14:12:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000030000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 840.173469][ T3546] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 840.179721][ T3546] __shmem_file_setup.part.0+0x108/0x2b0 [ 840.185358][ T3546] shmem_file_setup+0x66/0x90 [ 840.190055][ T3546] __x64_sys_memfd_create+0x2a2/0x470 [ 840.195534][ T3546] ? memfd_fcntl+0x1550/0x1550 [ 840.200309][ T3546] ? do_syscall_64+0x26/0x610 [ 840.204990][ T3546] ? lockdep_hardirqs_on+0x418/0x5d0 [ 840.210284][ T3546] ? trace_hardirqs_on+0x67/0x230 [ 840.215320][ T3546] do_syscall_64+0x103/0x610 [ 840.219924][ T3546] entry_SYSCALL_64_after_hwframe+0x49/0xbe 14:12:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000040000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 840.225815][ T3546] RIP: 0033:0x458209 [ 840.229711][ T3546] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 840.249404][ T3546] RSP: 002b:00007f517e5bda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 840.257824][ T3546] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 840.265803][ T3546] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 840.273879][ T3546] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 840.281941][ T3546] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f517e5be6d4 [ 840.289924][ T3546] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 840.298935][ T3553] CPU: 1 PID: 3553 Comm: syz-executor.3 Not tainted 5.1.0-rc2-next-20190326 #11 [ 840.307966][ T3553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.307972][ T3553] Call Trace: [ 840.307992][ T3553] dump_stack+0x172/0x1f0 [ 840.308013][ T3553] should_fail.cold+0xa/0x15 [ 840.321786][ T3553] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 840.321807][ T3553] ? ___might_sleep+0x163/0x280 [ 840.321826][ T3553] __should_failslab+0x121/0x190 [ 840.321849][ T3553] should_failslab+0x9/0x14 [ 840.331103][ T3553] kmem_cache_alloc+0x2b2/0x6f0 [ 840.331127][ T3553] __alloc_file+0x27/0x300 [ 840.331144][ T3553] alloc_empty_file+0x72/0x170 [ 840.331160][ T3553] alloc_file+0x5e/0x4d0 [ 840.331176][ T3553] alloc_file_pseudo+0x189/0x280 [ 840.331195][ T3553] ? alloc_file+0x4d0/0x4d0 [ 840.341816][ T3553] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 840.341840][ T3553] __shmem_file_setup.part.0+0x108/0x2b0 [ 840.341856][ T3553] shmem_file_setup+0x66/0x90 [ 840.341874][ T3553] __x64_sys_memfd_create+0x2a2/0x470 [ 840.400934][ T3553] ? memfd_fcntl+0x1550/0x1550 [ 840.405693][ T3553] ? do_syscall_64+0x26/0x610 [ 840.410365][ T3553] ? lockdep_hardirqs_on+0x418/0x5d0 [ 840.415735][ T3553] ? trace_hardirqs_on+0x67/0x230 [ 840.420767][ T3553] do_syscall_64+0x103/0x610 [ 840.425360][ T3553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 840.431596][ T3553] RIP: 0033:0x458209 [ 840.435842][ T3553] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 840.455443][ T3553] RSP: 002b:00007f490e391a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 840.463942][ T3553] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 14:12:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000600000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000050000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 840.471911][ T3553] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 840.479969][ T3553] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 840.487932][ T3553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f490e3926d4 [ 840.495989][ T3553] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 14:12:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2000, 0x0) 14:12:06 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000700000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:06 executing program 5 (fault-call:0 fault-nth:5): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:06 executing program 3 (fault-call:0 fault-nth:4): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000060000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000a00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 840.671586][ T3578] FAULT_INJECTION: forcing a failure. [ 840.671586][ T3578] name failslab, interval 1, probability 0, space 0, times 0 [ 840.677664][ T3575] FAULT_INJECTION: forcing a failure. [ 840.677664][ T3575] name failslab, interval 1, probability 0, space 0, times 0 [ 840.741627][ T3578] CPU: 0 PID: 3578 Comm: syz-executor.3 Not tainted 5.1.0-rc2-next-20190326 #11 [ 840.750685][ T3578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.760753][ T3578] Call Trace: [ 840.764062][ T3578] dump_stack+0x172/0x1f0 [ 840.768412][ T3578] should_fail.cold+0xa/0x15 [ 840.773008][ T3578] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 840.778832][ T3578] ? ___might_sleep+0x163/0x280 [ 840.783686][ T3578] __should_failslab+0x121/0x190 [ 840.788632][ T3578] should_failslab+0x9/0x14 [ 840.793306][ T3578] kmem_cache_alloc+0x2b2/0x6f0 [ 840.798158][ T3578] ? rcu_read_lock_sched_held+0x110/0x130 [ 840.803884][ T3578] ? kmem_cache_alloc+0x32e/0x6f0 [ 840.810093][ T3578] security_file_alloc+0x39/0x170 [ 840.815123][ T3578] __alloc_file+0xac/0x300 [ 840.819543][ T3578] alloc_empty_file+0x72/0x170 [ 840.824310][ T3578] alloc_file+0x5e/0x4d0 [ 840.828555][ T3578] alloc_file_pseudo+0x189/0x280 [ 840.833496][ T3578] ? alloc_file+0x4d0/0x4d0 [ 840.837996][ T3578] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 840.844245][ T3578] __shmem_file_setup.part.0+0x108/0x2b0 [ 840.849873][ T3578] shmem_file_setup+0x66/0x90 [ 840.854548][ T3578] __x64_sys_memfd_create+0x2a2/0x470 [ 840.859914][ T3578] ? memfd_fcntl+0x1550/0x1550 [ 840.864670][ T3578] ? do_syscall_64+0x26/0x610 [ 840.869344][ T3578] ? lockdep_hardirqs_on+0x418/0x5d0 [ 840.874629][ T3578] ? trace_hardirqs_on+0x67/0x230 [ 840.879658][ T3578] do_syscall_64+0x103/0x610 [ 840.884251][ T3578] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 840.890144][ T3578] RIP: 0033:0x458209 [ 840.894307][ T3578] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 840.913989][ T3578] RSP: 002b:00007f490e391a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 840.922495][ T3578] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 840.930463][ T3578] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 840.938428][ T3578] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 840.946391][ T3578] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f490e3926d4 [ 840.954357][ T3578] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 840.964406][ T3575] CPU: 1 PID: 3575 Comm: syz-executor.5 Not tainted 5.1.0-rc2-next-20190326 #11 [ 840.973542][ T3575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.983690][ T3575] Call Trace: [ 840.986998][ T3575] dump_stack+0x172/0x1f0 [ 840.991347][ T3575] should_fail.cold+0xa/0x15 [ 840.996095][ T3575] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 841.001908][ T3575] ? ___might_sleep+0x163/0x280 [ 841.006772][ T3575] __should_failslab+0x121/0x190 [ 841.011720][ T3575] should_failslab+0x9/0x14 [ 841.016235][ T3575] kmem_cache_alloc+0x2b2/0x6f0 [ 841.021096][ T3575] ? rcu_read_lock_sched_held+0x110/0x130 [ 841.026811][ T3575] ? kmem_cache_alloc+0x32e/0x6f0 [ 841.031948][ T3575] security_file_alloc+0x39/0x170 [ 841.036981][ T3575] __alloc_file+0xac/0x300 [ 841.041405][ T3575] alloc_empty_file+0x72/0x170 [ 841.046174][ T3575] alloc_file+0x5e/0x4d0 [ 841.050425][ T3575] alloc_file_pseudo+0x189/0x280 [ 841.057887][ T3575] ? alloc_file+0x4d0/0x4d0 [ 841.062392][ T3575] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 841.068639][ T3575] __shmem_file_setup.part.0+0x108/0x2b0 [ 841.074450][ T3575] shmem_file_setup+0x66/0x90 [ 841.079128][ T3575] __x64_sys_memfd_create+0x2a2/0x470 [ 841.084848][ T3575] ? memfd_fcntl+0x1550/0x1550 [ 841.089613][ T3575] ? do_syscall_64+0x26/0x610 [ 841.094313][ T3575] ? lockdep_hardirqs_on+0x418/0x5d0 [ 841.099596][ T3575] ? trace_hardirqs_on+0x67/0x230 [ 841.104618][ T3575] do_syscall_64+0x103/0x610 [ 841.109208][ T3575] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.115093][ T3575] RIP: 0033:0x458209 [ 841.118981][ T3575] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:12:06 executing program 3 (fault-call:0 fault-nth:5): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:06 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000070000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 841.138758][ T3575] RSP: 002b:00007f517e5bda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 841.147251][ T3575] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458209 [ 841.155230][ T3575] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bd167 [ 841.163196][ T3575] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 841.171162][ T3575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f517e5be6d4 [ 841.179143][ T3575] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 841.232293][ T3590] binder_alloc_new_buf_locked: 23 callbacks suppressed [ 841.232303][ T3590] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 841.240616][ T3591] FAULT_INJECTION: forcing a failure. [ 841.240616][ T3591] name failslab, interval 1, probability 0, space 0, times 0 [ 841.265409][ T3591] CPU: 0 PID: 3591 Comm: syz-executor.3 Not tainted 5.1.0-rc2-next-20190326 #11 [ 841.265654][ T3590] binder_alloc_new_buf_locked: 23 callbacks suppressed [ 841.265668][ T3590] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 841.274457][ T3591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.274464][ T3591] Call Trace: [ 841.274487][ T3591] dump_stack+0x172/0x1f0 [ 841.274508][ T3591] should_fail.cold+0xa/0x15 [ 841.274527][ T3591] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 841.274546][ T3591] ? ___might_sleep+0x163/0x280 [ 841.274562][ T3591] __should_failslab+0x121/0x190 14:12:06 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:06 executing program 5 (fault-call:0 fault-nth:6): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 841.274577][ T3591] should_failslab+0x9/0x14 [ 841.274596][ T3591] kmem_cache_alloc+0x2b2/0x6f0 [ 841.301056][ T3591] ? notify_change+0x6d5/0xfb0 [ 841.301072][ T3591] ? do_sys_ftruncate+0x41e/0x550 [ 841.301089][ T3591] getname_flags+0xd6/0x5b0 [ 841.301107][ T3591] getname+0x1a/0x20 [ 841.313289][ T3591] do_sys_open+0x2c9/0x5d0 [ 841.313310][ T3591] ? filp_open+0x80/0x80 [ 841.324786][ T3591] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.324803][ T3591] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 841.324815][ T3591] ? do_syscall_64+0x26/0x610 [ 841.324837][ T3591] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.343908][ T3591] ? do_syscall_64+0x26/0x610 [ 841.343931][ T3591] __x64_sys_open+0x7e/0xc0 [ 841.343945][ T3591] do_syscall_64+0x103/0x610 [ 841.343964][ T3591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.343989][ T3591] RIP: 0033:0x4121a1 [ 841.353490][ T3591] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 841.353499][ T3591] RSP: 002b:00007f490e391a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 841.353513][ T3591] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004121a1 [ 841.353521][ T3591] RDX: 00007f490e391b0a RSI: 0000000000000002 RDI: 00007f490e391b00 [ 841.353529][ T3591] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 841.353536][ T3591] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 841.353544][ T3591] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 841.355285][ T3594] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 841.364540][ T3594] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 841.500174][T27606] binder_release_work: 19 callbacks suppressed [ 841.500182][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2010, 0x0) 14:12:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000001200000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000a0000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:07 executing program 3 (fault-call:0 fault-nth:6): syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 841.560606][ T3596] FAULT_INJECTION: forcing a failure. [ 841.560606][ T3596] name failslab, interval 1, probability 0, space 0, times 0 [ 841.605050][ T3602] FAULT_INJECTION: forcing a failure. [ 841.605050][ T3602] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 841.618371][ T3602] CPU: 1 PID: 3602 Comm: syz-executor.3 Not tainted 5.1.0-rc2-next-20190326 #11 [ 841.618380][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.618385][ T3602] Call Trace: [ 841.618405][ T3602] dump_stack+0x172/0x1f0 [ 841.618425][ T3602] should_fail.cold+0xa/0x15 [ 841.618440][ T3602] ? __lock_acquire+0x548/0x3fb0 [ 841.618454][ T3602] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 841.618466][ T3602] ? __lock_acquire+0x548/0x3fb0 [ 841.618488][ T3602] should_fail_alloc_page+0x50/0x60 [ 841.634785][ T3604] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 841.637750][ T3602] __alloc_pages_nodemask+0x1a1/0x7e0 [ 841.637774][ T3602] ? __alloc_pages_slowpath+0x2900/0x2900 [ 841.652407][ T3604] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 841.652469][ T3602] ? find_held_lock+0x35/0x130 [ 841.661048][ T3604] binder_transaction: 20 callbacks suppressed [ 841.661064][ T3604] binder: 3600:3604 transaction failed 29201/-28, size 24-8 line 3148 [ 841.663191][ T3602] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 841.663212][ T3602] cache_grow_begin+0x9c/0x860 [ 841.673330][ T3602] ? getname_flags+0xd6/0x5b0 [ 841.673346][ T3602] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 841.673362][ T3602] kmem_cache_alloc+0x62d/0x6f0 [ 841.673374][ T3602] ? notify_change+0x6d5/0xfb0 [ 841.673395][ T3602] ? do_sys_ftruncate+0x41e/0x550 [ 841.690819][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 841.692862][ T3602] getname_flags+0xd6/0x5b0 [ 841.692880][ T3602] getname+0x1a/0x20 [ 841.771772][ T3602] do_sys_open+0x2c9/0x5d0 [ 841.776188][ T3602] ? filp_open+0x80/0x80 [ 841.780425][ T3602] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 841.786667][ T3602] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 841.792127][ T3602] ? do_syscall_64+0x26/0x610 [ 841.796800][ T3602] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.803207][ T3602] ? do_syscall_64+0x26/0x610 [ 841.807891][ T3602] __x64_sys_open+0x7e/0xc0 [ 841.812398][ T3602] do_syscall_64+0x103/0x610 [ 841.816991][ T3602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.822877][ T3602] RIP: 0033:0x4121a1 [ 841.826774][ T3602] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 841.846636][ T3602] RSP: 002b:00007f490e391a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 14:12:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000120000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:07 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 841.855135][ T3602] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004121a1 [ 841.863111][ T3602] RDX: 00007f490e391b0a RSI: 0000000000000002 RDI: 00007f490e391b00 [ 841.871083][ T3602] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 841.879067][ T3602] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 841.887057][ T3602] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 841.942652][ T3608] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 841.946101][ T3596] CPU: 1 PID: 3596 Comm: syz-executor.5 Not tainted 5.1.0-rc2-next-20190326 #11 [ 841.960058][ T3596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.970138][ T3596] Call Trace: [ 841.970160][ T3596] dump_stack+0x172/0x1f0 [ 841.970180][ T3596] should_fail.cold+0xa/0x15 [ 841.970203][ T3596] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 841.979216][ T3608] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 841.982597][ T3596] ? ___might_sleep+0x163/0x280 [ 841.982616][ T3596] __should_failslab+0x121/0x190 [ 841.982631][ T3596] should_failslab+0x9/0x14 [ 841.982645][ T3596] kmem_cache_alloc+0x2b2/0x6f0 [ 841.982659][ T3596] ? __save_stack_trace+0x99/0x100 [ 841.982679][ T3596] __alloc_file+0x27/0x300 [ 841.982699][ T3596] alloc_empty_file+0x72/0x170 [ 841.998048][ T3596] path_openat+0xef/0x46e0 [ 841.998065][ T3596] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 841.998079][ T3596] ? kasan_slab_alloc+0xf/0x20 [ 841.998092][ T3596] ? kmem_cache_alloc+0x11a/0x6f0 [ 841.998103][ T3596] ? getname_flags+0xd6/0x5b0 [ 841.998114][ T3596] ? getname+0x1a/0x20 [ 841.998129][ T3596] ? do_sys_open+0x2c9/0x5d0 [ 841.998139][ T3596] ? __x64_sys_open+0x7e/0xc0 [ 841.998159][ T3596] ? do_syscall_64+0x103/0x610 [ 842.016752][ T3608] binder: 3607:3608 transaction failed 29201/-28, size 24-8 line 3148 [ 842.017260][ T3596] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.037237][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.041710][ T3596] ? __lock_acquire+0x548/0x3fb0 [ 842.041732][ T3596] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 842.041745][ T3596] ? mark_held_locks+0xa4/0xf0 [ 842.041760][ T3596] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 842.041773][ T3596] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 842.041786][ T3596] ? lockdep_hardirqs_on+0x418/0x5d0 [ 842.041801][ T3596] ? retint_kernel+0x2d/0x2d [ 842.041815][ T3596] ? __alloc_fd+0x430/0x530 [ 842.041829][ T3596] do_filp_open+0x1a1/0x280 14:12:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004800000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 842.041846][ T3596] ? may_open_dev+0x100/0x100 [ 842.144315][ T3596] ? lock_downgrade+0x880/0x880 [ 842.149184][ T3596] ? kasan_check_read+0x11/0x20 [ 842.154046][ T3596] ? do_raw_spin_unlock+0x57/0x270 [ 842.159174][ T3596] ? _raw_spin_unlock+0x2d/0x50 [ 842.164028][ T3596] ? __alloc_fd+0x430/0x530 [ 842.168546][ T3596] do_sys_open+0x3fe/0x5d0 [ 842.172975][ T3596] ? filp_open+0x80/0x80 [ 842.177226][ T3596] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 842.183472][ T3596] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 842.183488][ T3596] ? do_syscall_64+0x26/0x610 14:12:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000200000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:07 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 842.183505][ T3596] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.183519][ T3596] ? do_syscall_64+0x26/0x610 [ 842.183535][ T3596] __x64_sys_open+0x7e/0xc0 [ 842.183550][ T3596] do_syscall_64+0x103/0x610 [ 842.183567][ T3596] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.183577][ T3596] RIP: 0033:0x4121a1 [ 842.183596][ T3596] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 842.193705][ T3596] RSP: 002b:00007f517e5bda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 842.193719][ T3596] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004121a1 [ 842.193728][ T3596] RDX: 00007f517e5bdb0a RSI: 0000000000000002 RDI: 00007f517e5bdb00 [ 842.193736][ T3596] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 842.193745][ T3596] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 842.193753][ T3596] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 0000000000000003 [ 842.328314][ T3621] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 842.337624][ T3602] XFS (loop3): Invalid superblock magic number [ 842.352186][ T3621] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 842.380302][ T3627] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 842.388898][ T3621] binder: 3619:3621 transaction failed 29201/-28, size 24-8 line 3148 [ 842.417286][ T3627] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:07 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2300, 0x0) [ 842.435978][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.460776][ T3627] binder: 3622:3627 transaction failed 29201/-28, size 24-8 line 3148 14:12:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004c00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:08 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 842.485793][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.514946][ T3634] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000480000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 842.542493][ T3634] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 842.554395][ T3634] binder: 3630:3634 transaction failed 29201/-28, size 24-8 line 3148 14:12:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006000000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 842.585334][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.618244][ T3631] XFS (loop5): Invalid superblock magic number [ 842.622895][ T3647] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 842.665196][ T3647] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 842.686020][ T3647] binder: 3645:3647 transaction failed 29201/-28, size 24-8 line 3148 [ 842.695585][ T3649] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 842.695602][ T3649] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 842.717513][ T3649] binder: 3648:3649 transaction failed 29201/-28, size 24-8 line 3148 [ 842.726490][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.756177][ T3649] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:08 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2801, 0x0) 14:12:08 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000004c0000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006800000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 842.765615][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 842.772287][ T3649] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 842.782115][ T3649] binder: 3648:3649 transaction failed 29201/-28, size 24-8 line 3148 [ 842.791124][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006c00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 842.888525][ T3658] binder: 3656:3658 transaction failed 29201/-28, size 24-8 line 3148 [ 842.897121][ T3655] binder: 3653:3655 transaction failed 29201/-28, size 24-8 line 3148 [ 842.916036][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000600000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:08 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3f00, 0x0) 14:12:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007400000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:08 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='%fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007a00000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 843.228101][ T3661] XFS (loop3): Invalid superblock magic number 14:12:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000680000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:09 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000003000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4000, 0x0) 14:12:09 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='x%s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:09 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='%fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000005000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000006c0000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:09 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000006000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 843.929043][ T3705] XFS (loop0): Invalid superblock magic number 14:12:09 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='x.s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000007000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:09 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='x%s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:09 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000740000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000a000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:10 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4003, 0x0) 14:12:10 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000007a0000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:10 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='x/s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000012000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:10 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='x.s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000fffffdfd0000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000020000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:10 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\xff', 0x1, 0x4000) 14:12:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000048000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000020000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000004c000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 845.057583][ T3772] XFS (loop0): Invalid superblock magic number 14:12:11 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4800, 0x0) 14:12:11 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='x/s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000030000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:11 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xf\n\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:11 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\xff', 0x1, 0x4000) 14:12:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000060000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000040000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:11 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x7f', 0x1, 0x4000) 14:12:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000068000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000050000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:11 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\xf6', 0x1, 0x4000) 14:12:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000006c000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 846.199190][ T3820] XFS (loop0): Invalid superblock magic number 14:12:12 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4c00, 0x0) 14:12:12 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xf#\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000060000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:12 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xf\n\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000074000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:12 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\xfe', 0x1, 0x4000) [ 847.011754][ T3851] binder_alloc_new_buf_locked: 29 callbacks suppressed [ 847.011764][ T3851] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 847.043290][ T3851] binder_alloc_new_buf_locked: 29 callbacks suppressed [ 847.043305][ T3851] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:12 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000007a000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 847.091896][ T3851] binder_transaction: 27 callbacks suppressed [ 847.091943][ T3851] binder: 3850:3851 transaction failed 29201/-28, size 24-8 line 3148 [ 847.106848][ T3859] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 847.116221][ T3859] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 847.127849][T23633] binder_release_work: 28 callbacks suppressed [ 847.127856][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:12 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xf%\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 847.156562][ T3859] binder: 3855:3859 transaction failed 29201/-28, size 24-8 line 3148 [ 847.192854][ T3859] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:12 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 847.232723][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 847.239362][ T3859] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 847.263794][ T3871] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:12 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xf#\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 847.277944][ T3859] binder: 3855:3859 transaction failed 29201/-28, size 24-8 line 3148 [ 847.286741][ T3871] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 847.319139][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 847.331591][ T3863] XFS (loop0): Invalid superblock magic number 14:12:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000070000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 847.353624][ T3871] binder: 3868:3871 transaction failed 29201/-28, size 24-8 line 3148 [ 847.377950][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 847.449575][ T3889] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 847.458939][ T3889] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 847.469157][ T3889] binder: 3885:3889 transaction failed 29201/-28, size 24-8 line 3148 [ 847.498726][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:13 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x5800, 0x0) 14:12:13 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000100000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:13 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xf*\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000a0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:13 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xf%\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 848.213336][ T3905] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 848.227536][ T3905] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 848.241021][ T3905] binder: 3903:3905 transaction failed 29201/-28, size 24-8 line 3148 [ 848.249520][ T3910] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 848.263522][ T3910] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 848.283132][ T3910] binder: 3904:3910 transaction failed 29201/-28, size 24-8 line 3148 [ 848.287694][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 848.291791][ T3905] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:13 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000200000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 848.307428][ T3905] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 848.322243][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 848.345183][ T3905] binder: 3903:3905 transaction failed 29201/-28, size 24-8 line 3148 14:12:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000120000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 848.358346][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 848.416166][ T3921] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 848.434546][ T3921] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 848.453658][ T3921] binder: 3920:3921 transaction failed 29201/-28, size 24-8 line 3148 14:12:14 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000300000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xf+\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 848.482188][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 848.490179][ T3927] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 848.511975][ T3927] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 848.527458][ T3927] binder: 3926:3927 transaction failed 29201/-28, size 24-8 line 3148 [ 848.538808][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:14 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6000, 0x0) 14:12:14 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xf*\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000480000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000400000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000500000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000004c0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000600000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000600000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:14 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:14 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xf-\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000700000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6200, 0x0) 14:12:14 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:14 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xf+\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000680000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000a00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000006c0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000001200000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000740000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:14 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xf.\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000002000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6401, 0x0) 14:12:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000007a0000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004800000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:14 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xf-\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:14 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000300000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:15 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6800, 0x0) 14:12:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004c00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:15 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:15 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xf0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000500000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:15 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xf.\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:15 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006800000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000600000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006c00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000700000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:15 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6c00, 0x0) 14:12:15 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007400000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:15 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfX\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:15 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xf0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007a00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000a00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:15 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000001200000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:15 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7400, 0x0) 14:12:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000001000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:15 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000002000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000002000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:15 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:16 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfc\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004800000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:16 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfX\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000003000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:16 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7600, 0x0) 14:12:16 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004c00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000004000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:16 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000005000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:16 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7a00, 0x0) 14:12:16 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfd\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:16 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:16 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfc\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006800000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000006000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:16 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000007000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006c00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:16 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:16 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8002, 0x0) 14:12:16 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000a000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:16 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfi\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007400000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:16 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfd\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:16 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000012000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007a00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000020000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:17 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000048000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:17 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e00, 0x0) 14:12:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000010000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:17 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:17 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfl\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000004c000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:17 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfi\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 852.322335][ T4209] binder_alloc_new_buf_locked: 65 callbacks suppressed [ 852.322345][ T4209] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 852.362140][ T4209] binder_alloc_new_buf_locked: 65 callbacks suppressed 14:12:17 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 852.362159][ T4209] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 852.383838][ T4213] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 852.392493][ T4209] binder_transaction: 65 callbacks suppressed [ 852.392515][ T4209] binder: 4208:4209 transaction failed 29201/-28, size 24-8 line 3148 [ 852.407096][ T4213] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000020000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000060000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 852.407133][ T4213] binder: 4204:4213 transaction failed 29201/-28, size 24-8 line 3148 [ 852.411578][T23633] binder_release_work: 65 callbacks suppressed [ 852.411584][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 852.461945][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 852.491751][ T4219] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 852.515293][ T4219] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 852.531082][ T4219] binder: 4218:4219 transaction failed 29201/-28, size 24-8 line 3148 [ 852.541692][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 852.579472][ T4228] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000030000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:18 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:18 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfo\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 852.612918][ T4228] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 852.634567][ T4228] binder: 4227:4228 transaction failed 29201/-28, size 24-8 line 3148 [ 852.655775][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 852.693198][ T4230] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 852.723862][ T4230] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xae00, 0x0) 14:12:18 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfl\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000068000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:18 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 852.741575][ T4230] binder: 4229:4230 transaction failed 29201/-28, size 24-8 line 3148 [ 852.770059][ T4230] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 852.770133][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 852.817725][ T4230] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 852.828016][ T4240] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 852.836770][ T4230] binder: 4229:4230 transaction failed 29201/-28, size 24-8 line 3148 [ 852.853052][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000040000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:18 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 852.879816][ T4240] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 852.919839][ T4240] binder: 4239:4240 transaction failed 29201/-28, size 24-8 line 3148 14:12:18 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfp\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 852.943830][ T4240] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 852.959277][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 852.967674][ T4240] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 852.982681][ T4240] binder: 4239:4240 transaction failed 29201/-28, size 24-8 line 3148 14:12:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000006c000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 852.993710][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:18 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 853.036815][ T4253] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 853.059080][ T4253] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 853.096967][ T4253] binder: 4252:4253 transaction failed 29201/-28, size 24-8 line 3148 [ 853.105860][ T4257] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 853.122833][ T4257] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xb801, 0x0) [ 853.144786][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 853.162990][ T4253] binder: 4252:4253 transaction failed 29201/-28, size 24-8 line 3148 [ 853.171970][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000074000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000050000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:18 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfo\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000060000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000007a000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:18 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:18 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfu\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000002000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000070000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:18 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xc400, 0x0) 14:12:19 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x2, 0x4000) 14:12:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000a0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000003000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:19 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x3, 0x4000) 14:12:19 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfp\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000120000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:19 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x4, 0x4000) 14:12:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000200000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000004000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:19 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfx\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:19 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x5, 0x4000) 14:12:20 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xc803, 0x0) 14:12:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000480000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000005000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:20 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x6, 0x4000) 14:12:20 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfu\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:20 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000006000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:20 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x7, 0x4000) 14:12:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000004c0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:20 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x8, 0x4000) 14:12:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000007000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000600000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe203, 0x0) 14:12:21 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xa, 0x4000) 14:12:21 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfx\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000680000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000a000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:21 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x03', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:21 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xb, 0x4000) 14:12:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000006c0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000012000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000048000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000740000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:21 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xc, 0x4000) 14:12:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xedc0, 0x0) 14:12:21 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x04', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:21 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000004c000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:21 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xd, 0x4000) 14:12:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000007a0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000060000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:21 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xe, 0x4000) 14:12:21 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x05', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000068000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000fffffdfd0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:21 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xf, 0x4000) 14:12:21 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xff0f, 0x0) 14:12:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000006c000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:21 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x03', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000fdfdffff0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:22 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x10, 0x4000) 14:12:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000074000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:22 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x06', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:22 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x11, 0x4000) 14:12:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000007a000000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:22 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x20000, 0x0) 14:12:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000100000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:22 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x12, 0x4000) 14:12:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000030000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:22 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x04', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:22 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x14, 0x4000) 14:12:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000200000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:22 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\a', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000050000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:22 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x15, 0x4000) 14:12:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000300000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:22 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x40000, 0x0) 14:12:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000060000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:22 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x16, 0x4000) 14:12:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000400000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000070000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:22 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x05', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:22 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x17, 0x4000) 14:12:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000500000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:22 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\b', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 857.369743][ T4525] binder_alloc_new_buf_locked: 52 callbacks suppressed [ 857.369753][ T4525] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 857.396587][ T4525] binder_alloc_new_buf_locked: 52 callbacks suppressed [ 857.396603][ T4525] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:22 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x18, 0x4000) 14:12:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000a0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 857.419082][ T4525] binder_transaction: 52 callbacks suppressed [ 857.419098][ T4525] binder: 4524:4525 transaction failed 29201/-28, size 24-8 line 3148 [ 857.442320][T27606] binder_release_work: 52 callbacks suppressed [ 857.442328][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 857.501322][ T4529] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 857.509812][ T4529] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 857.525248][ T4529] binder: 4528:4529 transaction failed 29201/-28, size 24-8 line 3148 [ 857.565615][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 857.603299][ T4537] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000600000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 857.612325][ T4537] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 857.635561][ T4537] binder: 4531:4537 transaction failed 29201/-28, size 24-8 line 3148 14:12:23 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe0000, 0x0) 14:12:23 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x19, 0x4000) [ 857.667601][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 857.681600][ T4544] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 857.697066][ T4544] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 857.707256][ T4544] binder: 4543:4544 transaction failed 29201/-28, size 24-8 line 3148 14:12:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000120000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 857.717027][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000700000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:23 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x34, 0x4000) 14:12:23 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x06', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 857.824737][ T4555] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 857.843336][ T4555] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 857.860778][ T4555] binder: 4549:4555 transaction failed 29201/-28, size 24-8 line 3148 14:12:23 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x35, 0x4000) 14:12:23 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\t', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000200000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 857.866095][ T4558] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 857.889270][ T4558] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 857.907693][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 857.909020][ T4558] binder: 4556:4558 transaction failed 29201/-28, size 24-8 line 3148 14:12:23 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x300, 0x4000) 14:12:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000a00000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 857.964180][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 857.982700][ T4565] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:23 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x989680, 0x0) [ 858.071167][ T4565] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:23 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x80000, 0x4000) [ 858.115453][ T4578] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 858.126271][ T4565] binder: 4562:4565 transaction failed 29201/-28, size 24-8 line 3148 [ 858.134942][ T4578] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 858.145471][ T4578] binder: 4572:4578 transaction failed 29201/-28, size 24-8 line 3148 [ 858.154388][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000480000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000001200000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 858.179130][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:23 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xffffff1f, 0x4000) 14:12:23 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\a', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 858.291619][ T4587] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 858.305478][ T4587] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 858.322975][ T4590] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 858.337737][ T4587] binder: 4585:4587 transaction failed 29201/-28, size 24-8 line 3148 [ 858.351018][ T4590] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 858.364203][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 858.371819][ T4590] binder: 4584:4590 transaction failed 29201/-28, size 24-8 line 3148 14:12:23 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x1000000, 0x0) 14:12:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000002000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:23 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\n', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 858.406887][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:23 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xfffffffe, 0x4000) 14:12:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000004c0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000004800000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000600000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:24 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xffffefffffffff7f, 0x4000) 14:12:24 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\b', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000004c00000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 858.696285][ T4600] XFS (loop0): Invalid superblock magic number 14:12:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000680000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:24 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x2) 14:12:25 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2000000, 0x0) 14:12:25 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\f', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000006c0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:25 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x1f40) 14:12:25 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\t', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006800000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000740000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:25 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x2000) 14:12:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006c00000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000007a0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:25 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\n', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 859.812852][ T4660] XFS (loop0): Invalid superblock magic number 14:12:26 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3000000, 0x0) 14:12:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000007400000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:26 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\r', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000001000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:26 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x2805) 14:12:26 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\r', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000007a00000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000002000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:26 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4002) 14:12:26 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x0e', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000003000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000fffffdfd00000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 860.907377][ T4710] XFS (loop0): Invalid superblock magic number 14:12:27 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4000000, 0x0) 14:12:27 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4003) 14:12:27 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x0e', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000200000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000004000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:27 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x16', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000300000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:27 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4004) 14:12:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000005000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 861.880799][ T4760] XFS (loop0): Invalid superblock magic number 14:12:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000400000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:27 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs#', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000006000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:28 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x5000000, 0x0) 14:12:28 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4005) 14:12:28 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs#', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000500000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000007000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:28 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsC', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 862.687337][ T4801] binder_alloc_new_buf_locked: 30 callbacks suppressed [ 862.687353][ T4801] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 862.710730][ T4801] binder_alloc_new_buf_locked: 30 callbacks suppressed [ 862.710745][ T4801] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 862.742274][ T4801] binder_transaction: 30 callbacks suppressed [ 862.742289][ T4801] binder: 4798:4801 transaction failed 29201/-28, size 24-8 line 3148 [ 862.742362][ T4804] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 862.764135][ T4804] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 862.780868][ T4804] binder: 4800:4804 transaction failed 29201/-28, size 24-8 line 3148 [ 862.789344][T27606] binder_release_work: 30 callbacks suppressed [ 862.789350][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 862.790213][ T4801] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 862.825994][ T4801] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 862.826343][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000a000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:28 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4006) 14:12:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000600000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 862.840789][ T4801] binder: 4798:4801 transaction failed 29201/-28, size 24-8 line 3148 [ 862.867116][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:28 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs<', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 862.999257][ T4816] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 863.028845][ T4816] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 863.048942][ T4817] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 863.057891][ T4816] binder: 4813:4816 transaction failed 29201/-28, size 24-8 line 3148 [ 863.080776][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:28 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4007) 14:12:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000700000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 863.100919][ T4817] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 863.110451][ T4817] binder: 4814:4817 transaction failed 29201/-28, size 24-8 line 3148 [ 863.134160][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 863.161475][ T4811] XFS (loop0): Invalid superblock magic number [ 863.206278][ T4835] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 863.249157][ T4835] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 863.270933][ T4835] binder: 4832:4835 transaction failed 29201/-28, size 24-8 line 3148 [ 863.293415][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 863.293529][ T4835] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 863.308448][ T4835] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 863.318303][ T4835] binder: 4832:4835 transaction failed 29201/-28, size 24-8 line 3148 [ 863.326723][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:29 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6000000, 0x0) 14:12:29 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsD', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000012000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:29 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4008) 14:12:29 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsE', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000a00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 864.006173][ T4854] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 864.020182][ T4854] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 864.030340][ T4855] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 864.047490][ T4854] binder: 4848:4854 transaction failed 29201/-28, size 24-8 line 3148 14:12:29 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x400a) 14:12:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000001200000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 864.059512][ T4855] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 864.075118][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 864.090322][ T4855] binder: 4851:4855 transaction failed 29201/-28, size 24-8 line 3148 14:12:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000020000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 864.144841][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 864.166424][ T4864] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 864.185405][ T4864] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004800000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 864.206448][ T4864] binder: 4862:4864 transaction failed 29201/-28, size 24-8 line 3148 [ 864.226300][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:29 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsF', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:29 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x400b) [ 864.363325][ T4860] XFS (loop0): Invalid superblock magic number 14:12:30 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6010000, 0x0) 14:12:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000048000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:30 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsE', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000004c00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:30 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x400d) 14:12:30 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsG', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000004c000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:30 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x400e) 14:12:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006800000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000006c00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:30 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsH', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 865.389280][ T4909] XFS (loop0): Invalid superblock magic number 14:12:31 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7000000, 0x0) 14:12:31 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x400f) 14:12:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000060000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:31 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsF', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007400000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:31 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsJ', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000068000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:31 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4010) 14:12:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000007a00000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000006c000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 866.339220][ T4957] XFS (loop0): Invalid superblock magic number 14:12:31 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4011) 14:12:31 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsK', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:32 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8000000, 0x0) 14:12:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000003000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000074000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:32 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsG', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:32 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4018) 14:12:32 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsL', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000007a000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000005000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:32 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x200000) 14:12:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000010000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:32 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0xfeffffff) 14:12:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000006000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 867.394367][ T5008] XFS (loop0): Invalid superblock magic number 14:12:33 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9000000, 0x0) 14:12:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000020000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:33 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsH', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:33 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs`', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:33 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0xfffffffe) 14:12:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000007000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:33 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0xffffefffffffff7f) [ 868.196551][ T5049] binder_alloc_new_buf_locked: 24 callbacks suppressed [ 868.196567][ T5049] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 868.227690][ T5049] binder_alloc_new_buf_locked: 24 callbacks suppressed [ 868.227705][ T5049] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 868.250542][ T5050] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 868.275414][ T5049] binder_transaction: 24 callbacks suppressed [ 868.275430][ T5049] binder: 5043:5049 transaction failed 29201/-28, size 24-8 line 3148 [ 868.290125][ T5050] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:33 executing program 2: syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x4, 0x4000) 14:12:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000a000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 868.312122][ T5050] binder: 5039:5050 transaction failed 29201/-28, size 24-8 line 3148 [ 868.328459][T27606] binder_release_work: 24 callbacks suppressed [ 868.328467][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 868.376295][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:33 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsh', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000030000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:33 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x9, 0x0) write$9p(r0, &(0x7f0000000000), 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x10) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000140)={0x3, 0x0, [], {0x0, @bt={0x1, 0x5, 0x0, 0x3, 0x7ff, 0x100, 0x0, 0xfffffffffffff8a9, 0x7fff, 0x977a, 0x80000001, 0x3dd, 0x0, 0x3bc}}}) write$P9_RWSTAT(r0, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7) [ 868.431418][ T5070] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 868.450480][ T5056] XFS (loop0): Invalid superblock magic number [ 868.465629][ T5070] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 868.487873][ T5070] binder: 5066:5070 transaction failed 29201/-28, size 24-8 line 3148 [ 868.499147][ T5070] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 868.508603][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 868.515503][ T5070] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 868.573274][ T5078] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 868.582571][ T5070] binder: 5066:5070 transaction failed 29201/-28, size 24-8 line 3148 [ 868.602015][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 868.610864][ T5078] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 868.630891][ T5078] binder: 5076:5078 transaction failed 29201/-28, size 24-8 line 3148 [ 868.647223][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 868.647251][ T5078] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 868.662446][ T5078] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 868.672897][ T5078] binder: 5076:5078 transaction failed 29201/-28, size 24-8 line 3148 [ 868.702313][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:34 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xa000000, 0x0) 14:12:34 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsI', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:34 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x0, 0x0) ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d) syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x4000) semget(0x2, 0x0, 0x80) 14:12:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000012000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:34 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsl', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000040000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 869.280887][ T5094] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 869.306661][ T5094] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 869.353604][ T5095] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 869.362666][ T5094] binder: 5093:5094 transaction failed 29201/-28, size 24-8 line 3148 [ 869.378495][ T5095] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:34 executing program 2: r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x3, 0x20040) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080)) syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xfffffffffffff7fe, 0x4005) [ 869.402136][ T5095] binder: 5091:5095 transaction failed 29201/-28, size 24-8 line 3148 [ 869.416140][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000020000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 869.448236][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 869.448326][ T5095] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 869.463670][ T5105] XFS (loop0): Invalid superblock magic number [ 869.479702][ T5095] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:35 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) setsockopt$sock_void(r0, 0x1, 0x6dabb1ad4d970647, 0x0, 0x0) [ 869.506693][ T5095] binder: 5091:5095 transaction failed 29201/-28, size 24-8 line 3148 [ 869.520009][ T5122] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:35 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfst', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 869.549751][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 869.561227][ T5122] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000050000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:35 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsL', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 869.594944][ T5122] binder: 5118:5122 transaction failed 29201/-28, size 24-8 line 3148 [ 869.625787][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:35 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xd000000, 0x0) 14:12:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000048000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000060000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:35 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) accept4$packet(r0, &(0x7f0000000780)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000007c0)=0x14, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000800)={{{@in6=@remote, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@empty}}, &(0x7f0000000900)=0xe8) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000940)={{{@in=@local, @in=@loopback, 0x4e23, 0x3, 0x4e22, 0x1, 0x2, 0xa0, 0xa0, 0xff, r1, r2}, {0xffffffffffff4086, 0x12a0f534, 0x5f2, 0x3, 0x2, 0x1, 0x2, 0x2d}, {0x9195, 0x9, 0x5, 0x8}, 0x3, 0x6e6bbc, 0x1, 0x0, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0x17}, 0x4d6, 0x32}, 0x2, @in6=@rand_addr="72758acbee4e85a084cf8edf0a3886ec", 0x3502, 0x3, 0x1, 0x40, 0x3, 0x120000000000000, 0x20}}, 0xe8) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e24, @multicast1}}, [0x83d, 0x2, 0x3, 0x21c, 0xff, 0xff, 0x4, 0xfffffffffffffffa, 0x3ff, 0x7, 0x4, 0x7, 0x946f, 0x6, 0x2]}, &(0x7f0000000100)=0x100) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000200)=ANY=[@ANYPTR=&(0x7f00000001c0)=ANY=[@ANYRES64=r2, @ANYRES16=r2, @ANYRES16=r0, @ANYRES64=r2, @ANYRES64=0x0], @ANYBLOB="190000005b5aea76eaffffff1cf0a50000000000000000000000000000"], &(0x7f0000000180)=0x2) 14:12:35 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\\', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:35 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsz', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000004c000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000070000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:35 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x2, 0x101000) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{0x24d, 0x100000001, 0x81, 0x3eb}, {0x8035, 0xfffffffffffff93b, 0x1000, 0x179d}, {0x1f, 0x3, 0x7, 0x5}, {0x2, 0x1ff, 0xe6, 0x400}, {0x7fff, 0x1, 0x9, 0x200}, {0x9e, 0x800, 0x6, 0x34}, {0x800, 0x6eaf, 0x80000001, 0x62a}, {0x0, 0x80, 0x2, 0x80000001}]}) 14:12:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000a0000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000060000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000068000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 870.686673][ T5159] XFS (loop0): Invalid superblock magic number 14:12:37 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe020000, 0x0) 14:12:37 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs`', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000120000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) 14:12:37 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x9e', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000006c000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000200000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000074000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:37 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$KDSKBLED(r0, 0x4b65, 0xf0d7) sendmmsg$nfc_llcp(r0, &(0x7f0000008380)=[{&(0x7f0000000000)={0x27, 0x1, 0x2, 0x2, 0x6, 0x2, "7b37cc38dea4f38c1caabe813c3438c5ae0a737d8ed4ef5f5b0289099e7af02c27620f110b0700d1c7421ed47f66b0bbaaf510cc4cbb28da6f8a7954ba9eed", 0x3b}, 0x60, &(0x7f0000000200)=[{&(0x7f00000002c0)="ff78b6eb79bf4e7f860d0f790a5e6cc4d9d3ef468a1e210f4195f018b1d4282faf57bf86b3af586cf8e5b40896ab8da5f56eb6b766a610ddfe697fafc8d77d5c13bdd8c5539c24a5aa4de602357836b2c6b8b41024e7f7d0cec83821e335af7c6177044583d3c8d2fc8028d5d5aed8f5b28af20a976e462587d3f197c197039e0d392a5ebd36207e97a56c33f12c26ce266a569cefd9bc818192fe32f3ed26d7c38440cbcccb8de874fa5e93a4718d13c3e17611404e5ba1684e6a368fe391d6ab7eff0618053e4eaf1bb53cb3841dc6c703c3e6969d1c048a20ec9e69523350c77949a82bc3bd362e01249b38b3809f873a0968fda4ed73eab3399a661e6033be5147420c06e175c9eb5902ae27d3291006e8b5f305efd2d03084e33e257c99f7fa162250f7d97f143bb5a3a5712b058b2265395fe5a4bdc2c39433fab9a3645012766337f176f7b538d752da087c88f78d9087ace7c003f5c11ed3edd626458c784b7b01340fb0574addec62b6fd9254b0aa2c364185381c23307dc3b7afda1d9f740a5c57301d28f8815478ea38ed666f59cff5e767899e3825f05a5b9d5a4ac7f92ba331350e2ed787e45dcfcace4e29fddb0eb258e231f801a92af1bffd4dcdaf4b67981a4d7bcd5ecc69c0e996d25e70cf86aebeaaf71f5f0d2204f99dca65fb427d170a642fb20219a8f2d516ab2d1f8218cbfb7c62ce9d6f994d7b1b329cb90f83c55a5587f2fba226aac274bb3989137aebaad502e5961883eb5c0cefbf105c3282d9de322c330eecdca06dc61e5c25345bfeda50db7dd37825d7dcc035187606aca0cd97314e0e87b45891c163d228934728ab111fc0e467281e7c00ae780a47fa664611053a2932599a00197cbed59a2343514547638fc18be5adea13365edb8eae7e1dd12cc728505ca448d357dbb06d342f86a8a7492bf6464baa3f35ad6c1a8d12d6843b5a69900e6313fed81e129a0204d667f96b1a0d4c2b46526e80afd78554635aced75803e7728840d847baadbda2206d6520636d5ef7d0fcbd2d05a62c564f6352503a48d220072102eb1c39988cf62de5f607cfca999bebf9eb4da5b47076c16141e126603efca8aefa5dde67c2a3f1298a86b8816ef3ba40a219b93959f1b7224a9ca1b2230fb3a6a7f94f8664ff1eca9c61202c67e610c788e9f1912cdc7577b587f8c55f16c99e161af31f8b81d1ccb42ce7e716e309a5de2e74bcf2976a226f0b3b522f82e9646b0f36cd377796e8784eaef392fa2f9e0ecc73a2588cfbeb0900ec9071d0504d9643804b7041b2042681ccb5acb7be378ecc2764e9685efa8152a87e3ed83bc6e2942c1d82d4f55828308fd69bdb5e79da52224b594fb4535c21179fa0dcf07fa5c2350fa17893d7928f07dd0411fc4b359eebcae69aa2c1dd0b9b5ac56729ccb2156d2fca8e7554acacd8a21ce8014da51c5247c7647e1242c6d19e18c298c7089da688e569786b8c33a024ae0cacf41693782ce38f02be924b704e54cd6389c650d763317950c4444e963f7c880bf523be04b3b5170138738e3637d8950592e053e46df4fb79e410020213f7fcd0d922dc7548a67e7c74f35fee5ba2506c1c20cad94abed72d82a65a674841ee934596ede915ff63aaa4d555ee1cbab15755d269cb4ef2330acf632fd8c951a7e8c65342e34de3a28fc08bdad95d760f89e7cad5f5d37509294262aa71247eed51450ddcfb722f880e1e8a82cb8fef179a3413fd967490a1b24314e707c58ab4124e5b3371b32c73a55affe2ebac26d869d7fca2d31a518e42ecedd351e705049dd738cca27f064fc9cfbd3dba3bb61bc01f60401e561e2e5de92c4f12fde46b311976df22fbeb3f3750c3901a13acefe5f3aec3501b4c50f4222200aa671f508a908f6c7d2eb395cba1ff8c21b7469e8af6125c5690a9e2fcf83f4259d0d2c38ff0df850755e3b55dbbc637634110a0abca37004337ec98a707faabe15d4e5d900e35d903333b76fa781f470c8b58f4943a3fe5744e151e2e4705f5825602ca78df3ec3fbf82a67abc0565bf438e01b45fee147626fceb46f44ed72c2ef407fb568153f92e76ae02c984e9dfca0a76851bc5544a933eac570876d39755e891fb5a801879fee008c8cbc4401787895da01a991db7ee1f5df77cbdccc979863e40ff7a42306bc82b089c43f955190c040cb7f6c64ea2553fca7f2004d13551715949b72838b78a5d282b90b44efb2d9d4ead6dbaceec4747f17c9dfcb6e1e25a93a1a92998e37b6ef12d22dbe5a6fcf481c3da5fc9c48bc28e9784dd72f3e9f48ec2f1364a41df427f43fbe10e071926a8b978e860eedbe5c21eaee675b114ebc95c15db02c27c7ee573a536afa352ab1e7565f0d3d35ac8c3a3ec6b687891363eab8f8439929661656a1d63c2c5aec085c59322330eff4a44cbcc3596fec34b0f467da569008ed4b2962a4dbce653fad9cd532ef8951bf9862d2f3b6e53e8f3aade8aa3e5aa997956a46dd5c552f0fe1758812ccd592220b5befeb1dcbc91f7ea055eb7528628485a002a6b52a0ea7edccd9cd9af67cc6abf3eb6eb0b9d07d1185d95c67d71aad621a3274ccdd036cb249a89808f71c19581697a112097967ec23460a4c5f1a3719da16acca7794f78e8136bd65b4dfc6f8dcffa67fa55f746c1f550a487ca39786f8a7b60713e55960674c7032bbc34c5211218fd00ec5ddc4840176b081fa2df6ace47a097a080034b04485aecb7977bc11793afdd21986b44276c3dc3bf0ca782d3acae76dce289e5afd154fd4430c630f96e42f0cff1e7bf83cdf3a7814a5515f12f3269a7f8ddf7b2b681e8d7ca19553230e85381cc2d0bbd2af3622c5c7ba11821aff423e332474edcd1e8d6fc7c5dd703c5fb258fa88c0b34b0dc5fffacecbb24ae055ace4657d819c4de4f717f3c98d7568a46b8e5d55e1196082615cf34441896b516038cfceda1e069bc2e01eea886be92a6723225a4a2f38f7f8a8a5155b99198a9f546895b521892e55faaee5b6e34462db790686255ac322378f4fbc1b94f810669f3fec8bb9f46ed09f3f78f9f4ca5d2afaedfcd9cffbaa6196cf0b1c657f83e79ac89b5fae6475f57944bf8bb0e9279fb23a4e43dd13e58169898e3f37956da162a3f2e8736024f819b4f17a11f9250d1614ce6d61b96dc96b01a3cda6c5a19f6aa91387c3ed273671c63c4e794f37e93c22a1d9db9545556bf8cfa68d09ba63ceaa271ae0ec6bcf5102f8d739a18955a11ddc6d306748f3861e67b3ac68b99f6057e1f2d77cfdb9a4468a8e0bb9cc8a5cd9cc58d72c56d14240566d6843cde4182b3288d1a2b142fabfc537f86faae19be6b7791979af32574a64c7e4c1193a4898aa6c1704cb1a030495007864e3aa1ef4bd802a4aebb2da9ab18c6b0d530ac845e053c0513fe9e3823a2bcc4ec88e77241948f3900e1b33ba71ecc5d2cecadd449694e2c618c4baac66ad2e6ff9ead4bd0ea5ac0d7fac0e545b6c56287d1f2d33710ba892f3ab7a468835bfddf4e10e82f8fc30f004bb7e115ba78224df7e6e7d603ea01c7cb91b7c22329db58a7f64eeab893844e7542c1dabb757f358371ded662687a70fbd117d720aa4602340181021eaf71bdc36477e3cc3bfa66fb1f4fc1bf2bd05aa555795b44ce3b968d81a5994c02c4f91a30b04597db5a6395969d804357665a9f767966364f2a16090b4d4fde1bef36778fc0b41e0373aaddd0510d38598a6e877f734bba027971914c3084cf67adc04c5e8cfb6dfe0ce10c7109b765acd0f4102a6a32727f41079e2681e27f9b342b29cdc27c4c3961eae015d46ff374e8e52ef3a1d42ddd6f039f1ec378ec5cdd9bec06acf08ffc7b90f4d5369732f2fda627a5bf40a3eb0b903f626b359cbcfcbc983fb37611d2dcf439421fa0eb1f19fc0a3fbf60b5072df4fda6c6a57303a4b7e1389279888b2219c2547ff4d59eead396199eca95ca07f930a726c30443a6d297847a0bca99f120185e30af9944b1b13f6ea38f94dbde4b486c5c36a7cab2ace1556fa635b118458d2812de057ae5486026a4752d2cdec8f767b0ab1e0cabcba14f0363df16ead052e3adbefdece2ac2b87af4e37b82c0904efbe27e04ece09a6f955fe86809e0367a6ba4fb24737796a80b725dc299ad586da0ddf34d8624e18443fc11906ac2f5910d9aa6f89c6484ad5ba25fbd3241ff4ae715bf18b0fec0aa399ee5279ef02b818a97a4a6ca98f3c2c4ffcf8164aa642d4211ea9d791a8d3d140d80764c04c4cc3b0607191c0fb4ac0635622e6bf55ebbb93b42024200baf35d6ce3d12240aa2c1e03ff3af7520f38c0efd4c7f7ab0b71e355a5f9676e5a48b6f45900841d9ec13ee478d8d62d19a3bed0d57c8694f31008dc062a854fd7920846e07b719c63220326010a9928e4e991792c00109c03bcc02cb7189b96a9b32015ffaac62524ac63e2313987d97acc916241e15291ee1d3f5cc6e6f9ab600a37b7b7a221f271854b16d43b099635f1054aabcb2171b951d300652773041ba1ad64f01368d306c246a5126ab32f1b481aa7610431ca53aa660b7c64eb03dd80b99d8296f8df1e055abb9a57bf9975b8def53f0cbeb804ee8ad78e1e82cf5ddb917bdfb04f757274c8b86bb8acbb1d33e03b347587c5e62cea6300bb5ccfab91d4caf9f94c1af7bc01b872919094eff411a04ab9c25c329663adc8cc14b5137a07c8ef9b8006f85fda5685d4d4c9e8b63cc13209b98814c57597b047a3a0b014da20ed034bca28150a168df8c945f3d2891397525bc176d08c5b563c55173b6d112a01df21adc14bbc0e85a6c5d5f842a0c9729f2a592f971993266ba7b052c16c4e0be1f35317d22738f112020da14b4230047486d6783748b5938065d8ac8ceb68a6bd4f7a443a7fb357137cfa0785e9ff37bdfff84982cdf886dd276d440c7f5799cfb237f98e8555e94a8faebc58759c180457892e19e7d8bf873859090b18c75d48edf532709385fb01951978694eef3d785da8e31351bc06f1dc8d3f602ff2cb9f387c57f3c7905b9c20e07d073334882b3a4c64dfd1c1d0238f513f2993f6c7e8aaedddbc2e075392650878d879d74a5446e4333a70c4f4ffef6106fdc3bc387e0e7d5450cb7cb1cd57584cb64a3d4f58f9aa85e1504d18cff88439503f6ce4ba9305ed95d38c964d8e6550fb5de5f1f88a2d1ea5a16208ec15201dae36f9c9f6bdc91a6e7c916bfd98c154119142ca9275e7631fae2e637661daa0a99223ab7611eaf87c5e4abf2ca84ac23e051869b6595336046736ccf3aa25ad279be8aafde224a5ac64fe310db7a13ad66ec039eb60a05439ea4c3ce3f5f0b8f30f2d3e3af7c80e7930bb13c91e6e4b0f56c3927ebaa6460570f9ad6f05b0ba25ce3e02a64c646a29b96326b921f7d55a0791f7fd6a8b26beff44f547a0fd6137a4b6ca800b5851be9a6b188fbd050a1e1ed20386a1aedc6893bc26d562c3e4095359879ac9b858fcf3db7ca0ba0c94e739f832bf44f4aa3fb3cc370d9d02e9218143369c72f0668699c3dea964e7784bf18926a616c59c51429c59aa03a1df57c44d8171ff838cf9fb2637dcb6fed659706803837fd28e90052cd80f9d49d62f327e45165c9dfd6e363c262cbb54ad29bc2976073888bb85d8b4871444e4b8d36806f78b641b9ff312ecdd91c8a2674ef00d88d45712bbbe3f8b6ad9be0962a6247aa12d3f77727b72db5e3ff1973bfb2314a2c5106f00572fc33b79a2cafa3777fc80e2f8fee0c5b9c80c29690c36a42505fb029f95e63721", 0x1000}, {&(0x7f0000000080)="27660455b1a060a934641aac13e88f84f55d56d6d3bcba21093a7238975af251e9c61122e57b1bf07cd31e6fed8fbebbefda2d32f991d2e542accca9b8f9cd592efa6dc4da05986a3c9ce871d00e", 0x4e}, {&(0x7f0000000100)="1b0a1d55096f70e8d7cf37486ae66efba4100c42b972d094f481cb59952fbfb27c79592e0ea1c85633befcbeef26263dbdfb9a16a8e71101d4225a0cb7fa2f68eaff206c81d73ec0e27f4dbb4f0c1fb0f5a5ed96a1e3090c251d8e126e02157a94e015b859ff82b882c040561bd9f3b2e5519d47ba04469e7280384fab88039a131bf3e9ee0c1715a39721aad551c0199140ce1fcf8bb3b009eb5ea1eeefe4c46408ff50e1b3da362f0347fc85bbb74e1734d18dcf03de2644414b36534df8ef613c7215eb8cc049899d04f850cc8475ae50650412f7b2ea18b4a2f4aa2411bf34d667e677f9d696c2d98f689afe", 0xee}], 0x3, &(0x7f00000012c0)={0x98, 0x1, 0xf4, "0ddfb3ef5104547556d10203f5635ae7b5c65609555052aed3208a7bc9399569a361faa47406c22edf4540147f705c15877f6b91829685cdb2b6a86a80ae2fb1d83b90e033d2a5359248672c05ab13d62644c59732520b8164a21d4a2f266919119af9710629409776bc47facea9775f2a6b1806b759eca5623acbff05457cbc678df790f1"}, 0x98, 0x4010}, {&(0x7f0000001380)={0x27, 0x1, 0x0, 0x7, 0x8, 0x4, "95d7c33b6b8fc313280334c97c377006476c17f6d5221634da178459b66525de16a45bf0e20381d7a02d0c01520860ecb718cb38bc0510e05790bd1cb0a974", 0x31}, 0x60, &(0x7f0000001980)=[{&(0x7f0000001400)="b96b4d636659f2d57788935875c467d0a34e24016cfdd7b330e4f7c44e2dda5555590616b67a37670f0f6dd0454b4b66ab27256b8d4194b53c722cc496b2e36b8528a7aafb35bce89ee049a4453b5a6bb0c97e5e849beb164d58e8aaa594bedba1977f3a2bb2a4c8ee1de4e58f9cb4b23c6f618ad3130621fe5db183f809f41517368350e98ddcee5074d0f5592acb8231b31bb304022132c3423aab8db4354eed225669ee5b3e573b860f3e5f58230f4c91afcf496dc54b3460cd1c69f0b203bab4519edb9ee4e959f9a131163e7dc9aa92efca06ca259ab71579", 0xdb}, {&(0x7f0000001500)="c96aaa53acdfe25d42cd711a532c5fa3c71f1d45f14ff9cf2e6ecfddafe53217aa4f5c7fc944055988110c4911d25515e82ae4b9bb2f16418f21d9bf8518142c127f0474dcf3054a241cf57b1b4b12461d3b91c76ff1a277c4c1051408be9ccac0fab7112b3862402cac6adf67d7e8a7711841ed0e1ea4d1cb7ec12d48e4a209a8046aac3a7a96a3e498ecd266c75d95e5c32f16ed513d2ea80722d5d3aa3b99f10404eb4281154fdd3fb76800127e9c7efad74515c890fd0c4c4a65fc4f60ebad6208ff66d15c6e83d062741a", 0xcd}, {&(0x7f0000001600)="e808f322b59ed01a61ea6a12ad5303f68b751bcdf651ec949cebb54e716815daf6dc44512b0ee6d56d8d60b8240c4a1cf6d7b54ff52a9506cf6a16737c06299ebe52aa6b5af61d66756fd0f77f7ce885f039626bb820546384407f9c3a80e7402c710a59775e1bc995f3a0d05c39", 0x6e}, {&(0x7f0000001680)="656154c0039b2e376544eff35f309886c8e42a53f298603b061f7653bb781e486f44f2b4260a6daf80c615f55f4e59e671a42c8bd1106a61171c4e4598fcaf822b848f51757896a743075586bea80ada4b538eaea6786e56147ce497b5f538ea3a1c362da4cc7495b81690a618f587009d2b2a56d0c3a90519b2e32c97c4610704237eef10fd4ce5aa2c940a418aba565d2b875eeb6d4785d0294a1fc009fb4989a0735ce15175e350074ef73cf0b8a9c8e47c58ca65f2b59b4966d16a720aef0e12c7a2159bc2c4bd0130ae7e37169f288ad003f92cb63893ac501f0aba5e", 0xdf}, {&(0x7f0000001780)="00d549525cbdb1f6df36ded40b953ccb113a028e1aafb9a14db9a3719a43e6265bf752fdffb2eeed41027378525389f7511fc7cdc0c8ee7abe21022cfa03311c9109364fdb2eac2173a3b35f403e66b53542aef638db7f5e75fa2777f8a842f06d70912b997b6e602d209bade4d966e540be68b6", 0x74}, {&(0x7f0000001800)="028c6d9aebbb89dfbf2f82b3f19c8a4b90982faafc12747c028c28cf1b90359bcd1f4f42e2b581b7ae5663b910ef566ff91abb153e367a49f1329d94e2c9cba7d87578ad4b32bec0096501f48e51df72a38f127d55eebe78a08ec5990ffa7c0525daf933d6e1bcaeb327fe6d1942326c034a785006f005c653278f3313a70f0e", 0x80}, {&(0x7f0000001880)="0e69e478a827f1a26067af879b08c7c55b78a367e0ce2a9fa664b44628c3a4323ad56081b00ac16327962b05640713b5ce7e68768838516add286a8d12a7124e4d8f6e2a09d9ec7bb4cd9d2bdf61f7c44aa1eb4cad9c7788279cc54bfea4a1ef8b384f79a0d16d5697117a795b1b98f6e267a36ab39b67cb8b5bc08d1b3ebd", 0x7f}, {&(0x7f0000000240)="8c4a3bbba6445996ee6dfd70f6eb9e3371846e0912221b142da3a9c2e353a7c84581b86fb6", 0x25}, {&(0x7f0000001900)="cb11fcb0c27e9d9cc82626e33a277424710673be3eb2b7c4c162ffd842a7152a890cd3fc5e3320b7257d124fb80c7a62e4665c563b4407b54029dbaecd", 0x3d}, {&(0x7f0000001940)="a5b39296ccf2eebad67fe8d90af7", 0xe}], 0xa, &(0x7f00000085c0)=ANY=[@ANYBLOB="10100000000000003e00000000000100388d80f9523ca32d3f0ac8bf42a42f85dc0fa7ed80b0e52788cf56c12c07542b0bf11b47044e77bbe123f27f28662d628bc81a4bc64fcad97d27d86d76884fdb67059fed278f43559185632f97b5d9dce6a86b0630d72f81027fa98e97c1ae71c0da845a7741ddda7fc396ce8c44b20b6fe5b1c0331aa8d43c677dab8a900f92bac88b0ea77a5d4130e0487916418dda6e121a5edce8bb92f8189836a2a0ff134872f643d9c41c6596b3e707ab37eeb164a96b194a7071abeaf596450a169353cc520d9fdf67a0ded9609c9e28483f96aa5e1ee30a0e5f6af81fdc41053d41d16cfe16ec30f6f585e5411a29bd2b67d69d4e22444080b1e50ed5a43c8d2e3e3cc407b16e8e56000c451f742c57e65be2d81a564ba02ab11bda8b3d87804c0a317a6b61875f243ff7a5ddbd153acc9519c41aeb974d2a2970efb704ae2ddc8d2cd0a50b4cb8ca9943298318de34cab0df0e7aadaffb498dc364fa6adcd8bea67c3d4e58f2a1389ff5dc7a22116e66eb4d17248eca823be610145524187e960515330510b7253b2d5ea3bbd0f333c2e27970e3331820578dab8ec04f7382f02e098f3baf453e3ee080dd9903e4e33f18873ae53842417e650bf0cf0360a87ca444497623e5746608688e529900f8a67e5fdf28139abb1e2508d4ffede6d9e3ee84f0414c8be07a044b082b9060af0e5064ed802bba96f2da482dae869ce22ce21a09da193440f1433083ab9dca62716866b0e879b8e14c94b2c30ae0d62b2f2802f802a4621e9d88e53c91b1bb99cf0416abdd50c7e4b65f84ff5a1ee7f0e99ac8abd3c09f29e3f61b5fa98d849706e784eee7c4683209fb7b80db920d07790ee86c8e73ffeb9f77cdcd2cbaac810844838be43bd9a2866027c5333b4e18c391f63e326c9319faf6c73307d44c7eacf891de4d51d706f014ab867c29467c839d497e10d05aa764ac1e31f2f0e6285ccd14b1fa41e01d6dbfe2ff86279ba592b1d862be3faf831f59e5cf879d8fa45a88142afa3757001d3b45d00bfd2390073938286b36c215186055e81d78032766be5d960b9f29739c0dfc63a0613301ae2198d6e3c3057eb35770fc14b531d3d0de47c475f464a4b29c2d2619f1a8e1f6c535b9be87581f822b6e125fa8081f6bc6d36116e6ae717e08810418d2b6f8dba17015c2ca80bed93b45c51984dc1258c03817cd17011fdbc905f103e61bb2d543ab8c9f5653be3215419af507e9f3625ce603c2da142a9cba51580ab43bf88b39beeeec6c9bfde27e05058348751baedc56112acab9bd426ae67e38b601290cd8c837ea9a0aa2a0333d2f9e5a5d102d62acc32cbfcca4342710199bcfc8a4ced80a620aede319bc639c5c2197960190dfc8fdf189c2ea6a2f6e3af49f1c25aa70bb1a3ab15c932e7cdf00a0ff31e67281a91c5b835719a2c4ef163890faf3566f4e984550de67531cea966685457219365c7e0e250584e4bf4840ff745eae771527bde85a69cbad1a2a7fbf19e94e6055a55dcd584377448b006dff4681ec0eefb714ada1c62975c911ac957882c4483f8ff1407c6073982269f44bb56709f472c912310258f2630c4cb18ece498c1b3cf4940557389f53e5d84b7bcb33191c6554e8a725f9b2b282f7e209c54e0bfca2e59b3eb451515d667e60236a395fb6778729d2c9f39db45eca900cbd4d081091c6b0fb52cc139d1bb419c1ab61d71f16ce3a372baa6b1b01f43dd44850d0e85264ef9ee38f6a79e328cf9870b05a92871efb6984a2bce13163750e401ec81e3b4e096b11b84da8d9025b29e67bb484bcffbaecb52abbc6c1f5e2061eb956c16b2149da266e4c27361b70be022ad723f2981abdbda924ddca8fcfdd8e19b8368c3f22f53f5a8706f3ea357de2aaf188987d1093906d5bd79a741de6036ee8ab6b85c2b4d6156336722cb20ec87930e6e11572b545fb14cb091f7daa7d8837e83b373f0795a60a8e903265a236af3f5250f6b21c5e77bacbc2f738f384eb9edfefc66acf569677ba33870fb5bfbe29ad6db7a865bf722b8da32c97e5007c911fee8e5541d3e9cf66b94fcd76276f234cbc1d66074e11ff28deb6a921aa9fc433051991154b5547266c5afff20f40db0aa740505b3ae172e87fe8ab180e8c5f36e89949c52341e527c7af9c2b106a2aa1e77238a376b45880e608a1b687f7a917307f2b79b9595fe2d7da91b1cfc2872fcbcd2b36bd3f2aafc3923d085503bbb7ecf089a47fa813544c05836ff9b4c328f2a67ad452d38803e6f38b34aec91d7232b5d893eaa9101fc7b0acaee1f7c457fa03cb13923e697f20099337543a9367425f2498bac9e0d313491ef2082b004d10f91f9a70615425b910f27f8b851094f7adc40a5fd6bb46cb30f77e7571f98e9704730c957f0c40cbe01c88388407693c5ef724c6320a4ef697774d4c097104e801bf5799c54cdbb26add9bc0b48a5f405023bd3fee65e40129317554c4bb2988eec0b60efe08c91d4f63c5401a3d7ef0427f05ad8b3ed866e00c15516d43d6be126b13b9c0f643f157bb5979197bbc67986e8b7089517435ffc94d175e16bfe66bb75723247561d715aed9019fabd993ba6c0fc628b80ed8932baeb9af9643d6e8590e473c8a45b8c214c48dc2d2ff77fb128c8c9f7b6206411d72b0634dd972eca18ebea570d115a9b7ca6737b82f7843def181de669f9b91c795622c5e85ff5d1de142dfa7ab63e227ad0cc0628c8c32ef5ef4f7684710ef8dd52a7d0da91207415478baae56bae916faed5d1d641359b84a21f9b67e6d7defe502696ae97faf133d20dafd146d7442f5d584f1ad3b280854fea453dd0e180c144bff06da56f26c8135faba27dc391db660f3a4abeff3bd174d86b83c502d0523846ac8aa3599a73e77d819e204fec50c92e38c316413533efc8927af93bfcee3c89c6537d9cd9fbd9d6fb22f2ade2074ecdc921cd8778003ad6a4ae1bbd707be1addaa521ae416a6f0381038f784ab393b18e57edc1fad7d502c6351f454ee252eb863b972b09f8840e520616aa8f7a56a597b7d599e655ae71d8848aca65a868def6783fda47a9c31ac8e2931d99a1c981de34a7689029d8a5633f3b0e6522161d0e95433070641327dfb4e3a9b243c9e47f03f5eea9a2bfe89da75066697f7f2b1b41768df6d4b898b79d68800b5432095d0ad49a348ce0600ae105d8b664a20d6d201a75ac278b552ca0ded0098989a5b94fd881afdcc57f0408557d3b8922759813baf62ff539659c6841c6db53da88bd404092dbd6d70822610797c4b121604e77532236aec044965da1a705b8e9753fca588fd8bdeab0254b3595c547538a8051a0a992e8f01b53468311f9d48d9575b9b9599e9c3322f117718049afda77eeea3904832673d467055a9b0ae673ea974cb52e13c0f12915a556034f50f03801961e811f6887f5d7e605d5b7f5c2639c9fa3e6ab341c4e9bb67bd5d8853cb2e60ba32cf9749d9149becb6c4abdfe334cf6150459393e1ade0018f580ed5a0eb21632b007959d16e5bef1ebd31ff2faae12d5b46d1ef2aef2a15684f96176f7e1bcf0b66858aadadab11f38539720b82635f3396b9b7701d99dafc7bd6c216a705a704c96e76860647fa6e6dcea5f045bd959568ad214c4cd834020b52b8a6137553b31d6ade486e969484bb72219707b1229d3b786891582673f22785a68e9e2e5298f57ec0d9652930ec7613b468dc53f40dc7b07b15baf18495364321b3a10291343cd8609c4b111676dd112de033af52b7e4862ff064f5031478947703a3e14e98f19ed97fc4c1843481a8e2eb969cf1d86914a3f3ca3e3a3765199a3ad18be3de5410a37ad522b2eb6896c36bb1ad3dd9e04de7763c669040a5e9d99846ee4211efced378010f4aa987fd782e1b687b01915b61775ab707967944beee962eded1d6e2029bb9195cef026b2f3453c991590d030fe1e1a15cf745a69a43f4d796663ad8eb356b6cd47620b7740a06e763929ff56cff617b4d610665c057a55c267502b336acc5236034b74f734e77c0bef6fceb71dff67ff420eb0692f76908597d60b42ebb5b6514748bbf1f02239bb66d95c1d6b119eb8004a5093b0eea1802570d1a47d5dc3f0ef24b74ebad88a50bbef2aa49e3c35b8b93c1f02731c7a9e27622d18a79553e0f746f062bcaff496a4b24d049dbd3771ae188f6e18af0b0a68b07f8155827337059d4aef2f1966c217dc71843d38c4c3ab786663d4259553e850c488a2de6911041ef0c28830d1140234effe064d2566f7e9f9701f8477c518cf71adabef6ba156216d66af7b7906d488518a7ec5720d6b97755375e950dfc61f056dc247ccd5821a22589cf135627dcf9cdb999156dfb2c84f657602c6a13630bf9c7db5a509a0b9205946b38d2b86c46f2dd26d7db8bb0cbcebef16947cc247b86991f8b077279595e11145bc83cef3717244c5436628f4a4ed6c708cba080dc0b48dcf8145aeed24bf980cc80ad6a042e6793ae10411a45041bff22db592929d0f3b77957e04705e2872ee3ea461eee8b62e2a0c93136f91695caf852e25fcae5a9af05046491f43d5ebddee5be6e3c830dd04aacc9a79cf66293f427a05e5528b48fe4a2c317c8b34671f2ac0c220b3c39ef23eaa588d56610cc655baa31c1277ea525578af027818398953955bba09b0da5fd30f17a7cb0103b839b6fc25929927c0e0a0c3f503bc1e80bd2e6dcaed7cd198a0d0efd0b7cbed0bd556817abcc46baa86016832afc2472c9a76ca4be6c70219362e6135051f32b9916a48f4f498e963f33ca8e1bfa0311bbfba0d9288b687ac1e7ffb81ff4a106ecf22f76c7224c90b828ac8346bf58dcaf6b5d4076490ba9584676605393a29fddf2f5b01e3bdb2db70f45f96ab85292c0e0d255149aafe9366e77cb4d97daf1373c68a6d21d46be48b43dbcf61919b966afbf7821a196c39a8609099b304b49d6e03ccb888358ea0f599f151b88a3ea3900e693099e0c78eb70368408f0e50e1ad5222ef496b58f2e325e158f01301015cfa7cf020b03521c403913e7080c74483cc55cb3b6f335d86d8ac6296ea2a6a8a51837da9cfc1ec948c192a58e7d1b3d4a57f3253905b4aa9a4efd093300cbe2fd79b6168c31191018dfb61b2cf56cef1a3464bf992a66dba8c5fceaba49abbc065f29a7f636e5b715ec41e45358981eb75d903005afe5471909a2dea9c3b45c13ce284480bc62fdb45430799e1f8547c2ce68393d2465faf2520966e8feda71955f3ca2fc61b20843bf10c728aabcd98c054edcadba3bf1a9e7d1295fac35ba732c9fbef7699af4aa43880bcce12184062f9b83697e8fd8f474db5595b018c9834b41faf01707fa5074e4193687c5c593291063fc5686cfcbb73b678f1ec9f861f311ba567955586069582b24cb2962f82f71b4acbb085681d12e5045c6ea5906aa01e0c1863ee1a11426bc8b0196ce49036e608f2be1c18c608a46eb006fc84a6d63305e29289e502224631aff66278d2f3bdd953156719b0906389ec48aa645d6d5ffcc3e2797cd2241adfaf6cd462cc8b852397244efc3543d7da53b636b05940c68fd1e39f25616141f9c7a800ac42b7af58b3b65c214377f2d9d11e82db3678dd5aa5eb8c8e106a25a591498f11624ae853093a0e6d2d1db0acb3a65b879652dd944287b22f06207c5ca659827e9eaf4c20b8821c2a02d8a4764a9908ce147a5e48f13d6d64f55c86ff7348d0bbe346a7cd51dce163f49de9d6bc848a698e83eaa13e58df4479605d3418155066108c62e77999e88192c4b0a839c964c54f80c88ed0efa7cbee3c7be5b11e583ae4a55a113fe940d7a38ebce25ff143fcdb89a81a5becb62f1788fc0fd2de818a9d1514b7c8f7aa9228e307664ffe9f8beafa53d3d06c7b3683879509459d4eac5f12055f4c0db64ac31e5594a43a4bd9fdc5054"], 0x1010, 0x20000800}, {&(0x7f0000002a80)={0x27, 0x0, 0x0, 0x6, 0xff, 0x8, "30af5f753b96b4dc0c0d6c071651f710687a2cf91a44eb7961fae5ee575bfd65b125942a1535ce5c3246e1e74e96abaff00f44120dc76ba2898bf201169521", 0x34}, 0x60, &(0x7f0000002d00)=[{&(0x7f0000002b00)="3c8db156f9cbfac179aec2f9b9456db1c9d44153204720685c7e837a420726a54c7da1ca52ac220a000361172626ff1039608ddef05da405d19e5140cba5bb164ab5d214b52e6263591c150a9532882970942b9340b1897f", 0x58}, {&(0x7f0000002b80)="112e757e6d85d617d1a62867e9f0535b4a81e309f40dc92858bbb16dd2a6236afbd766de882511d65011074728a2d4abe6c5ec644ed736dc19c06480773bc93200c7be989a096c4d1f282d5366623808bdf4ba90da494a033bdf010eb5582017d7cc249b40a6e60c65d06637253bcec0c5400864f2d7e2093378f899f5f27c38fc33b8743b47b8c55691d6f1be8d0d654010de01e93ecf68d90036d62f6c14726c824b1231e3b8a94850d7b1e56fe875cec43281301ac8ee3b9de5cb6a89c31c2629186f965019f765b73b47868fe9aebe58d7387c16e886a802f170adb145d93616f36427a70783ce8beb54714cfd670a9305170005", 0xf6}, {&(0x7f0000002c80)="925b69c6ce5eb022729351c21cc6ab40", 0x10}, {&(0x7f0000002cc0)="0a8986d77106bab0e3309a0d97fe44395017a4bae81f2b41c1bcefd0cab315c605c3bc48188008f97e6ef8", 0x2b}], 0x4, &(0x7f0000001a40)=ANY=[@ANYBLOB="28000000ff0000000d01000006000000e071c898e4df8bc9189e24b327c2d246b95da99900000000b9cfd36e2d69b52ce6218dfe33c2ff2d526af1f5bc1cf16a9da14f8daa9c4dbb09803ffc9c67964c6c21c571b756ddeeafb5bfacfe08301103e609ba6bd134b67ee5852c49f01d676ccd1537ba8d1810239add8af1861f543496ccdf3d74"], 0x28, 0x800}, {&(0x7f0000002d80)={0x27, 0x1, 0x2, 0x7, 0x6, 0x2, "eb023b2f7fccd3b7fe6f53eef1e71f780e06ba79eefb5384fe2b33cd3546ded525c8d6b42297af7eb6525b4e57799e5ad4389cc473fb02e6a6f0bbf7a8c964", 0x6}, 0x60, &(0x7f00000030c0)=[{&(0x7f0000002e00)="303a978211d956b5c9dee6ae743c7d200f07c7f14e7fa88a4c655dbc5e46e00539bf8713c29777b847047d741ce763c209f57bbcc99acf7dda8df3e3ac600b5fe25e538db76503db8c1ce37491586a68e0451a965d19cc87d24687890c011a782c5ffd61d2646043214e3a5478bbe10f1f3c7b214acdc028571a97a415fd14bd3c1e4434410d98dfbd409ac9f625d00b483484759d5bd995680a8bc59535e19c4040cc90757b3f00ce76c8374e8e0291ac78dc30d8f05a7e18a9dcbf2a112ce8322a677b2d3642f24964d15477ba7dead4a2c528c33839728631b4b7", 0xdc}, {&(0x7f0000002f00)="bdc3ced6a293fdfe531c3c165b9f6d7271e33697a17dda3ad647521c9313dab2ca8cfc9e8fd6ca3e402fd588bb3ce9048a402312798b45514f4fbed162e7716f36954b4e7fb6a5117f7b0a", 0x4b}, {&(0x7f0000002f80)="9e56be0723fe577b9c97ad8e777091e68969afd43ad9336611eba62fc0fddb587a", 0x21}, {&(0x7f0000002fc0)="13781c7bf202e9a7f6a6a691b88183d77696348dc2d108cf59d67137cb59f2b1a976e5e77a6652b4ce007f2eafd2d47447e482a41858ac7cc866940c1f901ad53c24533f519ff449830ff97a1898635c0a504b20dd0eb7c17393129d063c9c4d2471669d0d7a833a1e8d6cf137ae2ed36d35cb00a3a470441e6d9908439234e1b1985f5fde911e34f644ed8e517987ffb5148dc0a818c43c9fd0d86b55161e037d2c803b6c648a2a002f5adc4e0ff53f4ae62f414985110de31233e9942e540bf65385bfc1cc7a70aea25c723a595878320b31f29a4b0bc93dba24e7e59ca303", 0xe0}], 0x4, &(0x7f0000003100)={0xb8, 0x111, 0x8, "e9d7f1b20d5e9c9cb150d43471017273788d7925a77d043da241089bf31c3c21a0da56557878958af5d2a8ccc88da51ae30fd9918a9e68e4b4364d1d6d2c1534b717d093b138bd387c5f32ae5632421c679171dbcaef04ad1d739633396fab12f5177e727829cadbb8432d2b102cf8a051e58179a977a1ae64ed65e1fd49fca013b77e69fb4b8543cbfe509bd275730628d346cd6b4e8f7f99c1ccfb8adcc282961c"}, 0xb8, 0x4090}, {&(0x7f00000031c0)={0x27, 0x0, 0x0, 0x3, 0x0, 0x2a0c, "fb7a6d3300f2377ee9dee0bb6e1b7bbf209cc89ebbe9a33d45157c607e727281bc01b416de41031a16ef252efb3e5ace6a2b0dd23d7df5e87833a25f72da6c", 0x31}, 0x60, &(0x7f00000032c0), 0x1, &(0x7f0000003300)={0x1010, 0x19c, 0x2, "d422b6d38959d36858f03fab2f7135f5353ad3ba336c6ca9301371306dbe32500469d2f4a1b5faa7ba144fd13497f16e48c3f170cfa12636d70b7779252c0bec07d26ec83a54abc1b9cd0cce4b8ff752fef462da026c4be9407bd037abaf75fea7528e5e29b5970cb329a3e77b63c40c0dbc2882ab81d84a5e1117d2d15f4d20e80c232e916b907724e30fcc1b7682ef49720d56603e8e52a6dd9e5aa8918ede5a8a54a5d6901e51881fd0d54263fcfd34ff99c27e1b7c7e63fc75cbcc9cd45cf2e713d94ab365fdddc984bde4bb1b53eb3545bed77227f749396d0573fbf7ade968c903810ec4c1e336524c4189a8487ec2983b3cb71ff6e9c31ae1c5acc8a30ee23058eadfe46fced71b7b3c197686f462c8d1b7983265f3f758245f65bf5363614f08724a3d005b68d0a9acccf1e0a637acef5c3227d571aa18fdefa82d25a7b76f0466e62099af01d65331685937fd33cb0f1a1fd5246a316ebb3338f4d84f47f003edb9ebb4e48b011402a9ff10d11dc59486fcfc647702b822803d2fc097e97fab18c883a79d85f7f23fc91d9c7fb7cd5f41f0c85333a80dc1b6b5b403be11d77365ae30e5b177ea405623fec1df4cc2d38eb470dac0a49a90f5de2b9ab91ea3d7089497dcfdd66ff687ce51ea3b34ea2df039d994f81c23532710c8ee90692b2d360b15876923a6932fc62b82d233620a12dd5798aa88376cc42db1c4cf0d581e89660f25182fd0f5e8a62d00148bb9a9648f447be959c93d4a833b6e118d52555c0adea041cb1577ae251b887ac4f986db812115b60bf8097dc0d8b2066efbd6942d746eec15cd83bdf7c2f319de027491803c7f1f9f471c21ec942e5ab4075468ee882d15aadc9e2d692e29132302236f5a631bc755bb6ed234fa047aa411664981a4b779c7d4ecb972ab7884885a4e4c3fff5bb215fe1c1e4bb5256fed7f07b3edb1822040775950ad07b3f821ebd9e0b197716182ae95efcc21a6136dabeb8925c02403638b16f3baeb3857e2a04f58e0def6ee15a84056d4ee3af75e627b9881b1fd7708e93ecaaa0012609ebf8c6cc55dbc64077e4e24bda4850d27d8389a312fdfb87a5d79cfc02be6c468cfd73905e572228efa9c92bd0220e72864035dc98d22456d16aef866d726a3564b2ac8840127d9afd18872a6d304f043c77b949f42044c09583a93260956759ea9378db4245d3207f6922f859bd1d54a37ed5375f00b573b1b8335987288902385beed9a537b256dce3c04ecbc928b622c746ead5abf8498ff683bc314a13b26936e997156166191c5c395e7975330f38cc0356dd8ae5c896930847783b2593afc9a2788111cb38ffbab92458657fbe824d893cb657bfc6296b03fefddf3c3d80132e7858a3827bc850b53237a8322d68db917dc887c7be507e80974716df1c4bda46b60d4e4a585c99ff47eaebe233812253a9cab0e334f47d471237e83d2cffa67ed0b0cef83520a5358fb5be404673fd86bd1e1e3499184816ae4a83d54d155553d365e863e68c03ebec154688fce848235dd0c6a4a7f42004f9d28a638534eda58eb38ed8d83761d6744ebd864cdbd329e9cda3d8d02fdde385d85b05c8ef39b7d98f1d9652078650771068415e379e2c9cb3a95473ae57c621f75375685e807f590c210cb7da17d2914761a0f36fd289c0ddf432b2e1582ba57dab13132681e4172ecf74ea4a58a1c18a5de66608e6588afb626c7902d2814c06f997bfd0c9433f7e72dd1b8d169e43af35797d53e4bb38c3d03fffba93e7efe9bff0b7c25daf916373a927a022533bf99e05b71cc71911de2f4241dde1a4dfc31a6e00e12f2d6d10e0d91e1e537a093c991f17dba838dae300f520f68fe0e4334b2c7a5b698b949c8cff8f2d2da56591e9f9cb74deed6ee34d58e28a78ae9bed3b5064f5af048939a7172c8cd67bdf42335cd118ce90b88cbf068ebfc45dd932aaf4133a4f737830ffccb879f8f9c3b7d6cd8c19251650aba36477ccf71cbde97a9db610e4167caf2144518c357223524657a1e007da738950e1a24b734a3336bebb9b96e8bdcc06b124a21c044075629b0fb6920bb93317d43336927db228fa13601ec1f7cffdb2adb9495cc3115d152fbfca8727b418db76cc5d0210d2df9db2f7e2b44d7bc0aa29e95c4bf3e261551ccf2983d5a47d1c593c4fbaa879cb671f21a580bf3f9a33a968420c8705fd3542c8f05e7a6be3c4d0b70279224267d868d6af2b0a20917e657ccd81abb2289c65689555fce7441c644b5ffdadb4fc8c710645a5bb94eabd2da5b58c79c09977df7ed1975958df4a2cdc0b99d3f8a3b78f504c87879f417774f42723f544139782e16800c0fc81966588e4f090a744479d13e2e17cf87c390f99f08bb8d32204627785fe4441f73353d93871813f54bdb5cb9c9f85969df25229190411f798f0bcfb877eb0c27b6fef8144700f9a18c06853fef059d54840be364abce2f4c2813b71a7acee8483a70711679122e508a08a980e4b0680b049e82e9674d4b21a314eb657b53e0e59c4dcdcdaa477a9601c783fe5ab67fcd34c913376985c7a04294d853a9bd94a2b0ca0226b149dd31cf6dd02a9b991a9da56a1ec44191775e19d51e63a83d632f461be653751698babe88d2d3ae2f58e5ab7c58beb8250d9ae8a8228130cbedd731a0f7f73a7315983b3e5e06000b4b669c0133afa5f03dd254cd6972bf4c05282527ca5eab714e9875ec3fd4cd19c55991e95f4a602a606392e315888b1ceebebb991f214692a44c06d54d77d3502dd7b9e4a70661efd5081880a96e45b204e134cf8d0e8ed61fb2a33e4c035d6e239037b3c980b4d79c351ff9df47d1406aa80ebb525f331c9a0de4d2ee1928bc36b33b4eb589d9d1356475f083c7816257a0a013b8a6a19cf17e8c8ecea4d40630a150ae97ee8eef4ed0bfb1c2ec1f164ab14b78fc7c5f45a856417996c47226bd6fcd8b5e98f2e25eae84ca69789c17dba8541130efe54fbe713a485349a780fa6ed1e5b1ab12b33dae0c8a7b6b1109772aaa3f4053693fc1c30cdbc37b8d23c59012c72417bfabd3e8ed68cd63eda6c988b3a7715b41ca16bb59e1385c2362561d0f7df3a2796793d75fcc7694339b8e061fd59e5f243b79282aa2486fe4446b999196f578e9e29c3ccafdc366ec68de227987a561a3a07911800d8572e6bfa71c598312004de317592ad255cd0f6c373cf78f411989be4be0aef0370d5ea1c82e39075a5b1ac14fba540c4b4efd6cdba9e978e13da2edc6803fd2a94dbfdacb36c6c3a549e8c015818a5c464590e02ee69f49c3deee8890dbd745f1b1f1bc6acfbc2edca84b8e92d169f89310935b6ef7e03ea1d8aa2133e8b72d4b4e280523e046d7fb973d3170618525aecf9c876596bc9eb25bf28c4a3e758f89d62190d7acf3bd77aad930df0457e52e6d3821c6755b14edd5609cdca255bd9269fd08436ff2d26bb3ecb82930907744e09a87919c39f5d069b91221526032a024c48b8139827894578431d662d14d24783bd11c9c39888d2fecfe7bd77a2903c37238cf7a23ad364b52e172cddfea8044beece7cc4323e2bd729b7c8d456aa622e6d5c6c82656daa244e921ddc4c479c2294c6084c85929a1edbf0e558fa2831e9e2b44958e917f422c77f5df00e940eeffc4bc000653d2331f0773b8bfd65fa3b3b370659a68c977b58bbdb0d4b68dc2f25c65798a0f8e10c4e59c77a45811bbcdc90ea94596c87ba9e085a8d83bf4ccb080a5c4f3ff7d9c332faffdef54ca82d5cc28b545538d404b405d09f0387ca8ed6c412224f039d6ef8286207dedaaa193f5919300baace0b8be4b606dbf362f81d8b0988022c15103ab296479e4c0eb6094f56382eaa1e31cf6c02ddcdb9db12e3cb52b79c2ccfd9646f5e33d94c8b29c00622e645ea04ddabfe7683f488cf1693bc0832195097716699dccaf1747a3a71509f64937c65b240673dc5abbfedabe75dbe69dc4b5fedebe114c800c345e0795e6f11abdd212838afbd95353096f877c4dbe1c34f222e3a68976ed865b26ada6e0158418541f1737609e8b15a46f10eaf067f5dc815235016c6ba00bc3eb64ba8b9e80e46aa8d214a0f183efa60f28a973f82227d36a687060c57b8188b4a77bb66c879848665d49b0395a36995a6304b3c7ff08327cc8dc1c344fe1ea6d65573bfe51019884648254f01911fe3dfc02ec71d2a2925701eba7028db80d5e34a4b9f76f7cbaff82740caf8927b35d73c62bb10135469370663536bd66b1bf4205e9a9e8f06da62d754a4dc86c0201d46276be42513300e9b7623d25d1b28afaadabb3568d49f53040992e43f4f8e12b39b242ec1aa07f6d4658d40efae0c3663faf5e5e311c3930b420e399a5856f2f23311f7aa7edbe11ff61750257167ba857f7716b53804504557368616ecb1a139573233966d6c6bb93c5a60832378b44d6b216becf7ec63c56de302f1aceed38c53e53f7aa855867e1693093070e453b6c3e0289a16a00e25e5061aebb708778647bbdc059cc686dd1027010bada4d0dd3694e30c87fe807868cf0ebdca4dccacad1c50ddf125d6a01f9f8482acccc070bab32079b1d3c3787947f3d8285bddfda68acf7ed19ee2e3272fc0353aa89299b7c71058f7591d4ce70256f390f9f2b84280d9a22c75c29b496c83b720d95f765f67778ef32ebbf3518d0fc5b013362aa462cd618de4ca159a4131204e05976209c342c8dfebd762e7335afacac0f001c6a28212b2eb27f26985d78625721709252967e1af4c87ef867a0be8f487fb769da180774ca96aea1222280a812722f1c8cbd5bffc1fbcc2f701f61060cf60020bd50db73cd5c844da35f3d6378d5831eb65811c9bd09e263babd839d7796c2882b5b367cc44da66cd43de80ae21e2e587a00d51479e3a0cd6f8d85b429ea38fe3b5f2ab11ab5e973f12dfbafc70997556952aa7888e4710af27de7ef3af5757b03ce59db0686ad984c0f01c6372d399647f0443f537737df6bcc339dae0d8ddd637b79380b3e6df002bf065aa774f76782790f32a72bdf7da5afd93ab00a98e4d7c9190b4633d76638a6890aba36d71ca2b5a8901760c1ad092e3bc661531fa1d29e6973216f24ab64309b616cef15e9c553198ed15c27ca7360ca7a642c84e65095e8b11ade7fe1358d727019422d631c31a5506afbd748cf6517788a3dace15f79d8fc7f2f4124037f1a42ca7235af7f1c81f7adfe10a4313d04c2d3a8f9b43e3000fe88ce0844d9bd1499191fedb9fa96aeb6c1c8a21ad435acb324f5b3a27cb466acda3577657377bfbd3f6ec1eb14f92ea878560cc8a42147c99c00ced5a960fc30d1f0c5db3a8684f6347562b47d8d70c3dce9e4fdfafaca714eaf91b553074a11a8c148394f7c860debbbe1f72b9343f92013c4f9e0ee9baa37713fc82d90582190112dd875eedaa606b8154416df6437477dbb6be676280ec7991140c899a3c17e459333aa0d82e54f8bee9b13d72ddf04f53d94d1d46aaa0098733df65f76e0ebfa11be93afd3d7105b927a5dc8841a9dda1498b132e974a37ced738ff249849d0b557b5be26af7d1005d48158c06d6b9f55db559b32cc752ca8ea0d7a147b0a92d24a902a99f5ce4433b4b4bbc4af5c706c770e4974c5d19d188c8d2010b794d706ac53d54debe255412405fd8b428a7a765e884d57ecbb3408e7e3bf06dfc04fca4af27e185c09f1f1e852eba2ab93ab4538099bd23fb8df7fe8d10b40934108255b93be204ad8f7c080cb5291bc4f5488eb8c6d431b0f8"}, 0x1010, 0x8000}, {&(0x7f0000004340)={0x27, 0x0, 0x0, 0x2, 0x3, 0xffffffff, "191270bb6bbdf516077be73c603c013058300dd9f739b624feffddab30f3dd6952178c10391e71e64054d72e111ff7fff5b706921e0cca77b76d6ce984e1a8", 0x3b}, 0x60, &(0x7f0000004400)=[{&(0x7f00000043c0)="3a3ca4aa7b989029378360e55eb95ea997a8cb4af0a230e67fff2845dda1c2e6f51598b667b354f4f02f190dd1f7980acc230488682a8be0336e65d346e7", 0x3e}], 0x1, &(0x7f0000004440)={0x88, 0x113, 0x605, "24b93a2a54cd68fbd13571b937d43357e8cc69679e18493ee9ef0d9abde71bfa15a0d5ec2ca4596898d45db62eb9b28843f82c3dad573c1b7ab0f824bf6bcbfdb39c29eee89529a2431f85c01bd5f6f96cad022f8692711eba0fcf1685fdbdb5bad32bd86ea63a6482a4700a1609dad1cbdd56a5"}, 0x88}, {&(0x7f0000004500)={0x27, 0x1, 0x2, 0x7, 0x5, 0x3, "d5d594e55a86314ce36bc72ef08265835ec02d861027223039a3eda54713f03cf7ec564aa9ae1b4809e127c26749043ebbbb6129cdf902a67892646c2c7cf8", 0x2a}, 0x60, &(0x7f0000005740)=[{&(0x7f0000004580)="7296509f15312aa5aab36bd01b141f8f8a47dda4335f1be38854654d0b40e7df992fe7cbace28dbac39842fcf081c9a0151c944b9e68591a4bfdc00e8d29b49e261c93666a13cc8ac7aee26e91481fbea37f8c88889ca4e42019012380b94fb4ddc38a0b710da34382fa2f38b83c6878d97e", 0x72}, {&(0x7f0000004600)="7db4837f5d74447c9e5f5532d8ae5245b1ac394abf848102b9596afa0d5e2f455a8207d22b34d0438e244b7614c8d6e009888c4265b0b7451aa95b2ef206f3e80718da6bac7a3e13ca4739b648ac36e3baa6f22cea2ab8353bd49992a3cb5436344a08da058ff12d254c58f94a825cb06d7011fec605146c105e105c0efec785056e13ec6e02c432b8ca779241175c70d6c08ba342184d7c7504c3c64ac562be0d30205cb04689dce68cd6fdf7316286db9e8527ff282f9c8181341dd46c8b76277b1de4fb1ba3e14f3b284aacc460958e0a8a00cafce8546bcb77841b312c1cd2c6217fb8defb7c6340b7c870a29011f0c730c5538766f7c7a14cb234cbf0abb842493dfa4ca5adddf5a2a32e4b34a28db3263db731a89b656ac8bcd1f0f7902fa0bad408a79f7b175a2f5626b1b798de2fe0bd01e5e75887865089246c05f15bb981b001d07cb5f9b7d34a168830962b269d9a8782713880784a693cdb1d549ec97508b1e8e76df00eff72014a05b8b9d8bb12f10e69c2f902a3fed49e94e6ae9f21b981fa9d680f046f12a26788d753bbf173678d847db4a73ff2182dae4845ab5570fdc8499a5fe1cbf1b7cd2be51dcd5ea66cd769ba1689797b440b229e7ec7f5cfd0ad4477a562a8f6841d70c931e3dc47b1f41d495ae19f947629bcb7cf1bc09215290006d6dd3e0ed4ba475d467771d5eb89fa0f9cf2cbffa614d6ef2cd44f842aa193a7dfa63a7b990078d3397205e180f73c27767d0abe3879ea9dfca7ff23fdc5bfd1500390e550375b0a5dba6869b67738e89bd6fdaee3af39543cc34ff9be2465a1a73b6414132fdd13959f3c7be03a89b81d72915217bd43ad4aafa6fb0fcbfe0f98d5aa22178e20cf01d714348d33eaa0c75a090cd1308f5f3bc0abe747c152f8e64479b8c7ab7f9d6f3be186693940b8126a326119954f90ef2e279eeea5a14ec5ee5d879f4f1168ef37d83f9ab6fd856ef9736fbc0b045f3025a863355d058e066f83c4fea1bb8f0e90c6bbd5e51a55d6b6beb7f44ca3753845cf4b497627d514d173e1abd29993785abe02ab62a6760a99a489d33678558e67d4211b7466e09c72f0c331099ab18eb1fb4fad5a3d142813c30fe825769f4e575600fc23d88b639fc7b683990e78a786a8ca20e5192a9dc887ab177c542dd17e392048b2f49b29539f6d5173c02a1b6c88a281251c2d42f3ed98e004db9555dedc37c886e766adbf15bf9e4b5fd06171ec5d2cb767647960927c130f1e5070bbab1ddc2dae02faf7b130be88c86e8e1b7eaccc2e19d97f37ce9e24cc9dda57f1ebe357e6ee396fe6b549ea492b7bb78dc8af205fde21c710589a62bca4af3264408a288224ed946e6c74bac2c3bd38ec3799719f1ffe91aa6d586292886a2f2f4947b6724e295945c9601e7d23f73129b836d8cef4dc7d53c38c0f591bdf3ecdcabccaf4fd0557d68b5b56fe1c9523ec0d40f9852e7c6915ee35cf53a719798381ccfcf2d2e376d109482d58efa8832b9e08f51a6c326c03333ddf4050dd946718bdf320ebf008dbd65c665fda9ba5425325a942c2908ef45245822763ecfe6bf1b34314ccfbd37d6f879958d814085abf5d2e04ae5ee3b77e4e3888e85b776094e922ec89b8680a46e2b36f197c0bd825629514154ad8f8a694dff7dd0431dd143cd132cfc114e34be2ce01e0327a936dcc1de09e0cab0038cc072df7762a5d88d87b1f6e76f772336f28838ba5864799cebd1222ec489e7a3da54922ff7ee3d47e5bc39706430b623503e130f7a511b6b281f62a60948ca7e2f66e0e132559c7a6dc791db9cadbdb63dc20c20a17170d6572c87a6bffcb4647675b5e4cbacb4f429efe1335ebedd9ecd68ae3b6a93f3f56b21747a89a3489fe95d0ce27ed5376e87e1cef8004e0e5df1079d3c938526ac3209997f68aad64aa93deb4680279646f990f225e037eb7844e1dd9f19efaba9e0d8129f50f978c57ac0ff8266b5f5bbc80078f11fdaa6e01e7470190e21f2ab5cf3c172680efb55d5f089cebfa45f86d1589b03e9d7766f7079f22f970ba809662ed5f11b5027c2be6a996351156ca355204464cccc1bfd61867fd58e717bab58fe283e8d78aee467e47d4fb61326575fb6c151de3f9ce38c66db7b01afd90a0ac759d173d11a98601a1bc87e991f40d996f309a464ad6912c22e9c5a1ee08e806bb9be4c922753d1f80cff56f58a135e797b60fda6b40000a2a199638f265c1e2befca5df59453c7f5ef512e6f287f6c90041a0ee6395a87cb8c7ff50a68a4eb672f96dd4c86cf4392b581296030e35b81d9feecd1509bba9af74d7550fb95df4c88c8c74f2b386d7f636527520c7b790df659fc719e0b9b09bb77b52096751d6ed3afc1531e84d41382595f8fadd1ed6ba2d1f01564c1cbc3aa3412e4e6aa2afd7193e33f0bde81f6b8c2164616dc3aa2fe9338f24891584bebd9f90d1b3f83900622a044a0ff85e00c375b97c00dda1199aebf31d6da2b698c4dfd48695fa8a11b6ed168a8eae30a372e98e2f3a62d37c36b1fa88f37787e2d4361b565d11ed387cdb9a7f16ddbf2399132329c6830774329256fd929ec1ab25553d09265f480a83ffad54a9e54a2c2a987a0c70c0857ac440b0418e491eb0569b239da508ecf461d62c96468c168bcced59184c66c8d32cc348af2b4814fc367029a46880fd33899fb9135d701607fb2fa3a552575c08fd77794ede8a11baaddf91b5777acfd788ffd4501875897ec2a5cec8f2e66dc66e3edcfa10f8c714015de762befdb86db1b7cd6600dffb70a3a6bb93bd03b2d1361cbdea740c06f85d2b1c1f007a45d424f8cb1b7c36247ce528feec8d34ffc91260d5724bf63f5f91a595e431cf1ab8401adba97bccaa5284be25cdf3aa833a5053657c82954d539ce3a30ec59c50338eebb476b4da201e17e58de58cb0163484489d5a552e44bd7c812adddf56668b5d091c444311e696a78788a27f22cb5d2866f87c8d6f5302dc44950bad1d35229101515ac790eada373f2d17aa3e781d8fa820032872aeff506ddb6200522263b8f6e6beed4bc9e3f1a5c8cbd95017b442630af914679b309e34210867341559adddd0be8a5ee807cd94d218ab417a107876636af8942e517e134b5817a8596633420649ee4a241f269860f598771b575b7ecdd621a98e6f48f8b574f0b1cc3e5eaa0f71714b033d4ad24be3d7905aaa73ec12abd52cd2dcf83732653d63213ac52791bdc08d2f64f48aa07202078a47d8417028c537074e94b20d8f6fa2819d7983442265a101da74004410d270cb39661d103e8b3898ddbda8b641dec5b1795e8992ac53b42f073236fd2bbb81700077502789e7f9aaaa767c0d1d9c0933824a3ef0862abe12c5eb6b74cf6d819a6bd48b8a45d14f72bf1153968b299876f4f92a2736e0e79647127497a2e608c754f60ef3795caef7ef392faeef2a225b9bb3f0b8b3df5e94c5c8184192c8ecaeda995e1f5f07a80e3fa2f03177219835dce6a50da9f60f20fb3ed72c97bfdf7c862a7cf1319203465a90503cc97696aaa5f615922b4637b18a9fec9e08cc4dbacab6d7f8edfb8306b01ddc87c25da668e2a9483d2a215fab9481c600244cab2a8f78a222a2b688a230c2dcec5e70ba753cffa6a77107c0a8aaf44f45ca932274b7ba376eb82f6c9a5e059020458b1744f03232398d74b0b57e06bb944476de8fc4d933fcdea39213c1acc81a2ffbd539b01b52f9a256914c2e699b4900c7204484d5afbb721c7811aea88f7a396bbdb4285789023f1ff26d8aa49f39223b3fccfb3c96847d6525a513c83d5276f84c93255e1353378b43459f76c2d12d11f67f8301ac6c46233260710a5d24efb0fe0f40dceab8e7eff283467ed008dcb599b5c58406a8351ca40e71681a392ceae242347c113ade7d5be73800581b161a8e4aed09010ea693e2674fbfc1f4053de2a667a78695834ce48ad345eff53203d8b6e1590db236bf50b029a8cc1f18cda5125ed17eec11ecdaa7c9c823d285d68c11d0bacc7cc91a9630f0a3a9c4367c5f60d262c9a8e00432a9e4305074f7d6e6c1b8dd44dd0eba468cadb63921d1a8971855ec6bf1bd6bd2f7084b4d3b1c37861d12f28c7bbed95edfe1e1762ab9a348bdbd071ad221141d5286afed9f4caa37f71b4668c78d78b7d02b325be117e8edb92b85cf43d831952dd849c6690df7694d0a76859d3a3136edbb1b83df6d374578cac1f233970535f74cdc7e2c91704a69e4cb662f893661b19599155b32742c8daeefac3d891db3ec21e5ffbc1f35b2363943708b978d744b2067ae4746387529feddc1b5ee0527a730680054bdf1ecbd3fc5c6e69d2c5b232dc4766616cb39b59d8766b6a845df4bef01d464dff7492b3cdac3b07f143335381905ed481b813108e64df7c301cc20cfdc41b29184362a16a95bb6a4630ae3c6c1b813d29d3fc96b001a6eff6d65db0d74b75d6d7cd22790f70e0da7450d03bae538abacd6adc21cb89afd827f8208d3302741bddb180077f476d2018dae7b5717cf322b64ef28294e80f53c3e2d36d6e6c69f57f677b1925e81ade76a4556daa064f664e33119685d6f28f3cc7e6457576484a68d7bc94e7a7d65500f16e3a0db56b8984e2573c16dcda64e7ca4eb5635d23797724128ca45732aa3aec2c6b55f3776b56cc8d8954c97a717dad213c1e239dc593cb7f82baa4a08d8206698b18d8cef04bb012c992a7dadd590b0a1a2fdcd521caf80fe3aa42f9cd34d5350b30a3a014ec13a7ea84e15a12ddafb6c3590351b07d7656e3a0af5f38aa5681bdf91d146ef732a9ed29d3fde0389eede28b5b6eb17ab54202278b3512d4f1e8e84da94cf2a138e31f90fe41ffa82edd6ccddb7bd8238e87d7de835631819af72ab7df55ebd1d3bea63409d56d6343693aca88cc7081226a7056e2b8eaf83cbdaec0f089847ef0fcc9dfd4f3f19b9624ea127db802eeb00440bf4d82e0251ab5f46cd811d27ef4a38d0684c9e796d619d938e7ba362d04541b929345b1e064ccf1eb116ea1f852b6cae99884b5c38db9a107cc8446d1eb9d34e1ae9d2d94dc88e2e44c2a7139eb481ba1edee10d0e18b27530ba1d604e25e5f8005a07e43741453bb759ffc7493d2fede6e1b8b986397535b3c75a3601f873c118d9ad2fa2261cd4e4d87b547c01644cfcbfe3f9b14d9984e0e58e38dc306a639983dd0b5eac1ca39e1bccb65060f1a7892f5c960d9a0e8f583e73c6743fcb0cbcc063332eb725f0d1ca00d80369f163cae0f864e4397e4fed2f86e2f4485294bef741b9e117fd5465bb5e6447db92a820dc2bfc155fd94fa36d76151a16a0c4ac0bf78427bd1d33dad38857dbad1cfda5f25bad845a7f906e0e3ff93ff0c22d463a4e2b28e9b9b463c0a70752f96f8f3a1e719a4c3d23b6e5516ee09736bdcb2f476fb6a18eb53b74722d289f382131be43dd9e57b21fe593c869358e6702fc37832ef024f1b98ecce8536c86c1e653c5a6a9838922987b0eeff17108720874611184677c4deed46d2a7cc7ffd98dc058c0f18701b5e7ff0dc031b70c742c0f970498035f4aff2610d0e9493908ca94e147586dbb004e1a70f1387c374f9a95d72602a9ea5d4e18ca5a8d3501f2e71a215eee3e2f9bedb625edd1d73e72a4fb59be6a9ecd00190f21331ffa0c921aefd49dfacaa8c040b20a51d20ab968fd0a5c710a7a1ba4e3b3e3729789a44b10afa8cb067971fe89faea9755c040592a0532080b745cf706fc85cccc5d352a5302ca9d118262bb9661402a", 0x1000}, {&(0x7f0000005600)="f9feddbbc9cef465262a33bf7d995df063d4bb1a6f612919ef30dd17f5a11829e343160aec452f49b6f8ed67b1f0", 0x2e}, {&(0x7f0000005640)="386a48d5fd9c52c18547096f4b24b2c87b0f8821c4b0cf58414991f90f769c7520a2fcad6dbd43165e6b9cb2989b80d327a8a92a993e5090e42bc1b4d4d06b8e2f4bed7812a61c12bf2fe12e31376f1f00caeee82b8faf013c067370b881ba663d817790e089e35f9302e025908e2e75b3fff4cf8d90644b6fd18ea0414ed9a2bfa1bb3cb71ceb6684f9f4af6bfc2b77f6b373b1a95977c464dfced708236aaa10873ab808181529343cf157390cc87057cd700bff353196ee5ac5ea70592931bdf4e52a6cefae", 0xc7}], 0x4, &(0x7f0000005780)={0x20, 0x13a, 0x2, "57f39a5f10fc1d9f8f1194c0"}, 0x20, 0x20000000}, {&(0x7f00000057c0)={0x27, 0x0, 0x2, 0x7, 0x7, 0x8, "08669aca89c94667fba7aa2f4942f47fa5970126860b76e807b0779d1d2258b52ef9bb10edf20f269bffdaa6ad5a4050ea6c640e4cf952d3ddcada37d3a205", 0x11}, 0x60, &(0x7f0000005900)=[{&(0x7f0000005840)="386d8a66cf1b683698d5a08b17359bb7f95572c670986cb4b2477c4af565e1c1f4c2da9f92fcf85cd6d234002c5ced9068bb350cc0e5578f464b4b7d92c0574ec305b156a5533f1666ea8d95cadef9a504f50bd7facc1e6459c6ded4d007543f730540", 0x63}, {&(0x7f00000058c0)="61f3756442ff967f8c3bfeb08a792b5e492fd01f4c144897c2aeccce2c16b350c93af0c8eb68274c06bb53bf7793aff3d7ffb3da121b4ef0aa487992cb", 0x3d}], 0x2, 0x0, 0x0, 0x44}, {&(0x7f0000005940)={0x27, 0x1, 0x0, 0x7, 0x861e, 0x3, "33c804df5a9d44bf1cb61a63e21c6db713d16aa5971c00137efded20371726cea4345dca0a82165abf4b967efe7cd669c87fe2031a17b80fd231b513a7e95c", 0x2e}, 0x60, &(0x7f0000005c80)=[{&(0x7f00000059c0)="f81d1caafb63594e807464fae835483b0df4910e4304db7e361464d74c00b93b73353dd1b2c4f86d639064df375a23a71f2a770c316691c3dcf2519eceb8f95c28261a6ec4fb1568c405bffac0265bce6696cd524589890ea6b086b8788ec6455309662324260ebbb0b2b07e48b8efad7b3ff0dbb489e69b508b6fe7526a6db4a075c2e018924831334973ea45584c4fc317b9e1f2561414f38a1905b699dd770bbc72e3b07a4488a85651b0db4c03bdfc76caf7f7125f89be93e5", 0xbb}, {&(0x7f0000005a80)="0389d30883f2d8e289aa6719af3dcb73a9b4c3f2198b57a2e2fe663a3bbbfa44e1405faee5c60438e7d15a3203de6cb2d47cb42187860816fba749fb00c1766dfb3fdcee505885d314ceab1ff07d6a3df33dc66f06235b72007770d82a93", 0xfffffffffffffcdf}, {&(0x7f0000005b00)="352e1d1a2c0e1dab89d976654f43b10e0535c5081a9b8dfccc1068754f65004b141796a26b371bc9c931665820ba37ef9131c9b131a45fb30ebe37cc30932cdb0e15e3e1c2b7", 0x46}, {&(0x7f0000005b80)="d1805019b470ea9d17870a937f12b77676e6bf70649f4835f9c6bc839c0cd8a9a102e2153a9281d39f2d0a8cbe12384d263f206eb664bda615a2ec8ae8479687193371c742188c53db4dbb08623db5433833cf7d0e257cd3dc498b128eb9c02b57eaa998810798f452be71aa3ede9edc6adead5f31a3725d8fd60d677b", 0x7d}, {&(0x7f0000005c00)="903138cd805c256976500726fec470e6569a0250acf8185cece62e2a8c67a3d298940ef1d55164bdcfa2ba832089b36e6cefde0c3384a0d55a342619f5c518989371eca890e1c47e4d54ecbf606be7b50bf0d1249ad92f0d820b2fd1", 0x5c}], 0x5, 0x0, 0x0, 0x4000081}, {&(0x7f0000005d00)={0x27, 0x0, 0x0, 0x5, 0xd0, 0x7f, "24c793a5819136579c196eab5ed35458bd58787f1a06dbc5f7ca8746675f70d3eee92dd0b49cf2a0b1cd34eea9fab99cce87d47afc52e539e0941232243de2", 0x3b}, 0x60, &(0x7f0000008180)=[{&(0x7f0000005d80)="095ddf5d4270e02f70f866f5e8b21735fdd3f713cd24409c745411b7c7d2fc02eebb3969149e893d860fd125ddc8f2b87ef2367549b700be9016dde6aa36ef665ed43025e934b8a0434c183ca84ade9db0b514d3b6dd", 0x56}, {&(0x7f0000005e00)="f161657dc54c50d9db37c652949266a9341a871b2daa80dd3964c774bf7dbbd7c37ed2cf2ce7ec7121242c321bf1f7483d42e70fce3ed76f56e32e0a9237e79525da12e48beeb57d5af0e04dccf99f648a30142b87a4d1e0afb956b671ce1f96741e0badb62558ac1197061dd20042721c7ff8f7859b4d2773e024db6ff34a544590837c2b2af8159b5dfe01dc0b09b3f6021bf5125ae9bcc62073aceb402e3ae239341f15cc0d6f2147081ea5ab595eef27bc88b9a05941a7756667d5f0f2e6e76f4cb45916b67e33ccbdd050c04d741ef5139adc0d8f83c25b6673a15d9b75d33510454b7f56762507d8", 0xeb}, {&(0x7f0000005f00)="4754182f1158727908f3b1af7ee1f296f55686854c0b2559031983915d5ec96cdefe17484c0f154753e8cd2df637fdd27005869ef9357b5e4df33ac93bd5db3b7fa63354af0b9cac4312db987434581ab5672e93dce9607b36efcc42ca5c341e9f8a68bd6e21d5603f1a3a29929bd1ed8252d2f620f338ba2872b50aee7dcf6693372e088ff75647061d2b5eecf2dc336b2a28286fca1b1f757c35f6ec53ac09", 0xa0}, {&(0x7f0000005fc0)="2859fbc5ac460c0899d172cd2cc78ea8310b5489ffccdca4756de658803edc6d665c66d37ba8755824edfa426d3effe0805d1425d20e059f7ac9bf242d697201ee4a11ab239efde5923d90be39ed1d29bae7b44baa417d2dbc14034228311672261b4a26e091889a62eacd", 0x6b}, {&(0x7f0000006040)="9d9050d0fd41c88366d20ef1efc12107eebc", 0x12}, {&(0x7f0000006080)="235b57d710975e819e65e1330fcf101e0c18360f21364295c03a597fd6ab7bc22734dc3f29af12f3d59acb95841affe6fb030b18420181a9ecf95d01806b3c26c8fd2bec039ff9a881720a90ebcd3b346d263a1b52017c262d3897b66d5a124e9db89862d77d7eaefa8b3d57b501d7bbde43b92841589107e3d47ba86c0f383d08f38fcc6063007e8a949f96b57e0de4ea7a29a0fce8e69d6b6c9051bfbc5d92f85be07c96fb2bdfb57816b3fa7913128c2c28b90c5f41c0fb85df5b7ed877e2b073fa82e6c45639b26e81ae02856b763ca4393a5be494199bc8ede41f44affa0e3467089da06800437063144fa64631173350b2d0a2808f78ed4501c54dd9899d9b0a2bdb3976c7e0b308ee5e0830c714dad98aa4ce67ae42ebd900282369ec2b9b9cf86b88aae3f25cb02db5e7f1c7417daa01470212e6931deee3c59572726003f6bdc7c0e2733fe24fe487cc77617fcc17af7d60fec214607022d938dd517cc10e074848387af99e3d1d5566908eacebabd22b12525ae9793171ac650c7468225594c0b68ce921993baa3c48f998b93fe35b0f2bc0359d291e0753239fe245299564ca8e84b88aeebe6348e0af954d21ce95868478fb4548af45bb8a706a5a93495418f8521ef366b00883eda2930226f02f78d21703422349edd75c81302282b041d32c566145625796162b9839fadb100c7d0b87c180824cd17aab0d19acbfa9a9d7bd9dc3fdb7ec26822261ff5caca1a9a6a5f99af449250adca91adcebb2d7bf1de15e26e8300903ba10d7b4966d19cab57f8bec0c23722254d03217a7d206446431cfa6cda6bb7e349593b43be46ac9ccb9afa39547d00b60f5ca9abdd6a32746dce29d27f6937ff1e956e969b2d1303e8addf9b5521d14c8d028b7c2892ad5823e0527f4b50fb58bac4b0877743a9795425f78e37f9bbb15786fc196e52be6fb08d341a7a8ba0ad58f580d097f44e76547b5b1f022a52cbe5a2e4d4ee584a5120532738683a0654793464ead13bb8aaca90036f26f0f1c17bb2baa8791f250937950a297e2bafe6be4416bab4c23ac2abacac1ced5b4175273be9195da57a707a9ea3c399735474a8ebe9946d579b608187e9849dc126bfefa051272562e876dfcdeac0976f8288f481f568025ed32a3b1fafaefd61529476a0be6e9fe75b76b1e80cf5d6f37c2c99a01494bf885d6e7e4c1489413a780cc0e1f314f450f4503428090579d352f1491bddf74976047f5ae8b248801f6bca25ad5828506aa3cb9e96ecf556580d3fbb9986a356c8b72d895249945e399d44bfe1eac0b6e31015878b69e5a326322888cdaef8ead94a847f9cae8a217ca9342b2e0d4cf17878d2f9ec1ae4f2d3ffa924ee8db38fab8afb765601cedb8f54dcb5307af7002a87c40389321cf2e194c651154e4e96aed017b53afeeccb5e90e220ac7869540b1ed3bae7255af8c39fcf702090cb36370de2b80a53085e9ddf0d2baf8182c8f2991ae5a3771fff9e49658a08e07386286a75985ff21cf5263cf84107842d93166c05ff9133f5d466c2b54dfa405c1fa0af3c3f2df0151aa41b16dd6b4ae09f4a15c9484a7beff813929a22e0d7bddf1efb5ebfcdd74d97da712d82e6ea8924c577e2954d573559204b1cd7a0f6cf09ed060bc44d67af3c888d4a32dd1403d3cb0efa4a83bf13f0062cd69deb25a907637fdbb081b4be52b3ec417522697c531d4db852a96f2de3697bb7c999c4a86a048c6180d9877016d4108cbbb06aa6563cf3bedbd8d55d2fc6e80f9175b7f23ab9a3ebe9fb076a16aea2ec4d4d2eac91551e90a4f95569686c0be9d7a18d006da271735f060637754b8f857265057f2370983e45ef32cb3264f24841909a52ce71ad53aaf912ae10f16fc52844b15992bb31920aa2796038951ceb4c57b238efcdd917a29bbe115115ebf9f13713adf19a1119dad2f199886f28b402c6ffa8383aaa975121df09b12ec3724a74080d10c785db2c9a8e6ebd2a5375af885efcd7f7ffa2f234ec44a6abb4c1cd860f86a66563c7e3c1433ea2a8a516ea4771c38c21298d366f0d004e6802edc880f029f9fbb3a403b9873e91b5a5255d5329b2f2679ca8a104f1ff4d5f33a16521c225031dd01af86ddeedc81413dc163253b17f0d5a8d01156d2386bd0b97e18c367ed55acf2b6743e0ba8058c72bb9fc460975ebd99e2d537376e601a03717d4fe7e88e6757b5f79fb090b64f4b4640028851abe7c1e8457be0e4a8731a788bc87aa8d4635b0dcdd16058fa5b7b0da669357f872c2f6ccf98f44cec9774d97b4c106340ea1940ed7e6b6e4f0e55c2a81f259e50f8cd9142deb5037677c44638459c8aad145904ad841cea80a945d8b2af79e357b3d1e2b1eb78394ea22947d33a5f20343fdef44363ac0bb696102bc1dd22f37459192f5e3d66de2bdcf82822528111d91fa71c7b24f0513e10235cea03edf38e55a7361db072f0912e3381c47dc4e886a4a21e5f84a4b2f987c0b425bf0cc0219199468601d0b66555e46b92a36277c8df79500c0395d29b393a97317253dd245268fbd2c02436e6c9a4c5e23789926c3943c379c7166e061c969c0ec7d688315580644d6ea01ed2be1a074ceb67eb21e6d47e759a4ddd52296d31d40bec25421222fabe4372ca43292050e090334ad170367e02262f7a0dab35eef14c52ea8b571f09a150f5bf2747667c1200125ca7d3dd2b856e91db539bfbdd50de7184a4834f0895d7652b007dfbc924c748a49671d47c0a48ee018a1c56efc3f6c95bfdc6ba08b02579be697636239dfbbd3b9486f7c75e78d6edd0b71c24981dd604bb8395b93a6cc0033e7635ca9d6ad5f96bec0771df039b4495c8892b07b34b436781d4c66d23ce0e6d45a398141e2972175d0fd55ab9ebfa41b6c489e3afdb258a60b3df41dc087c53c915c2a73312f3995f93a39345aa3f91391f79f77d66b00c36c3531299bceb614132e9b930180765320406413b4b225f0f807d2d880257c1c9b7e6d447d3b9ad0ba885f43cf841d235c89739c9ec7857b5e4bf14412891086a520cb63a958f94101db23ed935e152e20c17a951e0ac0f738ea67e9a51bd4369bc22a766533a4e6d1387a6cb8645e8ff901ddaf6305f877b8ba2335a47cfd1c5dea415fe94db99fef5d23bd35a09461606a7861b93c8cdbf38df43c2990e3461183aa5137c4d6494fd546934a784181587423e565641ac834fe77a174d2dac3dceb95c573ce9e6bf105c6666d37f82467517291a2e85a57e71647637119ecc308d6e13c19716d739dfe6dc64c0b545317d2f04312e468d762600c69426a1494196b05405353b6ec4bbe3f7bb65ed55af5523d8b74bb67221f557a8c5f13a98fe798b0712f2b077437b13218fffca373a1ac3ea6a1a6ef2e7a3d9f8481a1d943b309b575d00d341fc7bc6f79ed494cb4c2dccd4cca89bab2bac2b7a14616636d2465a854a70b36b297ada91e58672a418e731bcf543a664bc9fe89292f0c9580afa4f614cc07389a7cc6b3366a5183f0843e0ca4479a187ceede71e8ebee5606620a7f77cdbbb0f333b4adf551f41e1118d9da936efcfe860724e33dab94c07681e1d1aa38256bea74d73afc2bce49e81b9d8014b59c7063caed3522fc2d1463d4e253da3d897fbdba20f603472a625c3f7ebe6e9ae67cdf35e7704b2687c38daebb79cc5346cbdc241c36b9b8d918d51b275b4f04aca04f7f0c39742fecd6e2975c346a6c6b9fc16ba0a76d2380898a8d4d445f30c33673ccd5ec2fdb58a2aeb1a5ba0f2e66d3708aa4a0d0b3cb47c27dec3e0019d910c617672445d4fe0ca8f9f406590b80adcde15665b931bc6983bd98896d06ccfc3eba6a763933d473c5bffbc7990aef1b10d4294248bd3c3fe21a133184dc518296d67e1ad5bf8ae839214f91a5fd40db2a4812bc0536f10c76d7dcaf9d828ea2e9dd9bae5301363aa9e343503fc713d3dfbe71819b920a14c9885f8134b0309d2494980cef7928da97c25cfd79627f3c5fc0feaa7ac3909e84ce4d441d06ba55634bae5d1fa42a7083dfd9cff623612fccb48c7acab378192bf1d290df206e0f00caabbdab9c83acf5c0a0fccf0da318a145357296ac28113e3419fdd742c6b376d7b3041877105382516e795dd09e36d4623a9c282b2fbbba71b1e8cce3974e45e0970df33ad85f512d833c9153d0b55c8456d2eaa4aa48f20b277f7b1472b2bd236bd2b4ccdb4c512c6e19a8880e4133efec837635d7481561fe92694fea1d955e63add3fa868fe2ebcf89118200715a4345e7f81efc3fab05fe8c6c3fb80395fcffc4021b9a6e30ec70314698c9313a8786a9f6ba3b77c92d0f02a47a2d5fadce47aaa0a8378ab46e7e645d4bf8db19eb57de6730fd296ed5def135037aec2b3e32e786591996f09f4dc511c8b7bd8927f9a3bf13b24b995dba6d3ee311f736e197ba265f83ee9b0dc38cd8f49c5883d80597e969d67bb89350b5a25b7e06e38e8a587ec3c08be61097f42b60c2747da7ddb64b42e96c83011fdd14345d7d7cbbe275c2bffead5a65fb7e4c13af6362521740c6cc53ad7a7888c2314e04102468bdcb02d77b8ce05e3f91ebe6a4341e5ddac906454655d99e60bd4a7bce820e09cc0c5eded88609cb1bfdc0d0136aa83a0f44619f32590ddf19cfa2eaa2d688b1778bcce62ba539af1c5797ecdd85e4ec52b8f5be852e1bc965dd380394f7fba50dbfedcb3e0127b4e4a80d83854e23c7009057ecd81994d7a00340aece8fa187f62d8de229265abe7784fe75eea5343dea481e8765907edd3edb57906ba18b24c64ca4e54e6c2edcadea3452c6e1b5b863235c30644d66fa9f083d1991b0fd2bd4e50112446e4e1580ca181197ddd7d228f52c0f52455a3364b4fae5b635c02c04fd5a65c36d4c6cd105f085641a21f936ad393ad91aaf3d06ca9eaa12b03e0e1fc2dd4a79497e1b6547cfd456a56559db54773af8b9c10a5c16e4a29a2b1bc161e3401698d8a73817be8dd8b292e43895f4378e8a8307bbb3e8d1681e694b3f47f27f39fe8386811bbb23739fff6aef945230773f2da0611e976c1aaf9aa940cf1775c10ad64a89d30e554644c8d7d82883f5b513536316575de7f7a11aac9774d48aee6ccaf56460c195511028d2f77ffe4c8a21c43c494ad3c4b679849233f1fc53b8e5967cef0e757410d1a63911cebd06e06d07892def525451b264bffd5313cb83cb28bbe56efc4425e4abac44fa4c260e3bb3441d06c5dd930db30c1ab9bf5e45a652e4a808767db2934f5db9cfc4011cb15cbaf6da0ff9127c9afbb9b36cfcbd19742872b9dfcf2b02a68833a5f93ca3b621eccec117a34deb3a33efb24a1847c6eeca68fe8777a72717d2e987bd3629832bd9b7153be2db462f5ec6ae68b4262be4f8f329fffc80cb80bb52700eced2d7690c0f434cf92793c46818aaa739bc041f7beff30a7e104ecdf88409c55ccc16d464bb472d7a23c852d2a3e47752ce3b2d1e8f04283e0b524954abdbd673bd376aaa0f2403ac3837a8da4a733ce4682f6b6358a0e2c0923c6e70e4ece7bae8e7016fd2cc46790908dd4b36d1ac8834e184cc7dc5fcd5e9afd63bc08dbaf0a39d6ff06be8afab02a59623a272883e4f349671bba2054bbc3831e0f652d836b3d6152013835016e9542e6413f674a95f78d02968e10e52c00422436edd1f9d60fa806eb77ae6f950ebffc26d18a71b8111f4476d98e9293b1bb30c6ce4ee597a9d21122f1df96d2ddcf733d7e6d222f986df98aacd15b156f578288563d7938d4", 0x1000}, {&(0x7f0000007080)="fcdc89a1f30f99ecb255d59382c5574714713214fdcf92e336d21d22265c52", 0x1f}, {&(0x7f00000070c0)="7bd184b6a9f5a6749ebf5a4ce1c8c69c4f63cc6bc8b78a82bf5ed4142d8c277e5805c649d78acae5b006240bdebb5ba47874c3792887eacb3a41385dfcc81e00cfd603ce5af3ffc62b8b5bf318b42e1219ccdd1e0b563cac761ab8854ab23dbbde477044c7da09508996d6e82c", 0x6d}, {&(0x7f0000007140)="df0bb2b788da390cf02601360efcc9f66bbc530da65e2e2b6812c5a53042e88f760e88f8d3032d10d55165701fe18bb45600534c42fa672a8935889a665cda3bf0cde0c8844ccb94eb5474456114e33667c26ee27cdc61c3333ffcd71c91aa59babf07d2aa1039be7fed45641d662bab6283de1f121dbf26084bcf1695dcbdf9cf3acb5c93d34c451f11f6a09144588fa510c7a00e8d07d85699901303e185f6e8ee4301e441717ad637f117e7521b85ca04c5c157339d15c5221c24a3602b264765bed2fffe8bb6d2de7db4cbd3ef2b37f1b109fbb3315e66fa83301bfcf9c6e2d4c2e2569b905593edf9a23ecc2606b456510a49499eb1d85acc896e3bf4c19b936b068f8597718c5d0c80891e864d9b6386405c300e0852731cb86c980af6ff8f823a1bf42da9d9f782dba35c075020079c5cac411ef6932469b238fc405912f1feb6084ad51734c30b88a025e7d4ec1b264302ac744e79de9edb611b3537f12b468df1e209e52e71a04ed855c6abc75001ed14ea778453767a48faac7711d863c6035600efb8fd18f4d6010d8b2c8eddf9c883645ebdfe31313a176ad2eb2257ccf867dcdcec6fff6ba236f5c01bc9c6bdb63f63af93aa6fa5eba29323779a3a5c484aae71174d9930cd449f3cb5c83b7557bfb153604a54a3d5fbe044223f35c043ec32864e808c57d6ce9a6a7498678a6cd8fd0f2f14ed39da6b0569766980c11ac1d3cc5e0fad6efa1595b94dc661dc43905a6b4778b069eb3ce5c3fec25edcaec846fb494a8bd019818b99d9cd025edc2e1bbb583535ea9b90d16e201dfd26a7b3e8ee94104baab36476b71ea18336c690129b5fad0bac37ceb3fdc7e09fd3ae1d3cb865747a15acd72a11a1f34538eceb200d71f7f316d091c1e43dba5048d5f041fa4cd5b9e79a298660ce122baf08fdbd2b78ee86b35b33dc487cfa6fa57e154ef949127276924ffaa13aae913a49d4c89f0f2c6cd68834e04e7bdbd09967c778212e80efd3c252ce3f86fa79596e6509d57a621dafc5aa01980cef9497082a0bf7737141f43519546fea3307d6ced0f40adce8119f5bb753915362db686fad4977e6670605202d868a347b2f41194e5fe991812bd2115a41bc01b38434db411b113d26f56535bf2c10fbf07367d762f9a56144cdbcec167a527bad90e5b477bf704e452ed72967b6d722766f076ff15299c7eeddd518ef593752b10d89c54c278328bcb98c36565400982a66e02fde2b440bd991338144e1211130758054e118c9e7697acfb92d9811054556adf4170f388d713f6c209769df73bf10e1b753d2d45f3cf90e54801ab1359720b2a82a8a9d7227b14dd8ad85319366f41e2b2cddaecd80cdbaafddfb8b16cbddbead513efd75a5fb37cd6ec9df17e9c17daf6f54c2d39256f3b1d3352e27e9e85d1b6d88c9f5a4a37b0c9fec3f924200ff3daaade17adc54b4d551786e5a192092a7d25cdc22550cf1a7b450fd256ed7778cc8bf76372bb2f916b197f6853c28dcf38d957c5b92c9ca6116044e5030b0b65309e84825ed9ba38a8780efeae238fcbdb287ee853b7f09422ed12d41a23789c943bdb1a9745dd8ebaea9a7feb48e501920b76ffbd826a5c81c1a53c3f60615a876d9748e97a9abb40cddbbee148e52ae709c71ff1c5415608a9bb82f026cfd61dc05a348d91bf3d1964e8781f6f6d771c9ef31816be931dc077ee192d56bcfcfe4e3f012ed3d5d2503bf2625d89ee00a4b394fa6c1969e4c70c239456614b2afef4b8bd22f8c966054cf98f14399c97a6d9acdb05945b2268e1cb228968f66736967d2dc681b35cb064127ed247c49d40649bc0de6b3dde8b5a0f44a2ab2875920f38b5d1129ce4375f4d7f89fc846dd969d3ad954da78a4174aa3e519d43106fe8409ee9d87fee4b586ee8157067f874814c531378df75bdd18d352c64ba7a9062a6e558b419f36c9b905a870e450d8292c4f33d5476e332c6baa5a83e869923531f595f13d5b64f42c1543365ede78a21b3bb85c5496c12e5f59697ef943ca6ee1ebb72df47d7d1762bd2e9e0adcefb376cc9226af34e22bcea1398e80bb23994d17ee3bf71f873108170bf9b59baefb29eec9a320bea20724d1579a59f3c1231520b8209150cbe482c87e9b1308cabe27d9fc119bad2dc93443580224501d4d42fa0aa9689933413f514a49493791fd06d9fa8db6f3e35038d48de242a875b1b4173cdba163bbe341b6c027e95fd9981d69305949f73d0d550cc1b91c77b6325871cd2f488c4bda46718dcd77ef9f8fc87aae9118939ed1f518318157442a34298fa286eb6348d44c73ed7259f37906e34cc3617ce85487c7df7380e77019989f637ae5cf5d20ca22f0e7835fdcf728b18d875fbc9e7168437d46f4edb2e861ea41295400de1e421e493ca27ab7f5515d6627363636ac4e44a3606627d41fad652041effe9ae28bd2cd56c7de99dbdb0849ef14e1bf3ba284cb0e120e5e12886fb786734ed4cb80c212e5e6ed08635e94143c0c36f1da669db1caea9975e5cf6170b318046c447c51b53a4eda961a0c7fc465f4db45a1b122d226b518181c74ed18c637ebdbf6a2775dac2bc24cf4af015bd9d379eed47d1c861dd4da984f2423f098bdefa94b0da5464f5a8397e5500008ca13e26e1a678c6e081c34ea590662a4e3c9c6e499dff8e33caecb2b4a74f137765663d419e8c9979e9ff9b3146d91415ded30bf5e485ebf7f3cc6c407b7d278b8555d73756a6e080abbb566da7c31a02a0e5ea054f757c4d54d7475fafd261c79b64c5bbc37167010874923bd20bfb2f168d66c006654ed1444b700fd4cfc98f5885e31c74e362d513f3171cf0dd09d3a2d7045b468b8c8026cf187002ec32813da0910032ad92c90df29b776444a4c42308ab4083d23cc50d5c689285c9cf396634ce797121d8a43ba0afd2f68236dff5c136376a9c82ecbdc50c6134563b7bce6f68de21b74cef8061f846f0acfba7c6a2344d257459b2231dda45677fe2002336a1d737f50fd4973aaa0e4274b0ab233ad15b05ab9d6b75154c5e760df5c3299bdaa35d1b485c57f5641ddfe8c2e1217b91eb75a9f89be87ffd24b31d7c19ba6e46dccb3551f799bb47df75f289fa800e1a94dbbdcfcd581ab55f6a3f6df3143a1fd72491089462c919eaa248cc9a2641a943009aa03e2697bc32aa16c83146d512bf4c745c86dfcb5d0989db0777ec4e57efcea3e1db0b01b2899819a57fdf6cce2aef7e6febcf01ed9e8eb70ec7d13b92752217416ce0a961f09d3aa7182786736034de1833277aae6368e7ddde394fe2f726ae074522254e6d938b11382e01c4f05fb75d641da3a634e83fde92a0bbbc20da52d59b4e50e82e3041e0cc7b25cfeab70091085bba6c374b8e7b23807a0ae99c4348a4c230ac5ad63ebb1fe8d784ec6d22ce08cd06a713ad579a6931d74b44dac2e60b187cc4bf1de5965018c058d9cd4e0bc5d981f4ff76e226f7e8a502f7a72faa479fc3399cef768f3b28a6ffc10da2ae5180a6b045b5848daa9f8273bdd6a2c4d371258db139b5c021f0539337df9a048a2dc1c8f31bbe3ca70452db0745286c40434c0bc876a1569ccdc385ae96af248d96617f6a4cb21c4665b9720d905bbbb4c316518d70f07e9a3c96f755f6892859e182e543fc9869cda59e5689c573af5c8ea77a8333327726641c6c57da89731b3839423f3a9d5eb41f226d0b8bdc4784332613b9112ab11c3341bbeede7d1bd38de9d84c72d50613d5167653ccf3c59e64c45cf2010ab7d1585ee38c1b74f78445620392dd0d1eb0e12f1eff88f01f7bcdd977db79d8c358d89ab56cfc17a2767d00c3c55c098d5d025d1d8e4e26f03ed3a3c75c6f68f24a3e9a8c3aecb704318249d17c119021a26609f1f56c9b0e2366dd053643bb47a7367a25c0d91f0f1cc8e5335da9fc96f1ad824f08e1c825fd0a2af68c1087d7e7054b3fa64c9720060b8b1b81caf0abe69ae858516c566c8ca84bb0d999bab53070758096aea8e02e8ddd00f3d63d8aa4ebd5ea07f096b75ee19db58f5ac4d9b0a2b84d92fe21fa8f17eba1045e4aaa5374bc0c2b0bcc548e2cfac2ea48d00d3e20dd4d4c79ebc8168610c492601fe28247c5c6ee061fe9fc8cffea658729fd3daa5886ab21d526fd190337b5d9dee8f1213b460a2a22ba19b993cfa72dfe454cc2a62f6eb6d6642d1f740e601b486b641484bb8fbfc1a2f0c7553ef4074cd5f882d247c49eef2f5bf94feb12eada9c72b44974188e355bc6622ea4a7bacca00a89eae66f283aa3db2a1df0a29dde24898e71bf0093cf2a17999d944143405cbfb2066c0c46ed9e0f7eff1a7d7e378fb09c1842e6c5e6decfc945180af84a3bd48d8aa956040ab7fd335891666e275554c2f4335749737c61440b9e3ab9966f8b087f1db9920520e520ba80d14d876bee037dcf82cb6a723ddb23a427a5a4d778170a6aa2da2059faefac551f9c652672e7a2eaed9835a08b2cd7ae3592eeaa2f294f2bbd673e69cb7f6233e70de0e792cbf0d25c1ed131b5a493867ae851054d1d8d9320939d3df2530bc30a347cb2546f2fb1bb4afe5a9743333d2f8acc54aea5d0638a0cdba530ea9fa1b1c91d50bb1ef92604b8547d94204631ec1d92bbe4c197c59f8d85c9a12875c181b4d98d8139a8ea6f5f37a671a4a1f96a7b6136fd1433eeab18463597285d52e05ac0ad6f1ccf94ba33472c71b3465b79e66071ce5b18433f9dca286119aac1399b19fc91de8f8015f1022e2eda389ee521a5ce9bcef8c50c76488045468759483740880d0d4787ff81c7f22b1017469169157e613933240c19fb608db8f6b56f28518b62506f6bd70936bcf2469075feda41a596f87849998688642e682ddb74631d93960503471c442e8d5b5934f19eabd7918a5b0993c07e095059915597d4b592a489f929a89eecf81b5aed15e61bda41bad331bc6c3ba71314d0a817d5ad3f7d5eac646cbe79a9e6c82220c50528dbc64afb0395a447e9ef5186a757fc1bbaf693dd2017a1ffb2479f8334f81cef7ffa16403769079145b354c5e5b30204b2e6d55b71dfc3ae7ccb36fcec67416a2d30c9303154942399529315b19e59365472d33607cf30d164f9809a8fbe427c064b24868cc4eea84094ed583cdaeb2cc3462f5d0d7df958db906029e2dad8ac8894003a137953ceed1fc7711a2a94b4d8e8d60a897c19f9e2f8bb39c2d0f1adb9542618fcf9c56fd1b133e05ae806e4263f96689b2bcf830d02e9a82a0668850ac2989c0512bce9116513ae15ea064f2607c595081a8c6f2af0373b8d457d4d898d0acb8463cc72cf36e30af742357280f0b492862caa046147ae31b8564d689be99c77fb802a25a813b2479464ac1309b35906fbd5e1b3192b94f61a3dc2e46cb043a16ab338358cf039f28f07f2516c225e857fe914529fa05aa7f922d29cd107858b2bd569d07a11fc119c8e191a777debd83957695c8806f6b35bf37a76d90057a4cddd6ece573e9ab900514ff75583dc5e2f67244ddfe71681fa2635668e0a334380fc29019f0127987735cb236d35f31d09a833871609817ab775a47b154ab72122dcabb7b41b59c4d4840a9cb7a5e604988d0fc6720fd01e18e9cd3899e4cb6551503835db9d58203f834eafd582dfa5e38d123ea1138023c55c8b7f549478fed82c16a65a9b7df02232a4a59f14ff5b2ae03ac5b97c2929ab7d410fc42697ad0acfc6309cd566066f93cab0862f7f917b32ac6e44256f1b8c95f357faab4db4108fa66fcc7985365", 0x1000}, {&(0x7f0000008140)="887113a4ccb1352153da85b27086513dc9317059041ec14bb65a480f2bfcec0120a2fb3f9e7da5f1", 0x28}], 0xa, &(0x7f0000008240)={0x108, 0x107, 0xffff, "dddaf533be99d9e1b581f257d7ced77bc6fcd2105f6b1dfa12d40bff16bd403c7370879f134bcfc44fc2af84d5355a523449aa5ccd60e140fc89ff86426662471addbcce9a92f431910bbf8edf870cef053ae10a144a5e983270000d7dc2c72c98725506b5f580ce90416907eb931d8d34ab903d64bc73b0b082fc733d5cce32f375c0f5e7884aa5e6a0154682a9ef27af216099f05c540d123d06e09c52dfc54f0501c86fd5c7401a261673f6a9f22d8da52d343768d900cc818d5731ebb84b4382bcdd357d374f592d5195fb04045deaceed15ff3a5027bd8ff9c0581dcbea09796114c10b352694de794cd57b98bccebe0860303e"}, 0x108, 0x4}], 0xa, 0x8000) ioctl$TIOCEXCL(r0, 0x540c) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x7ff) 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000480000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x20000000, 0x0) 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000004c0000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x29dde16f, 0x4001) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000000)) ioctl$CAPI_GET_FLAGS(r0, 0x80044323, &(0x7f0000000040)) 14:12:37 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsh', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000007a000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000600000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xc4', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:37 executing program 2: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000200)='/proc/capi/capi20ncci\x00', 0x410000, 0x0) ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000240)={0x8, 0x2, 0x5, 0xc0, 0x5, 0x80000001}) r1 = syz_open_dev$dspn(&(0x7f00000001c0)='/dev/dsp#\x00', 0x1, 0x4000) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000)="66bd9a0dc570be5de5c491db3c9ef3f6c7d2b3e363d617e87c345b90501f6cd59be797017fc112bbee38b831fc168b80182e267c649f47e264e5e16b807f06730176fa2192e1311d40700ce9fb3635b6474671fb81b3822fc5cdbfbc31f2fee4c157d375b2ecad26dc0d4ec98743062934daec522117463f479847f59b49dd3a33b3c14e67a27d6b1c543129bb42545f3d66de5c535560dca02d2d56a544ccb1a1a880ee25f321ec4fb258e7853eef141f7ff07e44cd9e95c0131118d165a97dd9ebe566003e8f9271de5e93", &(0x7f0000000100)="ffc5b0df443abf01b7ab9539e4a6fac3bcc86e33d0f40e7168304497a7c4569de9e70f19e55f3b5bec03f8d904d798d73ad2f10979a0332e4a7a9bc4b2539c36346e86bd0d855e0e477711109c5fd934404bc0de3cd171d194a660fc1aeb6104f084e63c38157e55203526238656fb", 0x1}, 0x20) [ 871.878607][ T5218] XFS (loop0): Invalid superblock magic number 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000680000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000100000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000006c0000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000000)=""/145) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f00000000c0)={0x8, 0x0, {0x2, 0x0, 0x3, 0x0, 0x3ff}}) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) 14:12:37 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x20100000, 0x0) 14:12:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000200000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000740000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsH', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:37 executing program 2: syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x400000000001, 0x4000) 14:12:37 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsl', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:37 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x11, 0x4000) 14:12:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000007a0000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000300000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:38 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) sendmmsg$nfc_llcp(r0, &(0x7f0000000fc0)=[{&(0x7f0000000000)={0x27, 0x0, 0x0, 0x1, 0x8001, 0xffffffff, "27e41df304b9de3031d88b1bb6769c69071d6456d58affd6edb0762fc5bd065bbeb7d38706b5b25c12e487328ccc35ecea409aa854836d5fdbed6f7fed2841", 0x1}, 0x60, &(0x7f0000000540)=[{&(0x7f0000000080)="33f8c775a75da47bcedcb7e08cb7", 0xe}, {&(0x7f00000000c0)="9fd1aade2142f1e70028da4f865070f86af48e972fbe6062cf42b4f7ea7b2eb5498a40eebe9f4b00f1ef8c8fdf1122904f5498c311a72e167f851a0b24cf6327d5", 0x41}, {&(0x7f0000000140)="3732e1b7048664ceb4", 0x9}, {&(0x7f0000000180)="f19b8bb18a4680c2417780f80eebd97aca89d4431b2cab0f3297be0d288bf5cc8dbaa45d0fb5b797656f39576eed26c5b5f85119876d994ac6fc887002bb4e1abcfd125e188ee38df25c0cc7bebec0", 0x4f}, {&(0x7f0000000200)="1fb2c1a7284698c81b28df5b48a15bf8bfa4fb", 0x13}, {&(0x7f00000002c0)="08d86ab91dbfc349697a498460d907e215351ac4bed8a55b0b68aa64001e7b7f42bbd6a9c0cd7b14ccc934918b89d427aac239e3a9bac7f06859f1ffd99c10d04ed4e1e0f0a12089cebd79c84393d8e9549ac465ebc5a4f652b06d0ab756823da7df64acc057e41658670e7af833aee4480c7bca753f9c64dc6d1196e9e96a99d1b998adb34abbf66cc4f6017179c64be947cbb82c80aaa3f57708b704586156aeef359d562fa21a4d38acdc3c512e2a75b8a0ea6cd5fcac89bd31e80e03", 0xbe}, {&(0x7f00000010c0)="5dd7894d54f467fad04c451825be4290deb2d89c55529f45c2fa4e43f72aad", 0x1f}, {&(0x7f0000000380)="72c38bde2be83c965af919788798397e497a5c7cfba754ec45349cffd3b284da60dd6450bc4f1dbe97215f1652a9f8a4da75c6218b70c6bf62be6d39240e32e2743638677517c33c6c95ec68579de485737e0db3364cf94ceba5b1a2adc58ed4f5968a02af983befac27beb903d508b31111c82c3c3f455ae3d061f82fbfde999b539b3cd3bc10b7c9c96e2a0a435c92c1bfa5df16a3259cfa6439ce5738cc79daa662af1b5104afd56ce846350011760b84c17db4bde26b53a5ed47a302cad38215acc24a75a05529faf63f617e893fbbedc6270d0edccfdb9b9cb3fd6d2ab08a669a8b4637c9abef885904e263acedb79b70e444bb93935ded473b", 0xfc}, {&(0x7f0000000480)="e9d6a7007c2724aecc328025ae2f3318e0b0de45dacfc774ed20a079dbb9fe19318c3554d647847b980872e0ab316a719103ebd231de76f47ace4dd9f77cc1e34f13c79c8cd683c1df47cf57b7ff2197a2e43085532373292155fa79795bb3a9ac43323fa94c4a6bac0e93cdf83a75e1b7b451df2b5da758dfeb11cb7dc2dc3fc2d0d1d51196b788c9babdd7440e65d9a35873f8f7473c6674b7e744ee6cc51906528f3abaabe0d7b72784", 0xab}], 0x9}, {&(0x7f0000000600)={0x27, 0x0, 0x1, 0x7, 0xffffffff, 0x5, "30bf48b9a215fbe3aa0d807d33e641e3350013d2dc80741d56c80f4981fc09e8f525c902ff68b4486095d8f2f2d59cfb5aa00256675109b19405d7b3932585", 0x24}, 0x60, &(0x7f0000000840), 0x4, &(0x7f0000000880)={0x20, 0x0, 0x7fffffff, "0994e2d323c9e4433cbeb9"}, 0x20, 0x4000}, {&(0x7f00000008c0)={0x27, 0x0, 0x2, 0x5, 0xc3ac, 0x81, "25d9f5c444334d01f7c5ed5cce442ec3d8406f98125b866f1e2fd57c52cccac6996a93b86a164c9023609dc9575d389bf46257ba2c77a500", 0x33}, 0x60, &(0x7f0000000b80)=[{&(0x7f0000000940)="d4d77ab483accc7c5ce024edb7cabb955c1f195f33652e97fcbe02d7defbb085dd1b5e3876d988018c5a9f5d354721d7fa", 0x31}, {&(0x7f0000000980)="6d37562c8089467edef3e5e2b2d21cfcecb78e2da75348f7da6e54d078975ba1b69158e18ee7363a73c44948a1392aae680b73e6ea01779bf5389a9e9d306420597bd6f97430df4b871522524e1630ab0ca2752fd5a9882749f7ca0051c7f5fefc0ff562625360fcb4e44a083af3499c8c0f205feabd473c4083313f8128232e6efe5930f22432e6e8cb7c1fac4853bb5ac1546f2a34349a2a14eca7dde89624b638c2cc0ffde3adce4ea72e5abdf8c1b1ea61d64398a30ee354f667981ece8677a16742f61aba12c2db885ea893bd53ef26c7e3f8859d34bac9c651eec7d9aa8d64365e47775c35cd6560366cbea374e4c1c5", 0xf3}, {&(0x7f0000000a80)="327e816672f3598210032a5f592e12a316a03bd601ea5abd0bcf6b8b89c38f9d55c49d06e6cbf6bab17e7cf7dcc2a3ad8d3b163104432a8e111eba52aa6cd6e548fe04b7be2ea6c6dd26b6f67a78bd39ee3ec1c24916c0c79a9c0ed1b3ffaa1a1de05bcecc9ace48ac80e831983472f5d0635594dbfe459b2be2e43d7076c812e5a9e8dd1dcefb09dbf4e86b87d1ac14e2db866d825c063f519ea563bd25693148f43cacd7987000", 0xa8}, {&(0x7f0000000b40)="dbd4c5655e", 0x5}], 0x1000000000000101, &(0x7f0000000bc0)={0xc8, 0x11f, 0x9d, "c28dc46b9212863b57a5afcc9a031166262d8fa42b6427de928f075dda943270e4e42338901d4b4ce32ce5eb0b16478694f9a72594b17c8bb2ebfcfd48bace4faf89bc78cf559c941fc7b08b8becb43cebe998b2033d7fb74064c828b18b4b3f0a0292912d61001615abfc1f1e347c2d9ffb5238bba2716e352a487339a2c79a4506d2c6606343ee4484e8eaa72ad8bc26f9b43c9c4a04fe53003ff806d35c972386e399438608ba08d465fe3388f098fcd340b07f6dea"}, 0xc8, 0x4008080}, {&(0x7f0000000cc0)={0x27, 0x0, 0x0, 0x5, 0x5, 0x7, "d324b0d713210c208d6a60ab1a7c5d3256497cd0095ffe25afa0ab825d7b0aa96fee85bb07a8cf45bfa770c6793de1805a6aca6ba7d7cda6855b23c866c60f", 0xf}, 0x60, &(0x7f0000000ec0)=[{&(0x7f0000000d40)="4c90e93750fec71859b06043e4d87106a7a48155153f4be2b1a9e64f027d47a041eaadc90c469d7c1efd31ebd28d4d5d450a2886cf248fc3203fdfff4b220b062fe2cb0b1fcb465d01e68bf139c11f53053b72df17a3", 0x56}, {&(0x7f0000000dc0)="68c2a327827c1bfb9a61a7bbb1fefc68aa6608331e06b8d206493c34505c563d8c6ca8961e5b0829b35a6d0baae9fdd2fa87cdf30192d826935d288dd1deb43603b90ba7391e68c091143802ec15f603ddd6ed8fe2a8c0f7341ea9f4e3a6fd510f2c60cb85e54c6f3a7bd40fabc16272995d37cde727066f7dcd7b074c7329d89ed5f9cc6d5b2093b3f5b07c9e3f51db4fe3a615e0eb8a5404eab4a9933f13b348c4a6c9b061500b33ee98bbcc3a25d4142bbbd464a626fbb04e0ea18247bb550587f9b3e54e2d0c827846ba73b15bbf809cde017448b2e8c008b4d2dafd6009e369c3fd59c8a402", 0xfffffffffffffef2}], 0x2, &(0x7f0000000f00)={0x88, 0x84, 0x0, "009d953640a5a0513c2b41241e1b0f840e027fea267df65f2a66aa8f8e5654a30d2e06f897aa618900ad862423365dcfb2267f8291d428e98d4740d53f70e615d59b6cf1db0bf956e9f300658bb52ff417a78322b27c5d0afe7db0883b75ae18a7549309054ddbc9875bfcd5a43750d2d0ec"}, 0x88, 0x4}], 0x4, 0x24008000) 14:12:38 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfst', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000020000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:38 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x23000000, 0x0) 14:12:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000400000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000000)={@broadcast, @local, 0x0}, &(0x7f00000000c0)=0xc) getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)=0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x100000000, 0x4e24, 0x100, 0xa, 0x20, 0xa0, 0x0, r1, r2}, {0x40, 0x1ff, 0x81, 0x9, 0x100, 0x7, 0x6, 0x1}, {0x9, 0x7fffffff, 0x6, 0x2}, 0x5, 0x6e6bb7, 0x1, 0x0, 0x2}, {{@in6=@remote, 0x4d6}, 0x2, @in6=@rand_addr="a71b3e2c906915df702427a251aec7c3", 0x3507, 0x3, 0x3, 0x67, 0x7fffffff, 0x9, 0x8000}}, 0xe8) r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000180007141dffdd946f610500020081001f000005030008000a0015001200ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:38 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsd', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000030000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 872.768338][ T5299] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 14:12:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000500000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:38 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x226000, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000140)) socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000040), &(0x7f0000000080)=0x4) pipe(&(0x7f0000000000)) ioctl$SIOCRSACCEPT(r0, 0x89e3) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000040000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:38 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsz', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 872.877961][ T5305] XFS (loop0): Invalid superblock magic number 14:12:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000600000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:38 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f00000000c0)={0x80000000, 0x20f02b0f8, 0x39, 'queue0\x00', 0x83b}) ioctl$VIDIOC_DBG_S_REGISTER(r0, 0x4038564f, &(0x7f0000000040)={{0x3, @name="de9d4c136af50ff8a6664a8551c7080a74f8294996647674c9800705593b9b85"}, 0x8, 0x3, 0x8}) write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000000)={0xa, 0x1, 0x7, 0x1}, 0xffffffffffffff61) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x1) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={0x0}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000200)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x18) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000002c0)={r1, 0x800, 0x1, 0x4, 0x1, 0x40, 0x3, 0x7, {r2, @in6={{0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}}, 0x101, 0x4c3f, 0x5, 0x0, 0x1}}, &(0x7f0000000380)=0xb0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x80000001) truncate(&(0x7f00000003c0)='./file0\x00', 0xfffffffffffff001) 14:12:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000050000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:39 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x28010000, 0x0) 14:12:39 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x80', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000060000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000700000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:39 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x10000, 0xfffffffffffffffd) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e22, 0x7, @loopback}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={r2, @in6={{0xa, 0x4e21, 0x8, @mcast1, 0x98}}}, &(0x7f0000000200)=0x84) 14:12:39 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x88', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 873.673645][ T5349] binder_alloc_new_buf_locked: 37 callbacks suppressed [ 873.673655][ T5349] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 873.705837][ T5349] binder_alloc_new_buf_locked: 37 callbacks suppressed [ 873.705851][ T5349] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 873.723950][ T5351] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 873.732510][ T5349] binder_transaction: 37 callbacks suppressed [ 873.732527][ T5349] binder: 5348:5349 transaction failed 29201/-28, size 24-8 line 3148 [ 873.759980][ T5351] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x1f) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000080}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2f1fcacc0d", @ANYRES16=r1, @ANYBLOB="000c2cbd7000ffdbdf250200000004000400"], 0x18}, 0x1, 0x0, 0x0, 0x4048800}, 0x850) r2 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612) [ 873.778733][ T5351] binder: 5350:5351 transaction failed 29201/-28, size 24-8 line 3148 [ 873.800902][T23633] binder_release_work: 37 callbacks suppressed [ 873.800909][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000070000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 873.828937][ T5351] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 873.851211][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 873.856389][ T5351] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:39 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xc4', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 873.878942][ T5351] binder: 5350:5351 transaction failed 29201/-28, size 24-8 line 3148 [ 873.889166][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000a00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 873.935075][ T5378] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 873.965009][ T5365] XFS (loop0): Invalid superblock magic number [ 873.973895][ T5378] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:39 executing program 2: r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @local}, &(0x7f0000000040)=0x1c) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000080)={0x0, 0xc6, "207d0632782ce7711056e25559b1f2db6274fc5af72ee3923689dc3abeba626f287544a83493e3de946d74190f42f6a0d86c805264370aba6c79639458f0a97c7160204980306ee93602eeb71ec226de6c85ae6bafc122f916c6fdde5c3b0e9ebf3e10579c387b21f32be0e79ce56a1e20322dbb9a4f1928577f744d453f98b980f2add8277eec9098acb44aac55af9db86efe7cd47ccd1c9a28db81e4b7e691f9d5de5dc3bd229537a486d9105f66b13a16706bf1e90eb47457bc0cf48e8c81689a3f174b8f"}, &(0x7f0000000180)=0xce) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e20, @rand_addr=0x7}}, 0x80000001, 0x7, 0xffffffffffffff83, 0x0, 0x1}, 0x98) fcntl$dupfd(r0, 0x406, r0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:39 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xbc', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 873.994387][ T5378] binder: 5374:5378 transaction failed 29201/-28, size 24-8 line 3148 [ 874.005506][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 874.054787][ T5388] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 874.080575][ T5388] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 874.145263][ T5388] binder: 5387:5388 transaction failed 29201/-28, size 24-8 line 3148 [ 874.167541][ T5388] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 874.191683][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 874.198351][ T5388] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 874.208565][ T5388] binder: 5387:5388 transaction failed 29201/-28, size 24-8 line 3148 [ 874.217083][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:40 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3f000000, 0x0) 14:12:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000a0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:40 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x80000001, 0x0) write$P9_RLOPEN(r0, &(0x7f0000000040)={0x18, 0xd, 0x1, {{0x1, 0x4}, 0x7fffffff}}, 0x18) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080)={0x77}, 0x1) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x6, 0x3ffc) 14:12:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000001200000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:40 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xf4', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:40 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x0e', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:40 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x1, 0x4000) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000140)={0x1, 0x1, 0xfa00, {&(0x7f0000000200), r1}}, 0x19b) [ 874.588552][ T5409] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 874.626163][ T5409] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 874.655094][ T5409] binder: 5408:5409 transaction failed 29201/-28, size 24-8 line 3148 [ 874.655182][ T5415] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 874.676596][ T5415] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 874.690983][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000120000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 874.708708][ T5415] binder: 5406:5415 transaction failed 29201/-28, size 24-8 line 3148 [ 874.740922][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000002000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 874.790164][ T5421] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 874.828607][ T5421] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:40 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x3ff, 0x0) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f00000000c0)={0x2, 0x7}) accept4$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14, 0x80800) [ 874.844066][ T5421] binder: 5420:5421 transaction failed 29201/-28, size 24-8 line 3148 [ 874.864751][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 874.879540][ T5432] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000480000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:40 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsH', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 874.891000][ T5432] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 874.907057][ T5432] binder: 5431:5432 transaction failed 29201/-28, size 24-8 line 3148 [ 874.931814][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 874.956522][ T5428] XFS (loop0): Invalid superblock magic number 14:12:41 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x40000000, 0x0) 14:12:41 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x80', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004800000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:41 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000004c0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:41 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsd', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000600000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:41 executing program 2: syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xfffb, 0x4802) 14:12:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004c00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000680000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:41 executing program 2: socket$kcm(0x29, 0x2, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2) ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f00000002c0)=""/219) r1 = msgget(0x1, 0x484) msgctl$IPC_INFO(r1, 0x3, &(0x7f00000003c0)=""/237) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x5, 0x5, 0x5, 0x401, 0x51}, &(0x7f0000000140)=0x98) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000000200)=""/104) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000180)={r2, 0x8}, 0x8) openat$ion(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ion\x00', 0x30000, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x402002, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x8000000007, 0x4000) [ 875.969256][ T5472] XFS (loop0): Invalid superblock magic number 14:12:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000006c0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:42 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x40030000, 0x0) 14:12:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:42 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:42 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x80', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x101001, 0x0) ioctl$TIOCCONS(r0, 0x541d) r1 = msgget(0x0, 0x14) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x109503, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000240)=0xe8) setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000002c0)={r3, @loopback, @local}, 0xc) msgsnd(r1, &(0x7f0000000000)={0x1, "091c01c543d507fe8b77946879b4d916977be30bc1237af5c8b378dab9a5369d47671606c378247066831e9208804b0b600d50c5ead417f0fafe7bc0d8c2acf39d9984ee239a9bca6dbd98a0752cbd5f4d21cfed7bfc902604dd2ead0eed9e84c5e2f41754d1442b019f075bdf3fa4762b38795b48d08f1bfcb9fdfbb80942d401197bdb40bb1a98e7d56408f58978ab434ea32fb7c6a0063047"}, 0xa2, 0x800) socket$inet6_udp(0xa, 0x2, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000740000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000007a0000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006800000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:42 executing program 2: r0 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x0) close(r0) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) fcntl$setsig(r1, 0xa, 0x22) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x1, 0x7207, 0x3f, 0x4}) mknodat(r1, &(0x7f00000000c0)='./file0\x00', 0x100, 0x40) 14:12:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006c00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000300000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 876.909170][ T5506] XFS (loop3): Invalid superblock magic number 14:12:42 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xbc', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:42 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x42534658, 0x0) 14:12:42 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x401, 0x88002) 14:12:43 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs(', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000500000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007400000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:43 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f0000000000)=""/124, &(0x7f0000000080)=0x7c) 14:12:43 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x0e', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:43 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x48000000, 0x0) 14:12:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007a00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000600000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:43 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000880)={{{@in=@initdev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@ipv4={[], [], @initdev}}}, &(0x7f0000000980)=0xe8) sendmsg$nl_route_sched(r0, &(0x7f0000000ac0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)=@newqdisc={0xb0, 0x24, 0xa, 0x70bd27, 0x25dfdbfc, {0x0, r1, {0x0, 0x4}, {0x9, 0xf}, {0xffff, 0xe}}, [@qdisc_kind_options=@q_prio={{0xc, 0x1, 'prio\x00'}, {0x18, 0x2, {0x10, "13750a26479f514cfbd8326bd810d21f"}}}, @qdisc_kind_options=@q_fq_codel={{0x10, 0x1, 'fq_codel\x00'}, {0x1c, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x3}, @TCA_FQ_CODEL_ECN={0x8}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x81}]}}, @qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0x6f1942a3d8b441dd}, @TCA_TBF_BURST={0x8, 0x6, 0x4}, @TCA_TBF_PBURST={0x8, 0x7, 0x1ae2}, @TCA_TBF_PRATE64={0xc, 0x5, 0xb3f77966636ac5b0}]}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x1ff}]}, 0xb0}, 0x1, 0x0, 0x0, 0x800}, 0x4000801) 14:12:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000fffffdfd00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000700000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:43 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x8000000004000) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@loopback, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@mcast2}}, &(0x7f0000000200)=0xe8) sendmsg$nl_netfilter(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200004}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x1a0, 0x0, 0x8, 0x401, 0x70bd28, 0x25dfdbfd, {0xc, 0x0, 0x5}, [@typed={0x14, 0x3a, @ipv6=@loopback}, @nested={0x134, 0x8f, [@typed={0xc, 0x3e, @u64=0x802000000000000}, @typed={0x8, 0x95, @fd=r0}, @typed={0x8, 0x5c, @u32=0xffffffff}, @generic="940ade45ae437d257d005a03d978edde4f53f0534d9b30b2e4bc6c8da9949a5fee96e27ed7a40b8bec3a0d2354e33709cf41232364fd3678cb0e350adbf7a8a8901cef86897694cb2da85d7d5997572aee36780583b2606e67fb307f7f058fa3d7c5e9e1a815", @typed={0x8, 0x10, @ipv4=@dev={0xac, 0x14, 0x14, 0xc}}, @typed={0x8, 0x65, @uid=r1}, @generic="c664b87d81bdf2d75ab7cbc8c14ed09e9a772b7ad2f509adcbbea85068e16a9f871646bb39a58271f5bcc96028767245a02fb9c21c70ce6cdf2dac4c0bc42c7fc2b4775eb66b1ec9eab9c820dfba4ebe7aaa804914ace5a0095d87c14fcdb8f6e1d7ebbd9622095c0db0a9cfa605ecfbf2daeb7b5996208f110483b770fc96e5f1cb06d47b9e724b1c73b6540fda88127ec78b67ae2773b895f5eb"]}, @nested={0x44, 0x89, [@typed={0x8, 0x43, @uid=r2}, @generic="243e88d0b5c867be05ef2daacbf14e6fd4f13b3783a10c417e6cc3dc5a1e916cd5f51d1f57600b", @typed={0x8, 0x24, @ipv4=@multicast1}, @typed={0x8, 0x84, @u32=0x8000}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8000}, 0x4) [ 877.887458][ T5562] XFS (loop0): Invalid superblock magic number 14:12:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000fdfdffff00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:43 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs4', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000a00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:43 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfsT', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:43 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)={r0, r0, 0x5, 0x1}, 0x10) 14:12:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000001200000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000001000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:44 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000040)=[0x4], 0x2) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0x8, 0x7fff}) r1 = shmget(0x3, 0x3000, 0x78000000, &(0x7f0000ffa000/0x3000)=nil) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/250) 14:12:44 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfsD', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:44 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4c000000, 0x0) 14:12:44 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x80', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 878.715414][ T5622] binder_alloc_new_buf_locked: 29 callbacks suppressed [ 878.715425][ T5622] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 878.745476][ T5622] binder_alloc_new_buf_locked: 29 callbacks suppressed [ 878.745491][ T5622] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 878.768171][ T5622] binder_transaction: 29 callbacks suppressed [ 878.768186][ T5622] binder: 5621:5622 transaction failed 29201/-28, size 24-8 line 3148 [ 878.768274][ T5629] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000002000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:44 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200, 0x0) [ 878.870289][ T5629] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 878.881511][ T5644] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 878.890157][ T5629] binder: 5628:5629 transaction failed 29201/-28, size 24-8 line 3148 [ 878.899003][ T5644] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 878.909028][ T5644] binder: 5643:5644 transaction failed 29201/-28, size 24-8 line 3148 [ 878.919505][T27606] binder_release_work: 30 callbacks suppressed [ 878.919513][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000002000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000003000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 878.964014][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 878.967338][ T5638] XFS (loop0): Invalid superblock magic number 14:12:44 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:44 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xbc', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 879.037208][ T5656] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 879.075751][ T5656] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:44 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x80', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 879.117221][ T5656] binder: 5655:5656 transaction failed 29201/-28, size 24-8 line 3148 [ 879.121187][ T5658] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 879.135414][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:44 executing program 2: lsetxattr$security_evm(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='security.evm\x00', &(0x7f0000000180)=@v2={0x0, 0x3, 0x4, 0x100000000, 0x93, "037972adf21955613795b6a4fd6f990932f15c21989dddb5cd606f7414be25694206cf76ad92a4d1cfe1931ebd3d88d4170240e081873b7cb82f60675061bee4b06c42c4b5301da1c5c609e7e513fc89dc1ffd2a3df0139b52e6fb93dde5ad29d85d36ba43f625fe4d26af2a0439ee925f9fbb2ea4ac5197887a31659f4bea8826cc23f0607686fd9575a5755459d78bac9bab"}, 0x9d, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x3, 0x1) lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.evm\x00', &(0x7f00000000c0)=@v1={0x2, "a9"}, 0x2, 0x1) [ 879.159834][ T5658] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 879.196474][ T5656] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 879.215856][ T5658] binder: 5657:5658 transaction failed 29201/-28, size 24-8 line 3148 [ 879.240173][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 879.250171][ T5656] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000004000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:44 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000000)) ioctl$TIOCCBRK(r0, 0x5428) [ 879.283835][ T5656] binder: 5655:5656 transaction failed 29201/-28, size 24-8 line 3148 [ 879.299048][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 879.345655][ T5675] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 879.389256][ T5675] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 879.405251][ T5675] binder: 5672:5675 transaction failed 29201/-28, size 24-8 line 3148 [ 879.416196][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:12:45 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x58000000, 0x0) 14:12:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004800000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:45 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000000)={'irlan0\x00', 0x8001}) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x7, 0x21, 0x1}, 0x7) 14:12:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000005000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:45 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:45 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xc8', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 879.764445][ T5685] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 879.792420][ T5685] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:45 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/stat\x00') r1 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={0x0, 0xfffffffffffffff7}, &(0x7f0000000100)=0x1000001cf) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000140)={r2, 0xff}, &(0x7f0000000180)=0x8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x2200, 0x0) prctl$PR_SET_KEEPCAPS(0x8, 0x1) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f0000000200)=0xe8) r4 = getuid() mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x2, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB="60a1800f880000", @ANYRESHEX=r1, @ANYBLOB=',access=user,aname=/dev/dsp#\x00,loose,uid<', @ANYRESDEC=r3, @ANYBLOB=',appraise_type=imasig,uid>', @ANYRESDEC=r4, @ANYBLOB="2c6673757569643d63003135716200652d3863777d2d0034677f2d65383d332d7b333934737775382c00"]) [ 879.814550][ T5695] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 879.823514][ T5685] binder: 5684:5685 transaction failed 29201/-28, size 24-8 line 3148 [ 879.838394][ T5695] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 879.855771][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:12:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000006000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 879.875868][ T5695] binder: 5683:5695 transaction failed 29201/-28, size 24-8 line 3148 [ 879.918511][ T5687] XFS (loop5): Invalid superblock magic number [ 879.926656][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 879.939465][ T5702] XFS (loop0): Invalid superblock magic number 14:12:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004c00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:45 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xfe', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 879.992775][ T5721] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 880.020109][ T5721] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:45 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000000)={0x6, 0x1fffffffe}) [ 880.038505][ T5721] binder: 5718:5721 transaction failed 29201/-28, size 24-8 line 3148 14:12:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000007000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 880.070903][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 880.082023][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:12:46 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x58465342, 0x0) 14:12:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000a000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:46 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x200000000001, 0x4000) 14:12:46 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:46 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs(', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000012000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:46 executing program 2: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vsock\x00', 0x8802, 0x0) ioctl$SIOCGETNODEID(r0, 0x89e1, &(0x7f0000000400)={0x2}) 14:12:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006800000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000020000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:46 executing program 2: r0 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x1, 0x81) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000140)) r1 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', '', [{0x20, 'vmnet1/nodevwlan1trustedselinux&'}, {0x20, '/dev/dsp#\x00'}, {}, {0x20, '/dev/dsp#\x00'}, {0x20, 'keyringselinux[%nodev#@!lokeyring'}], 0xa, "f1f35a19940d147c8cb0ba6260aa4f53971a9faf4d7b3d62aa2cda1c336f737bd6b63d23c65608f7334d0cff542dfea5386e00d04c52e17891a03131e0a1e6239d78dc8f10cf009dd1fe61099e53a797c1c227fd6687395cb1a1f7f6f05e3f6756e2bfdb"}, 0xc2) [ 880.802830][ T5757] Unknown ioctl 35297 14:12:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006c00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 880.898664][ T5748] XFS (loop3): Invalid superblock magic number 14:12:46 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x60000000, 0x0) 14:12:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000048000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:46 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x80', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:46 executing program 2: r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x9, 0x4000) write$binfmt_aout(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="070108083f000000ca030000fcffffff71000000060000000000000000000000ea4ea0e9bd5886747023de7fe72e471b29b91ee5b8a18a8eab2b8fff6ee057ed1220b41123c30e381eb71a3ff29c99d6b06d2ac09ebcc02674bf2fd8fc0d72f16b3d26fa9aca7349840ece5c9e6223649890fad7fb52e2636d125caf1f7b95b83eec0a2820effcbef3f8ac14fc4586f1a7a4e6ecc5030f0ad07f20acb193b401bf7583d26943aa121f7bcf5bfe0d44aa1eb350f16661bf2317daa23f6d85844b1bf08c1a709dfa6e5722a247e5013071994f9479d34f637163530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a6ccab19583861a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001972c344b58269031eaca8f8eec7446f1579b836922b09e84662506650353e91966a3ae3787040c76231db1fcee6202b0f927854ebb170592f93d2ccf32501b3964941dc1d52b8818e7930931ee449e06e1fc8"], 0x2da) syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x3ff, 0x129880) ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x2, @bcast, @bpq0='bpq0\x00', 0x7, [@bcast, @null, @bcast, @bcast, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}) ioctl$KVM_SMI(r0, 0xaeb7) ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x81, 0x5, 0x3000}, 0x4) [ 881.096927][ T5782] XFS (loop0): Invalid superblock magic number 14:12:47 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007400000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000004c000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:47 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x4000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x4000, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000000)) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={0x0, 0x4}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000300)={0x5, 0x2, 0x1, 0x4}, 0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f00000002c0)=r2, 0x4) write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0', [{}, {0x20, '/dev/vga_arbiter\x00'}], 0xa, "2e7d211f87ae5baa600ea4a4edfbb40a0022b6d37aaf5f097232358d24253f38e797c28b874b07f039571609611b29762c9612572dc9c3f3359f7e034bac7e99e4b45890d7206138f53aba42681d68f6c05ccd49d0bf33eea3fb6fe5ec3990a7914e1863c6aa7ae5a9074589a13235edd62fbc5237f410b8625727e20ea150adfde36fc4920ddd8c3385662b6fa76766bd2900b3a5c164bda03a964f27a09e214be6345dd2fd4c2f7cefc454c0d276cc854e56d5a01b1ca8431126a20da3b3db4dfdba7715c95e879c85d00d6d2179bc93ff3c369cfe0015286430cf"}, 0xfa) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x10601, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 14:12:47 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xbc', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000060000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007a00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:47 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x62000000, 0x0) 14:12:47 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000040)=@get={0x1, &(0x7f0000000000)=""/37, 0x8}) 14:12:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000068000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000010000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 881.894175][ T5822] XFS (loop3): Invalid superblock magic number 14:12:47 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xc8', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 882.046087][ T5842] XFS (loop0): Invalid superblock magic number 14:12:48 executing program 2: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x20042) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000040)=0x3173060a) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000006c000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000020000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:48 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:48 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\xfe', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000074000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000030000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:48 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x64010000, 0x0) 14:12:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000040000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000007a000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:48 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xa131, 0x3fff) 14:12:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000fffffdfd000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:48 executing program 2: syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x4, 0x4000) 14:12:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000050000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:48 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 882.925986][ T5882] XFS (loop3): Invalid superblock magic number [ 883.008349][ T5899] XFS (loop0): Invalid superblock magic number [ 883.135168][ T5920] XFS (loop5): Invalid superblock magic number 14:12:49 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:49 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x200000, 0x0) 14:12:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000002000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000060000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:49 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x68000000, 0x0) 14:12:49 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000070000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000003000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:49 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x5, 0x4000) openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20000, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x8000, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000)=0x6, 0x4) [ 883.783024][ T5957] binder_alloc_new_buf_locked: 31 callbacks suppressed [ 883.783036][ T5957] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 883.799795][ T5957] binder_alloc_new_buf_locked: 31 callbacks suppressed [ 883.799809][ T5957] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 883.808564][ T5959] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 883.825133][ T5957] binder_transaction: 31 callbacks suppressed 14:12:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000a0000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:49 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x3ffc) ioctl$void(r0, 0x5451) setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000000)=0x24d, 0x4) flistxattr(r0, &(0x7f0000000040)=""/151, 0x97) [ 883.825148][ T5957] binder: 5952:5957 transaction failed 29201/-28, size 24-8 line 3148 [ 883.840165][ T5959] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 883.872764][ T5947] XFS (loop3): Invalid superblock magic number [ 883.875654][ T5959] binder: 5958:5959 transaction failed 29201/-28, size 24-8 line 3148 14:12:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000004000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 883.906957][ T5976] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 883.922216][ T5953] XFS (loop5): Invalid superblock magic number [ 883.930210][ T5976] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 883.945123][ T5976] binder: 5971:5976 transaction failed 29201/-28, size 24-8 line 3148 [ 883.968920][T27606] binder_release_work: 32 callbacks suppressed [ 883.968927][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 883.992923][ T5986] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 884.012820][ T5986] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 884.023537][ T5986] binder: 5983:5986 transaction failed 29201/-28, size 24-8 line 3148 [ 884.037999][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 884.049064][ T5973] XFS (loop0): Invalid superblock magic number [ 884.375038][ T5953] XFS (loop5): Invalid superblock magic number 14:12:49 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:49 executing program 2: r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000120000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000005000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 884.504417][ T6003] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 884.519630][ T6003] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 884.541160][ T6005] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:50 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6c000000, 0x0) [ 884.549845][ T6003] binder: 6002:6003 transaction failed 29201/-28, size 24-8 line 3148 [ 884.563779][ T6005] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 884.580867][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 884.587132][ T6005] binder: 6004:6005 transaction failed 29201/-28, size 24-8 line 3148 [ 884.627571][ T6005] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 884.627725][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 884.644895][ T6005] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 884.668800][ T6005] binder: 6004:6005 transaction failed 29201/-28, size 24-8 line 3148 [ 884.677866][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 884.700488][ T6008] XFS (loop3): Invalid superblock magic number [ 884.720590][ T6014] XFS (loop0): Invalid superblock magic number 14:12:50 executing program 2: r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r0, 0x111, 0x2, 0x0, 0x4) syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000200000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:50 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000006000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 884.852668][ T6031] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 884.870063][ T6031] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:50 executing program 2: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8001, 0x4) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xb4, r1, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xf2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x28}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1e0}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd42}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x40}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4004890}, 0x44000) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) [ 884.898558][ T6032] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 884.912376][ T6031] binder: 6029:6031 transaction failed 29201/-28, size 24-8 line 3148 [ 884.916105][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:12:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000480000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 884.951097][ T6032] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 884.986262][ T6032] binder: 6030:6032 transaction failed 29201/-28, size 24-8 line 3148 14:12:50 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$cont(0x9, r1, 0x9, 0x0) connect$x25(r0, &(0x7f0000000000)={0x9, @remote={[], 0x2}}, 0x12) fallocate(r0, 0xb, 0xba2a, 0xfffffffffffffffd) connect$x25(r0, &(0x7f0000000040)={0x9, @null=' \x00'}, 0x12) [ 885.013916][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 885.014141][ T6032] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 885.039634][ T6032] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 885.056053][ T6042] binder: 6040:6042 transaction failed 29201/-28, size 24-8 line 3148 [ 885.065041][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 885.100604][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 [ 885.141121][ T6038] XFS (loop5): Invalid superblock magic number [ 885.195656][ T6008] XFS (loop3): Invalid superblock magic number 14:12:51 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000007000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000004c0000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:51 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x400000000100081, 0x4000) getsockopt$rose(r0, 0x104, 0x2, &(0x7f0000000100), &(0x7f0000000140)=0x4) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f0000000080)={0xfff, 0x1, 0x100000001}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000040)={0x6, 0x5, 0xc60}) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f00000000c0)=0x1, 0x4) prctl$PR_SET_TSC(0x1a, 0x1) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000), 0x4) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f00000001c0)={0x0, @src_change}) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000280)=0x9) 14:12:51 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x74000000, 0x0) 14:12:51 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000600000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 885.681543][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:12:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000a000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:51 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x20005) 14:12:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000012000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 885.787857][ T6067] XFS (loop0): Invalid superblock magic number 14:12:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000680000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 885.829499][ T6079] XFS (loop5): Invalid superblock magic number [ 885.847481][ T6076] XFS (loop3): Invalid superblock magic number 14:12:51 executing program 2: syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x3ffd) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5, 0x200) 14:12:52 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000048000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000006c0000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:52 executing program 2: r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000008, 0x1110, r0, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:52 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x76000000, 0x0) 14:12:52 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000004c000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000740000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:52 executing program 2: openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x400000, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x4000) splice(r0, &(0x7f0000000080), r0, &(0x7f00000000c0), 0x8, 0x1) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000140)=ANY=[]) ioctl$SIOCGETLINKNAME(r1, 0x89e0, &(0x7f0000000140)={0x1}) 14:12:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000060000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000007a0000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 886.828583][ T6129] XFS (loop0): Invalid superblock magic number [ 886.846973][ T6135] XFS (loop3): Invalid superblock magic number 14:12:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000068000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 886.997147][ T6160] XFS (loop5): Invalid superblock magic number 14:12:53 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:53 executing program 2: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001400)={'teql0\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f00000000c0)=""/82) r2 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x6, 0xa80) bind$xdp(r0, &(0x7f0000001480)={0x2c, 0x2, r1, 0x25, r2}, 0x10) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) write$FUSE_GETXATTR(r0, &(0x7f0000000080)={0x18, 0xfffffffffffffffe, 0x8, {0xec53}}, 0x18) 14:12:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000100000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000006c000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:53 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7a000000, 0x0) 14:12:53 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000074000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000200000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:53 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e23, @remote}}, 0x15, 0x9}, &(0x7f00000000c0)=0x90) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000100)=r1, 0x4) [ 887.714066][ T6192] XFS (loop0): Invalid superblock magic number 14:12:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000007a000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000300000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 887.762039][ T6191] XFS (loop5): Invalid superblock magic number 14:12:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000030000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:53 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs ', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:53 executing program 2: r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) ioctl$int_in(r0, 0x5421, &(0x7f0000000040)) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) epoll_create(0xffffffffffff7fff) 14:12:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000400000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000500000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:53 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x80010000, 0x0) 14:12:53 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000050000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:53 executing program 2: openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x20800, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000600000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:53 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:53 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x80020000, 0x0) 14:12:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000700000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000060000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:54 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x9, 0x100007d) read(r0, &(0x7f0000000140)=""/148, 0x94) 14:12:54 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x100) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, r1, 0x420, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x897}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000054}, 0x4000014) 14:12:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000a00000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000070000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 888.742837][ T6254] XFS (loop3): Invalid superblock magic number [ 888.799482][ T6271] XFS (loop5): Invalid superblock magic number [ 888.824255][ T6291] binder_alloc_new_buf_locked: 35 callbacks suppressed [ 888.824265][ T6291] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 888.840766][ T6291] binder_alloc_new_buf_locked: 35 callbacks suppressed [ 888.840788][ T6291] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 888.860919][ T6293] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 888.869508][ T6291] binder_transaction: 35 callbacks suppressed [ 888.869526][ T6291] binder: 6290:6291 transaction failed 29201/-28, size 24-8 line 3148 [ 888.890234][ T6293] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 888.900179][ T6293] binder: 6292:6293 transaction failed 29201/-28, size 24-8 line 3148 [ 888.909009][ T6291] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 888.918208][ T6291] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 888.928391][ T6291] binder: 6290:6291 transaction failed 29201/-28, size 24-8 line 3148 14:12:54 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:54 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x80969800, 0x0) 14:12:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40082, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) 14:12:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000a0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:54 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000001200000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 889.350912][ T6299] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 889.370391][ T6299] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 889.386411][ T6299] binder: 6297:6299 transaction failed 29201/-28, size 24-8 line 3148 14:12:54 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000040)="4ad6d921b2081b4bf1eebc962af1bec33654793853d0d161d13b6ce727e8df6b883fd3ef5e190762adce960f539efce388b04a85734883a0b976b4b70d25dfefed8819f733cdb1e037468992f9b739b4ed86e2156718b553f6bbbf56358bae54fee9493e2a9fcce06c5bf60be979982a7edc59979ecf5eb701e49aef1622b2b60b5ebf526e094079797f14ea2e330693067cd754eb2b450de64621c89927c055440038097b020912bc7a1ce6670ec8f07d36c82273ea1094fbad51a2312762d1099461098e083eab5a2b40aaf445672c7464071d67155cef9ab05986eef4f0d8ed2d791408", 0xe5) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000000)=0x2, 0x4) [ 889.395072][ T6303] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 889.412618][ T6303] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 889.422822][T23633] binder_release_work: 36 callbacks suppressed [ 889.422829][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000120000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 889.446650][ T6303] binder: 6302:6303 transaction failed 29201/-28, size 24-8 line 3148 [ 889.458123][ T6303] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 889.472982][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 889.479546][ T6303] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 889.495505][ T6303] binder: 6302:6303 transaction failed 29201/-28, size 24-8 line 3148 14:12:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000002000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 889.526562][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 889.561613][ T6310] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:55 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8cffffff, 0x0) [ 889.589010][ T6310] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 889.625737][ T6310] binder: 6306:6310 transaction failed 29201/-28, size 24-8 line 3148 14:12:55 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x8001}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000180)=@assoc_id=r1, 0x4) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={r2, 0x3, 0x7}, &(0x7f00000000c0)=0x8) [ 889.637126][ T6319] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 889.658055][ T6319] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 889.672025][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000200000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 889.700033][ T6319] binder: 6318:6319 transaction failed 29201/-28, size 24-8 line 3148 [ 889.719317][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 889.727685][ T6313] XFS (loop3): Invalid superblock magic number [ 889.737683][ T6311] XFS (loop5): Invalid superblock magic number [ 889.766756][ T6340] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 889.799670][ T6340] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 889.815897][ T6340] binder: 6338:6340 transaction failed 29201/-28, size 24-8 line 3148 [ 889.827410][ T6340] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 889.827543][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 889.852696][ T6340] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 889.864995][ T6340] binder: 6338:6340 transaction failed 29201/-28, size 24-8 line 3148 [ 889.877736][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:55 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:55 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) write$evdev(r0, &(0x7f0000000100)=[{{r1, r2/1000+10000}, 0x0, 0x2, 0xc3df}, {{r3, r4/1000+30000}, 0x5, 0x3, 0x5df4}, {{}, 0x2, 0x100000001, 0xffff}, {{}, 0xb187746a6412eab8, 0x1ff, 0xdc3a}, {{0x77359400}, 0x7, 0x7, 0xaf}, {{0x77359400}, 0x2, 0x7f, 0x6}], 0x90) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e22, @rand_addr=0x9}, @in6={0xa, 0x4e24, 0x1, @mcast2, 0x8}, @in6={0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, [], 0x18}}, @in={0x2, 0x4e23, @broadcast}], 0x58) 14:12:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000004800000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:55 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e000000, 0x0) 14:12:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000480000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:55 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x10', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000004c00000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000004c0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 890.485436][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 890.507293][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:12:56 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x3, 0x4) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0xffff, 0x4, 0x1, 0x22}, {0x8, 0x5, 0x4, 0x9}]}) [ 890.599801][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:12:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000006000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000600000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:56 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$RTC_VL_CLR(r0, 0x7014) 14:12:56 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs ', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:56 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:56 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xae000000, 0x0) 14:12:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000006800000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000680000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:56 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$RTC_UIE_ON(r0, 0x7003) 14:12:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000006c00000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000006c0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:56 executing program 2: syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x4, 0x4000) 14:12:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000007400000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 891.141585][ T6392] XFS (loop3): Invalid superblock magic number 14:12:56 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x40, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000000c0)={@rand_addr, @initdev, 0x0}, &(0x7f0000000100)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@local}}, &(0x7f0000000240)=0xe8) accept4$packet(0xffffffffffffff9c, &(0x7f0000001900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000001940)=0x14, 0x80800) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001a40)={{{@in6=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in=@broadcast}}, &(0x7f0000001b40)=0xe8) r7 = accept4$packet(0xffffffffffffffff, &(0x7f0000003200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000003240)=0x14, 0x0) r9 = syz_genetlink_get_family_id$team(&(0x7f0000000140)='team\x00') sendmsg$TEAM_CMD_NOOP(r7, &(0x7f00000005c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1001000}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)={0x1f0, r9, 0xa04, 0x70bd2a, 0x25dfdbfd, {}, [{{0x8, 0x1, r4}, {0x44, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r1}, {0x40, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r1}}}]}}, {{0x8, 0x1, r6}, {0x134, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r3}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r2}}}]}}, {{0x8, 0x1, r5}, {0x4}}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x4}, 0x4) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f00000034c0)={&(0x7f0000000040), 0xc, &(0x7f0000003480)={&(0x7f0000003280)=ANY=[@ANYBLOB="ec010000", @ANYRES16, @ANYBLOB="00012abd7000fddbdf250300000008000100", @ANYRES32=r1, @ANYBLOB="f800020040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000400000008000600", @ANYRES32=r2, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r3, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000900000008000600", @ANYRES32=r4, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000100000008000100", @ANYRES32=r5, @ANYBLOB="d00002003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r6, @ANYBLOB="40000100240001006c625f7473685f746f5f706f72745f6d617070696e670000000c000008000300030000000800040000000000", @ANYRES32=r8, @ANYBLOB="080007000000000054000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b00000024000400800066fb060000000101050800000000e000080003000000040009ff03000000"], 0x1ec}, 0x1, 0x0, 0x0, 0x840}, 0x0) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:56 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xb8010000, 0x0) 14:12:56 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 891.448270][ T6425] XFS (loop5): Invalid superblock magic number 14:12:57 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x03', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000740000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000007a00000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:57 executing program 2: r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xffffffffffffffff, 0x80) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x15) 14:12:57 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xc0ed0000, 0x0) 14:12:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000200000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:57 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x202000, 0x0) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f00000002c0)="3b6f45207d2114430c5b7536fc4dc74631bcdc7d060165a239f8672ca670928a280870b782e186bb136ccc91c5b082ef68274cbe6a650ff819b97b47638418d535b4aa4b51917b0610b8b08f07fc4649a17d94562b667e6b9e8182f0adcfd4c3ee3048e4aa8505eb4864d40332dc8aaeaeb5e81ed86be69f60f19df77ba51d59313d72cd8967a1af7d08bb21a5746619e7d545b75f264c3c46228bb94dde24d555faf16533bd451aa8819c7ca71f77abbdb11bd85e1e36b33d3bb84837803ec3a164e544e954ec5c3c4723551e1dec1137cffdd049608f204bc6da8e5e7b888c31678cb7cc945fddf88f2c46a17facd39eca4edbf9d6bf148961c7efe05420efa99784313cac73b4fb5b1823b0f2cdc9c0e0db12796d946ef8946372d09f33d96ccfc0b1073146409fbe62e3b2621daa6a4424f917b168511f94030d2c7b0aa11d99a3e5bbc4e30e445b32e80fe85ac65981711fd666d01c76a3b8736f5130398af8cb5fa9a91f8b3347cc05f231e3716a911ddf7e9fd35ee3c5fe496dfe36b07061560b397c5e6c441ea9982a5c96235c416209cf29d01c71263da02be3cb98c505ecb2be6f1430d4c868131d0aa131f1201af71a1124a48bdb30d44a8057f7fab2561f7d172a682ade6cf3bac7d3431e6c3375bf95db8db68c3fb38088f379d67835c40d3e6c1317cb5ceabec81de3e4764ea8bc72cbeef5e5fdc1502586dbbd18a964fa2ba3b12d023e7158d222316f41ad073bab260affed5a6aad1749d46fc7cd1038497c8b305fc67729973ced4d0eded021c90906ce9c3029a7c2c15c398281faa37047c40b75701a9ed569cc4cc8361d2e622253d093ded2db01cd96369ea1ef40ebaadc78ecd9b4c1379861f56776d1610e4c59849b73727684bc0b79da48a0c1045ae7caaf56c4faf0ed9fd8bc1fc17049757825c0650d1c4231ccd8078cb39b4a2fe0d421b5459d712c6d16595b17183ddbb2b257b916e2f1ce90623a05c57c1ffd6d095fde63b1d42f05ade2d02f8b64b68b5ac8d6e799d7210481903abcdd6045599672ade527e6a1da4e1b2f95eb5a7ab335a384a9c9e29d73ded5db8166018c73709162a4e0c7d1448dd9f1088330dfe1ede64a75f19796c3965585975b2807635122427988992980a46c971770c86ac7510bed24f2b1246e54dac6aa6581a60295fae2d2a953955f26885d7ad06385d025d265506fbfc51364d0fa72c9a2171eaee9b78ec4a8cb8d7711b11b5dd45aa270dc5eaa53f5100431b6197e02a74fec17e77e26d5942e274f9dd460512a567a7ccebd833f04910a397ca2db855458b9d458a875f577098b4d4926631a6b67a6848c952497cdaab766e1b805c137c80ef97e5dab47c66238217f1a8364507ee13207a94c61e7859f6604ee0aabe9d0fba9036000432ffa7e45e39a09e6ad7db67fd412d8c8f37f67df3acded04ff8a4f7c9eb6a2b46a148f94f9ccf6938aa6184fa065ac2538bfcbf6e4f86e1fad990abf59d9053cc4dbb530c9ca452d37b5beef91d6c2017b12fff8da31a556dddb8193adf5acec0f9508e4a382821d31709be892bc33f8302f5378d0ed58a67414b3d36344be2292f1345412d7351defac160c085364a60e7d3a554522e965d95f8a023653884190e25d1310863b470cae1d89481126e996f068aad19878d098ee61f0ece95c58a9d1ddd36f99d13ea8a7284db22a8476c20e3f29ef39674ec448e0935d41575b2f2fa01edcb31a140d904da96df0d33004d1db126a20db87bf37489189cba33c4e865d5c86c65e532061f6bc0f107d4275fcd385d1973554168e52d83419af4af56095c03b52e52ae0b13ca736b4999382fb76ca99be491591f7af772d031680543d6cadc71484d2d639f3d3954172dc5ec85c456a86a8a572904c309d76fea9a355611a286f1cffd19111251857be8f8a8373ddc025e884aaa5e02d4a379dfac974bd2c69d87089855502991dd93655b956878adaa9335e2553fe394e81dcfecf8e22a7ec5d93b1cfa0b195ef5b463a65fe3737d9bbecbced0f43186c1bba7a7ff617f1074c69db56691334553c591b1dbc35adcee1627355c755110440ef2d42508551da0a963ba867b8bcf208944c6c346056375ab6c264faa8352893c5675f2b2179e7ca7105dd3ab3174e0c0aa8cd59c0d9fe624bb3acda354e648405f54b00491cac34b1a0bbbd12de6e59b07df5acc6777941141df3eeabbb04e1fc5ff6ba1cf6e41c229993732ab6217a64fe06f4a3709bd2c06da3d2e2f7339685a2d7dc0e40df746c5523290f2043763ff1280a359ce815741b8a200dafdbba0b29a319176daab6b8732ac2f48093f75cd5ba946ba225d8f81e2390155b732215fb316e8751541fd76a13e4428f1011835711ce87fcd891b3708c51335f8b9c4756cf6ee3daba5cd81d2d89f8d6d49f13eba9d26ee8de60f2ddf0093c7778135eec0c5210478403ff52206cd35e6569e7fdaa7da5ca73c46f6f9b3369ef107a49252fca4771dd73a2c2708183f1464e7d5c58c8d5f3125f9b0af33f2a9f01aa65b479ab2d2f73cfa0f45ad427e879e9fbc8038b2a3955138375e89b507020c6b5e0ac95cba32a935521ae419818abd8120031d2cd8616c0a4e2d1dc04b382c5b7b38563502a36fa26e1cf998ef207b1d8fa9eaa61dfd715c882e47502443af2c03452becb70efcd4054cdc7c84364744d8e241ae3b02bf4cc4a6bd93a2284aa78b013264233b6a9aace571663ab9de6ff74c38eb3f2d8fdc549fa6015df060eba26ad72e9b06bf49184029e764bb74a2bd2d9434ca3ffa3e082c30db7420d729add6067fed8c04fe97833f2a25a50af69184294dceaf1b76124a51ea622e04167b68ccc24922706763f104dc9594a56b4af246602212cc92f90d2b39aef0c00c9fc5270b9dd3f7b3bf17407737fdb5ac68270ae58fb11d543f6bcb0e62c2868163d1989dc0544ec4f2cdca1584278b41221140dec03fde055b91c5676c0ac7140712c534cb45188c5811c84f453c08d6d850d453d4e8c82add2bb05e8f3760da624fbe8c70e1489b6843ff654709deb6fb6e1193645b103eb33427982cc2561d443484011c7cc4e8d60bd96905b9de8a87ea4b697de0576174ea13a0e97412288d650d2ce93664452e8730a8158554500e331e20fd1c5df101ba50f4e5105c373ceebf0b0f65ab8170b44b78e4a3a69475472cb0923b0b86d0c08484e167d66aa9a86cae63109c8227508e7aeb6336399798414c8fc24db77029043ac54f592ac841e0741bc7e04e75d19ca896f8f20eb72cec158983e32592bfab17eec923a46d2d581f6ddff102863638f0e4c960f66c1bbbe534fc9b45beb5f459168bdc2da42eb5c7ec9769fa3c53ba048bc0f2acd983901465e14ec93b9c14623f5fd2541e6303b74b01e2c7708a6e3ed61dc72d5aab026221d2197fe9f209067743752cb1c4badbc60d807259975db922da43761051515c7288870305f3dc14a1220549c2ee1f5e1ced82b58e6e72f2d15481a1d2781b2b1a5a92ec7375e754fbb4b167a52a1fd53fe9f0533dee26d53b2c6535197e9cea0dbeb260282e57ed912f4b21a5a7bb4ffc0cd5b87c5236cf4ebfc7dda6e283abcbe2ece111dd61dc7b5c4ed8a46ec6dc434f1b56079a1068f639e206486c76aab415f5f86ab6ad10d97e12afd4bdacc9918e727ab8c1e9d0bce9bfb528967b16be7956135cd8209b2ee8efec6f28ddf517b563ff36c38289fdcbe7272fea9ed7eaa93a62f7679d58f55bdd8262009f3df86da4fde07c034c5ff50c3a8b29589378686612333b88d1016caf3afef338c2b660971c3db4078d3df294974e02937b0ba412ec141f0eb9b3e9ee5a98d5961ca18b04ef24ce331150a9f8edaa9731f436d5186fd13eccf23a322ef3f181048c0c52e5fb2062eb3e6eca7bacc5b6cd74204018a397657643a79139b969ad8fa966d2a7987c01875da77fb9d30bf1112930437e4a928003103350e85542a40f6ce220381b7842757761dfac5d1bc28fb3f8a1402d10689ef58952712ef5076776005f9776acb62f91b4700297e7017e3f04ad15534b4d56db489344596d9534ee375b0b7d73db530bfe55227774a0656dc7557cd4283afe57d946f6bf69005eaaafcae7b03494103451f75a94bf4e1618b1db9337bd9b83e20583a96967e338c673696aec486c3c7d9a62630b46aae87dcf41a655c2321d2e090a2048c603ca7012759e5f4fde138a8ab686c7de38f9fc0de054307b39207271230e1750ae4e8d0619ac88ea4f7da31ff16f899ef3f3266e25d2dfed29695281d3f73d7180928381b0c2724ae52e992dfb175a0acb0a0221ede5ad8c4816288fbcb97cc11b4f3e06b308fcb91572d474b502badd5dcf19c7751cab816fa7713c133751773b97bf9df9048e1b374dca11ee878aad81e17534c2bfcf94f4a3c0b10f91b84f92517a4bda6581a5820ca58b0060eb3bf130f0c1244c1d5ae5b7ce584d3dc6d63b8cb8bce2bb746e3893f491bb5d4f1befab02b0a5b35266e1a4e9a264973f525c17b7a724565c09977c40dbb548c1ffe309f74fc98cb7c468f75b667a5ec22424aff0332330dd1944cc0ae9f031402354eba5194ce895b6ed3718d65848f8c87d76e269a2ee34bc8e8580777d6d9930a941c6f56c2bdfb463107f0fbf3c5e8cd7b6a996f5321093f4b69755167b4530050b9e27a4ace68149aed2831c45a03fa0e7ab9d26cd0a7bbf6966d2789a5414031f86032f12ea3b7607ad16a3a8f43be1e9db7cbd604d0e6c9e064bb7c00d0834afc80fb69c9bf3818ae55b5ba7f1283d2b5857dc5b3bc12c524b307ae29da950cb81bdba14f811b8a23ff67355b39f3b6e1321093fc46fd05d29ae049a498965ff8559fd0fcbdd0d2e2d4702ea42468365bb62581c601896736969b4fc8e40c09b1c64cc87a1996062b4d4100ea66734c131424b4700932774e5a088e1d37299927745aff76908179c9551d0bfaa4081ff8b7000fd1d39c711891030ecf836ee9628be0cea9bd030708b0410e6d57c697fb5205058743bf0d0aae172ba7309654575eb3d5b0442a112cfa1755f3148fa851e13c5f3ecb4a4d4299919d423e929acf59be1674843ac21ea99e09feb02628015afafa7fd29a91917ae763d47e82f0848014f9d5d7677cf1fea42e5318d9ac83178d228d781122ab8d062a5b2cc223f4d463d89d773e754d207f9f7a3b8f88ed244c6b6ce0d849d16f4f92e33016e5525883da4c1241741993cd556117521259d7e5e7b1b031ac7401bce8d87d437f89a7e2217b154bc6734790b6d3c10923ae6f6ca5e3d23a605fdb5450b3aa7983592559e6891e65ae5dd32ee5fc81f0f524f59f1246591ac0c2e50af1fdb89fb94b021235363feeeb0b3eda7703f545e963d5d1458e4334c714c305ce2e6c87650bf8ebd182ced334c37154034eea7b95588992c0a64490ebc0ccfd2c5828624afae6afc6bbac9ebcdba81d202ac91501c06987a2623d6c92ca9580779c09454297581db8f6c604a2828d6ead4ba1faed8af4d435021422d1f1436558815468938efd615b8ba213fe4bdc52612e553a3dddc741347f596ed5e374a925e0ba6d87e91f157a0f2441531b3caaded6a14fb39c1e2f88ab33db21d8d410cd26e5624e935440afa6eac8e0022abb3cfb5b4ff804076c95dd8eda707a7bf5ba9169cec13f8911bb26fe5d5e5fc611af89a6605bb569b9552d862437493e1cd27e93e0e84ac4c69ccf162cfc953213af1565eefa6f7084d837bfa72582a78ea35b10fff7b0b0") syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000007a0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:57 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x10', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:57 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0xd3, 0x0) 14:12:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000001000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000300000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 892.018044][ T6446] XFS (loop0): Invalid superblock magic number 14:12:57 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000002000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000400000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:57 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x4000) [ 892.362996][ T6482] XFS (loop3): Invalid superblock magic number 14:12:58 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xc4000000, 0x0) 14:12:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000500000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000003000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:58 executing program 2: syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:58 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:58 executing program 2: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x1, 0x0) write$FUSE_WRITE(r0, &(0x7f0000000040)={0x18, 0x0, 0x2, {0x43baa028}}, 0x18) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000600000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000004000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 892.896064][ T6507] XFS (loop5): Invalid superblock magic number 14:12:58 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:58 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)=ANY=[@ANYBLOB="0000010000000000090000000000000000000000074406676efa00000003000000008cf57d9cff482fcdaf58f4e0000000200000000000000000001000000008000700000000000000000000000000000000000000000000000010000000000000000000000000000001000000000000003e00000000000000080000000000000000000000000000000000000000000000803000000000000000000000000000006fffffffffffffffff0f000000000000ffffffff00000000000000000000000000000000000000000a0c1b032790f91a7008000000000000"]) 14:12:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000700000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000005000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:58 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xc8030000, 0x0) 14:12:58 executing program 2: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x54a, 0x4001) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000180)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x404000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYPTR, @ANYRES16=r1, @ANYBLOB="000125bd7a2843bd9d77ace211902f70005e4694e58e697eb453fbdbdf250d0000004400020094000100fe88000000000000000000000000010108000700b40c0000080002004e2400000875a15be889b17a55000100e982164d5de6c674942d593948d9d25a0800050008000000030000000800060002"], 0x3}, 0x1, 0x0, 0x0, 0x8000}, 0x2000004000000) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:12:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000a00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000006000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 893.313966][ T6545] XFS (loop3): Invalid superblock magic number 14:12:59 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x03', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000001200000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000007000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:12:59 executing program 2: syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x5, 0x4000) 14:12:59 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:12:59 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe2030000, 0x0) [ 893.837469][ T6575] binder_alloc_new_buf_locked: 34 callbacks suppressed [ 893.837480][ T6575] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:59 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x800) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000000)=0x9, 0x4) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x94402200}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xb0, r1, 0x24, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x54, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xe2319e5aa7da0db0}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1ff}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x28}}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3ff}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}]}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x16a}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xffffffff}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7c}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0xc040}, 0x1) [ 893.880873][ T6575] binder_alloc_new_buf_locked: 34 callbacks suppressed [ 893.880887][ T6575] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 893.897769][ T6574] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 893.906330][ T6575] binder_transaction: 34 callbacks suppressed [ 893.906345][ T6575] binder: 6570:6575 transaction failed 29201/-28, size 24-8 line 3148 [ 893.920766][ T6574] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000a000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 893.930537][ T6574] binder: 6572:6574 transaction failed 29201/-28, size 24-8 line 3148 [ 893.958403][ T6574] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space 14:12:59 executing program 2: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000580)={{{@in6=@empty, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f0000000680)=0xe8) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xb, 0x0, &(0x7f0000000000), &(0x7f0000000040)='syzkaller\x00', 0xdce, 0x72, &(0x7f00000000c0)=""/114, 0x41f00, 0x1, [], r0, 0x5}, 0x48) signalfd4(r1, &(0x7f00000001c0)={0x80}, 0x8, 0x80000) r2 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) ioctl$SNDRV_TIMER_IOCTL_TREAD(r2, 0x40045402, &(0x7f0000000200)=0x1) syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x5, 0x40002) ioctl$VIDIOC_G_SLICED_VBI_CAP(r2, 0xc0745645, &(0x7f0000000240)={0x8, [0x0, 0x80000000002, 0x9, 0x1, 0x100, 0x40, 0x0, 0x200, 0x1a, 0x8, 0x0, 0xce41, 0x44, 0x11, 0x1, 0x0, 0xffffffffffff3d08, 0x5, 0xdf7, 0x5, 0x7f, 0x100000000, 0x2, 0x1000, 0x9, 0x6c3a, 0x1, 0x4, 0x7ff, 0x100000001, 0x97, 0x7, 0x100, 0x3d32, 0xffffffffffff8000, 0x6c48, 0x7fffffff, 0x0, 0x9, 0x8, 0x100, 0x40, 0x3, 0x7f, 0x5, 0x6a7, 0x3, 0x5], 0x9}) [ 893.979373][ T6574] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 894.004279][ T6574] binder: 6572:6574 transaction failed 29201/-28, size 24-8 line 3148 14:12:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004800000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:12:59 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf6ffffff, 0x0) 14:12:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000012000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 894.076550][ T6594] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 894.090384][ T6594] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 894.101240][ T6594] binder: 6591:6594 transaction failed 29201/-28, size 24-8 line 3148 [ 894.143790][ T6598] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 894.183828][ T6598] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 894.186984][ T6583] XFS (loop3): Invalid superblock magic number [ 894.214370][ T6610] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 894.223531][ T6598] binder: 6597:6598 transaction failed 29201/-28, size 24-8 line 3148 [ 894.232650][ T6610] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:12:59 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:12:59 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000080)={{0x7c, @multicast1, 0x4e20, 0x2, 'rr\x00', 0x0, 0x7ff, 0x1e}, {@loopback, 0x4e23, 0x10000, 0xff, 0x7, 0x8aea}}, 0x44) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000040)=[@in={0x2, 0x4e24, @remote}], 0x10) syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x6, 0x4000004200000) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000100), &(0x7f0000000140)=0x4) 14:12:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000004c00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 894.242427][ T6610] binder: 6608:6610 transaction failed 29201/-28, size 24-8 line 3148 14:12:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000020000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 894.328565][ T6615] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 894.370852][ T6615] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 894.388319][ T6615] binder: 6614:6615 transaction failed 29201/-28, size 24-8 line 3148 [ 894.388840][ T6620] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 894.428378][ T6620] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 894.441185][ T6620] binder: 6619:6620 transaction failed 29201/-28, size 24-8 line 3148 [ 894.457381][T27606] binder_release_work: 38 callbacks suppressed [ 894.457387][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 894.457458][ T6620] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 894.479596][ T6620] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 894.489359][ T6620] binder: 6619:6620 transaction failed 29201/-28, size 24-8 line 3148 [ 894.497792][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:00 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:00 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf9fdffff, 0x0) 14:13:00 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x4000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000100)={0x0, 0x8000, 0x6, {0x77359400}, 0x0, 0xa24}) recvmsg(r0, &(0x7f0000000800)={&(0x7f0000000180)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000200)=""/82, 0x52}, {&(0x7f00000002c0)=""/192, 0xc0}, {&(0x7f0000000380)=""/157, 0x9d}, {&(0x7f0000000440)=""/221, 0xdd}, {&(0x7f0000000540)=""/250, 0xfa}, {&(0x7f0000000640)=""/202, 0xca}], 0x6, &(0x7f00000007c0)=""/2, 0x2}, 0x40012000) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000840)=r1) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000040)=""/146) syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) 14:13:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006000000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000048000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:00 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 895.080065][ T6640] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 895.095626][ T6640] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 895.106542][ T6637] binder: 6634:6637 transaction failed 29201/-28, size 24-8 line 3148 [ 895.116221][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:13:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006800000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:00 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x39fd, 0x400000) sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x4, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008090}, 0x4040800) 14:13:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000004c000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 895.131678][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 895.139378][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:13:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006c00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 895.253675][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 895.269528][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 895.279847][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:00 executing program 2: syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x2000000005, 0x200000) [ 895.298533][ T6638] XFS (loop5): Invalid superblock magic number 14:13:00 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xff0f0000, 0x0) [ 895.349948][ T6654] XFS (loop3): Invalid superblock magic number [ 895.360179][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:01 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000060000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:01 executing program 2: syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x4000) 14:13:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007400000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:01 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffdf9, 0x0) 14:13:01 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000068000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000007a00000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:01 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x2c840, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'nr0\x00', 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@initdev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f00000001c0)=0xe8) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0x0, r0, 0x0, 0x9, &(0x7f0000000300)='trusted{\x00', 0xffffffffffffffff}, 0x30) ptrace$poke(0x5, r3, &(0x7f0000000380), 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in=@rand_addr=0x101, @in6=@rand_addr="4d6164553f4afb509eb66ff30d5c277c", 0x4e23, 0x0, 0x4e21, 0x0, 0xa, 0x80, 0x80, 0x7f, r1, r2}, {0x8e, 0x6266, 0x7ff, 0x9, 0x4, 0x7fff, 0x9}, {0x8, 0x1, 0x9}, 0x3, 0x6e6bb9, 0x2, 0x1, 0x3, 0x1}, {{@in=@local, 0x4d4, 0xff}, 0x2, @in=@empty, 0x3501, 0x0, 0x3, 0x6, 0x59, 0x0, 0x9}}, 0xe8) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) fallocate(r4, 0x0, 0x40, 0xf85) [ 896.111972][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:13:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000003000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000006c000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:01 executing program 2: syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x3fd) [ 896.335305][ T6698] XFS (loop5): Invalid superblock magic number [ 896.448822][ T6707] XFS (loop3): Invalid superblock magic number 14:13:02 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:02 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xffffff7f, 0x0) 14:13:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000074000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000005000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:02 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x1, 0x4000) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000040)={0x0, 0x0, 0x8fb}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, r0}) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f00000000c0)={r1, r2, 0x4}) ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000000)=0x400) 14:13:02 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000006000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000007a000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:02 executing program 2: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x5, 0x4000) ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000040)=0x1) ioctl$KDDISABIO(r0, 0x4b37) 14:13:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000007000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000fffffdfd000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xffffff8c, 0x0) [ 897.649206][ T6756] XFS (loop3): Invalid superblock magic number [ 897.658229][ T6766] XFS (loop5): Invalid superblock magic number 14:13:03 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:03 executing program 2: r0 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x4, 0x2000) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)=0x3) r1 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x0, 0x80400) r2 = shmget(0x3, 0x2000, 0x10, &(0x7f0000ffd000/0x2000)=nil) shmctl$SHM_STAT(r2, 0xd, &(0x7f00000001c0)=""/138) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0, 0x6}, &(0x7f0000000040)=0x8) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x120) 14:13:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000fdfdffff000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000a000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:03 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffff6, 0x0) 14:13:03 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000012000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000010000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:04 executing program 2: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0xd00, 0x0) ioctl$VIDIOC_QUERYSTD(0xffffffffffffff9c, 0x8008563f, &(0x7f0000000040)=0x0) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000080)=r1) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000004c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x117, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000500)={0x5, 0x10, 0xfa00, {&(0x7f00000002c0), r2, 0x1}}, 0x18) socket(0x9, 0xe, 0x4) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000020}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x200, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x1c}}, 0x20040814) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000240)) syz_open_dev$dspn(&(0x7f0000000200)='/dev/dsp#\x00', 0x1, 0x4000) 14:13:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000020000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000020000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:04 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x5ab6aab717, 0x0) [ 898.695327][ T6808] XFS (loop5): Invalid superblock magic number [ 898.760139][ T6813] XFS (loop3): Invalid superblock magic number 14:13:05 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x01', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:05 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000140)=""/246) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000000)) 14:13:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000048000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000030000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x5ab7f26320, 0x0) 14:13:05 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 899.553107][ T6856] binder_alloc_new_buf_locked: 28 callbacks suppressed [ 899.553117][ T6856] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 899.569875][ T6856] binder_alloc_new_buf_locked: 28 callbacks suppressed [ 899.569889][ T6856] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 899.598772][ T6858] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 899.608387][ T6856] binder_transaction: 28 callbacks suppressed [ 899.608402][ T6856] binder: 6855:6856 transaction failed 29201/-28, size 24-8 line 3148 [ 899.619998][ T6858] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 899.639903][ T6858] binder: 6848:6858 transaction failed 29201/-28, size 24-8 line 3148 14:13:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000040000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 899.656539][T27606] binder_release_work: 21 callbacks suppressed [ 899.656546][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 899.683707][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:13:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000004c000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) 14:13:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x5ab9300e97, 0x0) [ 899.773777][ T6867] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 899.795005][ T6867] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 899.810786][ T6867] binder: 6865:6867 transaction failed 29201/-28, size 24-8 line 3148 [ 899.811580][ T6870] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 899.826800][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 899.849557][ T6870] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:13:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000050000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 899.870142][ T6870] binder: 6869:6870 transaction failed 29201/-28, size 24-8 line 3148 [ 899.884649][ T6870] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 899.899915][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 899.912669][ T6870] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:13:05 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) [ 899.942100][ T6870] binder: 6869:6870 transaction failed 29201/-28, size 24-8 line 3148 [ 899.950479][ T6880] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 899.959296][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 899.974424][ T6880] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:13:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000060000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000060000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 899.990564][ T6880] binder: 6875:6880 transaction failed 29201/-28, size 24-8 line 3148 [ 900.009673][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:13:05 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 900.104798][ T6883] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 900.119022][ T6883] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 900.129155][ T6883] binder: 6881:6883 transaction failed 29201/-28, size 24-8 line 3148 [ 900.129240][ T6885] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 900.139184][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000068000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:05 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xedc000000000, 0x0) [ 900.181919][ T6885] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 900.195756][ T6885] binder: 6884:6885 transaction failed 29201/-28, size 24-8 line 3148 [ 900.220506][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000070000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 900.270074][ T6899] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 900.286026][ T6899] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 900.297992][ T6899] binder: 6891:6899 transaction failed 29201/-28, size 24-8 line 3148 [ 900.321197][ T6890] XFS (loop5): Invalid superblock magic number [ 900.327718][ T6908] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 900.343163][ T6887] XFS (loop3): Invalid superblock magic number [ 900.347723][ T6908] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 900.360097][ T7653] binder: undelivered TRANSACTION_ERROR: 29201 14:13:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000006c000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 900.378825][ T6908] binder: 6907:6908 transaction failed 29201/-28, size 24-8 line 3148 [ 900.404069][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:13:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000a0000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:06 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r1) write$P9_RSTATFS(r4, &(0x7f0000000280)={0x43}, 0x43) recvmmsg(r2, &(0x7f0000000b80)=[{{&(0x7f0000000200)=@l2, 0x80, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 14:13:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000074000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x1000000000000, 0x0) 14:13:06 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000120000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000007a000000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2000000000000, 0x0) 14:13:06 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:06 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000dec000)={0x6, 0x4, 0x338d, 0x7, 0x0, 0xffffffffffffff9c}, 0x24) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000c88000)={r1, &(0x7f0000847f95), 0x0}, 0x18) 14:13:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000100000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000200000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000200000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:06 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4000000000000, 0x0) 14:13:06 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f0000000180)='./file0\x00', 0x0) move_pages(0x0, 0x3, &(0x7f0000000200)=[&(0x7f0000fef000/0x4000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil], 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @remote, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @remote={0xac, 0x14, 0x223}, {[@rr={0xffffff86, 0x3}]}}, @icmp=@timestamp_reply}}}}, 0x0) [ 901.184887][ T6934] XFS (loop5): Invalid superblock magic number [ 901.203194][ T6941] XFS (loop3): Invalid superblock magic number 14:13:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000480000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:07 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000300000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:07 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe000000000000, 0x0) 14:13:07 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 901.854992][ T6941] BUG: MAX_STACK_TRACE_ENTRIES too low! [ 901.860572][ T6941] turning off the locking correctness validator. [ 901.866900][ T6941] CPU: 0 PID: 6941 Comm: syz-executor.3 Not tainted 5.1.0-rc2-next-20190326 #11 [ 901.875910][ T6941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 901.885965][ T6941] Call Trace: [ 901.889517][ T6941] dump_stack+0x172/0x1f0 [ 901.893846][ T6941] save_trace.cold+0x14/0x19 [ 901.898441][ T6941] check_prev_add.constprop.0+0x8dc/0x23c0 [ 901.904250][ T6941] ? __save_stack_trace+0x99/0x100 [ 901.909356][ T6941] ? check_usage+0x570/0x570 [ 901.913948][ T6941] ? kasan_check_write+0x14/0x20 [ 901.918895][ T6941] ? graph_lock+0x7b/0x200 [ 901.923311][ T6941] ? __lockdep_reset_lock+0x450/0x450 [ 901.928823][ T6941] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 901.935149][ T6941] __lock_acquire+0x239c/0x3fb0 [ 901.940007][ T6941] ? mark_held_locks+0xf0/0xf0 [ 901.944769][ T6941] lock_acquire+0x16f/0x3f0 [ 901.949362][ T6941] ? flush_workqueue+0xf7/0x14c0 [ 901.954298][ T6941] flush_workqueue+0x126/0x14c0 [ 901.959145][ T6941] ? flush_workqueue+0xf7/0x14c0 [ 901.964077][ T6941] ? lock_downgrade+0x880/0x880 [ 901.968924][ T6941] ? pwq_unbound_release_workfn+0x2f0/0x2f0 [ 901.974817][ T6941] ? wait_for_completion+0x440/0x440 [ 901.980128][ T6941] ? __call_rcu.constprop.0+0x2a3/0x6c0 [ 901.985681][ T6941] drain_workqueue+0x1b4/0x470 [ 901.990441][ T6941] ? drain_workqueue+0x1b4/0x470 [ 901.995472][ T6941] destroy_workqueue+0x21/0x700 [ 902.000320][ T6941] xfs_init_mount_workqueues+0x4b0/0x660 [ 902.005952][ T6941] ? sb_set_blocksize+0xe4/0x110 [ 902.010887][ T6941] xfs_fs_fill_super+0x749/0x1670 [ 902.015905][ T6941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 902.022141][ T6941] mount_bdev+0x307/0x3c0 [ 902.026468][ T6941] ? xfs_test_remount_options+0x90/0x90 [ 902.032012][ T6941] xfs_fs_mount+0x35/0x40 [ 902.036338][ T6941] ? xfs_finish_flags+0x490/0x490 [ 902.041441][ T6941] legacy_get_tree+0xf2/0x200 [ 902.046115][ T6941] vfs_get_tree+0x123/0x450 [ 902.050612][ T6941] do_mount+0x1436/0x2c40 [ 902.054933][ T6941] ? copy_mount_string+0x40/0x40 [ 902.059864][ T6941] ? _copy_from_user+0xdd/0x150 [ 902.064710][ T6941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 902.070940][ T6941] ? copy_mount_options+0x280/0x3a0 [ 902.076387][ T6941] ksys_mount+0xdb/0x150 [ 902.080627][ T6941] __x64_sys_mount+0xbe/0x150 [ 902.085296][ T6941] do_syscall_64+0x103/0x610 [ 902.089976][ T6941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 902.095858][ T6941] RIP: 0033:0x45ac7a [ 902.099745][ T6941] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 902.119341][ T6941] RSP: 002b:00007f490e391a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 902.127834][ T6941] RAX: ffffffffffffffda RBX: 00007f490e391b40 RCX: 000000000045ac7a [ 902.135797][ T6941] RDX: 00007f490e391ae0 RSI: 0000000020000100 RDI: 00007f490e391b00 [ 902.143762][ T6941] RBP: 0000000000000000 R08: 00007f490e391b40 R09: 00007f490e391ae0 [ 902.151811][ T6941] R10: 000000000000009e R11: 0000000000000206 R12: 0000000000000003 [ 902.159795][ T6941] R13: 00000000004c6b80 R14: 00000000004dc190 R15: 00000000ffffffff [ 902.190947][ T7580] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 902.201530][ T7580] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 902.213937][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 902.221007][ T6995] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.228358][ T6995] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.228366][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 902.249357][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 902.256654][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 902.267211][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 902.274373][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 902.301171][ T6995] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.308484][ T6995] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.321859][ T6999] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 902.329146][ T6999] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' 14:13:07 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000004c0000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000400000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:07 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 902.383235][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.390544][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.393077][ T6995] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env 14:13:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000500000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 902.428645][ T6995] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.456100][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.466040][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' 14:13:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000600000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 902.500785][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 902.510191][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000600000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 902.545473][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 902.564514][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' 14:13:08 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x100000000000000, 0x0) [ 902.590807][ T6999] XFS (loop5): Invalid superblock magic number [ 902.608467][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 902.629704][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' 14:13:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000680000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 902.651370][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 902.659180][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 902.672127][ T7564] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.679268][ T7564] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.694239][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env 14:13:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000700000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 902.701771][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 902.722140][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.734053][ T7021] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 902.741391][ T7021] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 902.758287][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.773120][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 902.776383][ T7025] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.788827][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' 14:13:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000a00000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 902.809062][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 902.817919][ T7025] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.824841][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 902.845191][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 902.852708][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 902.863275][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 902.870447][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 902.880970][ T7025] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.883611][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 902.888119][ T7025] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.893336][ T7025] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.895962][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 902.906138][ T7025] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.915295][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.940861][ T7021] XFS (loop3): Invalid superblock magic number [ 902.942542][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.950987][ T7025] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 902.957884][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 902.964732][ T7025] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 902.973455][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 902.995116][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 903.002329][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 903.031278][ T6999] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.040893][ T6999] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.053886][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 903.056209][ T7041] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.061081][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 903.061478][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.069498][ T7041] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.078658][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.109164][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.116378][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' 14:13:08 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 903.223148][ T7580] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.230398][ T7580] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.245652][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.252889][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.254809][ T7044] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.273170][ T7044] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.358213][ T7044] XFS (loop5): Invalid superblock magic number [ 903.380791][ T7021] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 903.388031][ T7021] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 903.402898][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 903.405357][ T7021] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 903.410034][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 903.430053][ T7021] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 903.451819][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 903.458960][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:09 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000006c0000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000001200000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:09 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x03', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x200000000000000, 0x0) 14:13:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000002000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000740000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 903.611823][ T7061] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 903.627939][ T7061] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 903.670938][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 903.681005][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 903.709705][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env 14:13:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000004800000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 903.717846][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 903.750869][ T7061] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env 14:13:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000007a0000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 903.763514][ T7061] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 903.781583][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 903.811248][ T7044] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.817982][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 903.819826][ T7044] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.854155][ T7070] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 903.861716][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 903.868867][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 903.869451][ T7070] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 903.879490][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 903.897093][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 903.907681][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env 14:13:09 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x300000000000000, 0x0) 14:13:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000004c00000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 903.914890][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 903.930723][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 903.942249][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 903.957664][ T7044] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.970970][ T7044] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 903.988201][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 903.997489][ T7079] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 904.004776][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 904.006457][ T7079] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 904.017394][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 904.033049][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 904.043603][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 904.050750][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 904.061304][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env 14:13:09 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x01', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:09 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000fffffdfd0000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006000000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 904.068415][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 904.078934][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 904.086065][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 904.096609][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 904.103764][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 904.170843][ T7070] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 904.195404][ T7070] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 904.221320][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 904.228595][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 904.274347][ T7079] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 904.291160][ T7079] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 904.316867][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 904.324295][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 904.353398][ T7580] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 904.369394][ T7580] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 904.419843][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 904.430715][ T7070] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 904.438266][ T7070] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 904.448571][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 904.459609][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 904.466997][ T7079] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 904.471424][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 904.474487][ T7079] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 904.485128][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 904.497332][ T7091] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 904.502122][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' 14:13:10 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000020000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006800000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:10 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r2, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 904.509084][ T7091] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 904.529864][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 904.537031][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 904.547646][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 904.563021][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 904.568650][ T7098] binder_alloc_new_buf_locked: 37 callbacks suppressed [ 904.568660][ T7098] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 904.580291][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 904.608440][ T7098] binder_alloc_new_buf_locked: 37 callbacks suppressed 14:13:10 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r2, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 904.608454][ T7098] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 904.615624][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 904.626704][ T7101] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 904.644485][ T7098] binder_transaction: 37 callbacks suppressed [ 904.644505][ T7098] binder: 7096:7098 transaction failed 29201/-28, size 24-8 line 3148 [ 904.653490][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env 14:13:10 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x400000000000000, 0x0) [ 904.658891][ T7101] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 904.666107][ T7091] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 904.677557][T27606] binder_release_work: 37 callbacks suppressed [ 904.677563][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 904.687519][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 904.689356][ T7098] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 904.695997][ T7091] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 904.705939][ T7101] binder: 7097:7101 transaction failed 29201/-28, size 24-8 line 3148 [ 904.717167][ T7098] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 904.745328][ T7098] binder: 7096:7098 transaction failed 29201/-28, size 24-8 line 3148 [ 904.753832][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 904.762945][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000030000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000006c00000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 904.770872][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 904.778313][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 904.804424][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 904.811704][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 904.833329][ T7564] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 904.840487][ T7564] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 904.867086][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 904.877730][ T7091] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 904.879810][ T7108] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 904.885123][ T7091] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 904.899471][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 904.910871][ T7108] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 904.916918][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 904.923626][ T7109] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 904.933246][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 904.943341][ T7109] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 904.948747][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 904.965516][ T7108] binder: 7105:7108 transaction failed 29201/-28, size 24-8 line 3148 [ 904.966647][ T7110] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 904.973776][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 904.986292][ T7110] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 905.000711][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 905.004541][ T7110] binder: 7104:7110 transaction failed 29201/-28, size 24-8 line 3148 [ 905.010079][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 905.023664][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 905.023762][ T7113] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 905.034251][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 905.048400][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 905.050300][ T7113] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' 14:13:10 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:10 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r2, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000007400000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000040000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 905.059015][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 905.076411][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 905.083442][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 905.094359][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 905.103602][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 905.113362][ T7120] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 905.114372][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 905.122982][ T7120] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 905.129371][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 905.141926][ T7580] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 905.157777][ T7580] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 905.169689][ T7120] binder: 7119:7120 transaction failed 29201/-28, size 24-8 line 3148 [ 905.180343][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 905.188481][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 905.190858][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 905.205350][ T7126] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 905.215750][ T7109] XFS (loop3): Invalid superblock magic number [ 905.222331][ T7113] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 905.235077][ T7113] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 905.248121][ T7126] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 905.259743][ T7126] binder: 7125:7126 transaction failed 29201/-28, size 24-8 line 3148 [ 905.261425][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 905.275445][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 905.283728][ T7113] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 905.288180][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 905.294808][ T7113] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 905.309716][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 905.317176][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 905.328109][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 905.330863][ T7113] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 905.335968][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 905.345530][ T7113] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 905.353730][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 905.364432][ T7130] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 905.370528][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 905.390710][ T7130] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 905.404449][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 905.411624][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 905.422188][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 905.429307][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 905.494860][ T7130] XFS (loop5): Invalid superblock magic number [ 905.680907][ T7109] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 905.692332][ T7109] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 905.704132][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 905.705189][ T7139] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 905.711339][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:11 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x01', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:11 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r2, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000007a00000000000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000050000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:11 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x500000000000000, 0x0) [ 905.720472][ T7139] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 905.742131][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 905.749362][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 905.822605][ T7143] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 905.843196][ T7145] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 905.850690][ T7143] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 905.860193][ T7143] binder: 7142:7143 transaction failed 29201/-28, size 24-8 line 3148 14:13:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000060000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 905.860312][ T7149] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 905.885736][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 905.896704][ T7145] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 905.910735][ T7149] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:13:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000001000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 905.925847][ T7149] binder: 7146:7149 transaction failed 29201/-28, size 24-8 line 3148 [ 905.947177][T27606] binder: undelivered TRANSACTION_ERROR: 29201 14:13:11 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) connect$pppoe(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(0xffffffffffffffff, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 906.000773][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.010762][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.070807][ T7130] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 906.078254][ T7130] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 906.093709][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 906.100905][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 906.103115][ T7152] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 906.122234][ T7152] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 906.132847][ T7152] binder: 7151:7152 transaction failed 29201/-28, size 24-8 line 3148 [ 906.143635][ T7145] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.151828][ T7145] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 906.166382][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:11 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000070000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 906.185380][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 906.211152][ T7157] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.218336][ T7157] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000002000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:11 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) connect$pppoe(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(0xffffffffffffffff, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 906.228593][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 906.239299][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.246493][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.260488][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 906.263076][ T7145] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.272597][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 906.278603][ T7145] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 906.296992][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 906.307881][ T7163] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 906.308370][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 906.326474][ T7163] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 906.329224][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.346229][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 906.356880][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 906.365444][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 906.376371][ T7157] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.384490][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 906.386504][ T7157] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.391941][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 906.412510][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 906.419827][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 906.430385][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 906.437587][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 906.448150][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.455312][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 906.467053][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 906.474263][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 906.485491][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 906.492751][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 906.503307][ T7157] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.503655][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 906.510565][ T7157] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.517893][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 906.540773][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.548011][ T7163] XFS (loop5): Invalid superblock magic number [ 906.554221][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.564752][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.570864][ T7564] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.571938][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.579001][ T7564] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' 14:13:12 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000a0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000003000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:12 executing program 2: r0 = socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) connect$pppoe(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(0xffffffffffffffff, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:12 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x600000000000000, 0x0) 14:13:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000004000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 906.652054][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.659560][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' 14:13:12 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000120000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 906.720922][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.728271][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.739604][ T7187] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.747243][ T7187] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 906.758145][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 906.784125][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 906.804326][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 906.819752][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 906.822117][ T7187] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.838107][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 906.847582][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 906.858296][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.868012][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.886327][ T7187] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 906.923592][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 906.930968][ T7197] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 906.938308][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 906.951053][ T7197] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 906.963940][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 906.971466][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 906.982151][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 906.989434][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 907.011015][ T7163] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 907.018184][ T7163] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 907.031144][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 907.033990][ T7163] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 907.038347][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 907.045712][ T7163] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 907.058706][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 907.073271][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 907.083927][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 907.091129][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 907.101591][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 907.108703][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 907.119582][ T7197] XFS (loop3): Invalid superblock magic number 14:13:12 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000480000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000005000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:12 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 907.341307][ T7580] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 907.354165][ T7580] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 907.396959][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 907.404191][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 907.414817][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 907.422140][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 907.434542][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 907.441756][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 907.442050][ T7217] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 907.461833][ T7217] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 907.530784][ T7197] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 907.539557][ T7197] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 907.557492][ T7217] XFS (loop5): Invalid superblock magic number [ 907.560982][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 907.565386][ T7197] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 907.570935][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 907.581240][ T7197] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 907.588669][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 907.605881][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 907.616507][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 907.623685][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:13 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:13 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x601000000000000, 0x0) 14:13:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000006000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000004c0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:13 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000600000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000007000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 907.781413][ T7236] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 907.788827][ T7236] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 907.843822][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 907.854597][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000680000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 907.895294][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 907.908700][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 907.923421][ T7236] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 907.925913][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 907.935316][ T7236] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 907.948138][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 907.966829][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 907.975650][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 908.000816][ T7217] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 908.016924][ T7217] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 908.027930][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 908.036708][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 908.038661][ T7243] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 908.050157][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 908.063939][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 908.064457][ T7243] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 908.101885][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 908.109559][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 908.110594][ T7217] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 908.120554][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 908.129781][ T7217] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 908.134562][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 908.155300][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 908.162781][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 908.173463][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 908.182245][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 908.193134][ T7243] XFS (loop3): Invalid superblock magic number [ 908.194229][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 908.206910][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 908.217611][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 908.224966][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' 14:13:13 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000000a000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:13 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) pipe(&(0x7f00000003c0)) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000006c0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 908.400885][ T7580] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 908.410322][ T7580] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 908.424114][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 908.431600][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 908.444679][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 908.452229][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 908.453722][ T7264] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 908.463194][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 908.471158][ T7264] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 908.477629][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 908.499043][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 908.506244][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 908.576695][ T7264] XFS (loop5): Invalid superblock magic number [ 908.650830][ T7243] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 908.658521][ T7243] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 908.672496][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 908.675105][ T7243] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 908.680127][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 908.700700][ T7243] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 908.720110][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 908.727503][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:14 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:14 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x700000000000000, 0x0) 14:13:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000012000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000740000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:14 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video35\x00', 0x2, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000020000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000007a0000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:14 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 908.901081][ T7282] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 908.919114][ T7282] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 908.980973][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 908.988149][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 909.002061][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 909.011419][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 909.026003][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 909.033211][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 909.044079][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 909.051351][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 909.081696][ T7282] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 909.090101][ T7282] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 909.141304][ T7264] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.152294][ T7264] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.165533][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 909.174929][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 909.176034][ T7282] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 909.186204][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 909.195548][ T7282] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 909.200718][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 909.201123][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 909.214907][ T7292] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 909.222178][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 909.229897][ T7292] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 909.237167][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 909.264875][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 909.275961][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 909.283326][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 909.293978][ T7264] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.294198][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 909.303957][ T7264] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.308296][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 909.308668][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.335993][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.346834][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.354112][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.373633][ T7564] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 909.381308][ T7564] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' 14:13:14 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x01', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000048000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000300000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:14 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 909.405293][ T7292] XFS (loop3): Invalid superblock magic number [ 909.435649][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 909.442936][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 909.490847][ T7580] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.500814][ T7580] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.525114][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.532515][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.536760][ T7310] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.543446][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 909.553165][ T7310] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.557616][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 909.586845][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 909.594522][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 909.606477][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 909.613780][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 909.640943][ T7310] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.648873][ T7310] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.662658][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.664549][ T7310] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.669936][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.690430][ T7310] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.710097][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.718067][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.840985][ T7580] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.850952][ T7580] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.900958][ T7292] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 909.908508][ T7292] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 909.922002][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 909.926014][ T7292] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 909.929812][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 909.938872][ T7292] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 909.948826][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 909.966518][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 909.977526][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 909.984979][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:15 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:15 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x800000000000000, 0x0) 14:13:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000500000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000004c000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:15 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:15 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) [ 910.136087][ T7320] binder_alloc_new_buf_locked: 26 callbacks suppressed [ 910.136096][ T7320] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 910.157163][ T7320] binder_alloc_new_buf_locked: 26 callbacks suppressed [ 910.157178][ T7320] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) 14:13:15 executing program 2: socket$packet(0x11, 0x0, 0x300) socket(0x10, 0x0, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 910.183093][ T7320] binder_transaction: 26 callbacks suppressed [ 910.183108][ T7320] binder: 7319:7320 transaction failed 29201/-28, size 24-8 line 3148 [ 910.203113][ T7325] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 910.213465][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 910.224954][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 910.235869][ T7325] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 910.248700][ T7325] binder: 7321:7325 transaction failed 29201/-28, size 24-8 line 3148 [ 910.255174][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 910.258451][T23633] binder_release_work: 26 callbacks suppressed [ 910.258456][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 910.264228][ T7326] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env 14:13:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000600000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000060000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 910.284898][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 910.285264][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 910.306445][ T7326] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 910.327104][ T7327] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 910.334454][ T7327] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 910.349916][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 910.355438][ T7330] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 910.367256][ T7330] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:15 executing program 2: socket$packet(0x11, 0x0, 0x300) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 910.380551][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 910.390068][ T7336] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 910.393081][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 910.406785][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 910.413239][ T7336] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 910.431965][ T7326] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 910.439565][ T7326] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 910.440773][ T7336] binder: 7335:7336 transaction failed 29201/-28, size 24-8 line 3148 [ 910.465980][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 910.470256][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000700000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 910.473861][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 910.480179][ T7326] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 910.491082][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 910.506252][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 910.518303][ T7326] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 910.528046][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env 14:13:16 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 910.537331][ T7345] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 910.549922][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 910.557713][ T7345] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 910.563597][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 910.572050][ T7350] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 910.580129][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 910.585746][ T7345] binder: 7344:7345 transaction failed 29201/-28, size 24-8 line 3148 [ 910.610080][ T7350] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 910.613332][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 910.623680][ T7350] binder: 7348:7350 transaction failed 29201/-28, size 24-8 line 3148 [ 910.632592][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 910.635696][ T7330] XFS (loop3): Invalid superblock magic number [ 910.648977][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 910.660803][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 910.669966][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 910.670913][ T7564] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 910.693795][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 910.693873][ T7350] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 910.700559][ T7564] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 910.719806][ T7350] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 910.729999][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 910.732452][ T7350] binder: 7348:7350 transaction failed 29201/-28, size 24-8 line 3148 [ 910.741728][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 910.745662][ T7327] XFS (loop5): Invalid superblock magic number [ 910.761118][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 910.762681][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 910.769631][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 910.789674][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 910.797214][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 910.811934][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 910.819494][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 910.960765][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 910.968215][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 910.979259][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 910.987014][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 911.101088][ T7330] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.108941][ T7330] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 911.122494][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.123560][ T7361] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.129664][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 911.150055][ T7361] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 911.163372][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.170536][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:16 executing program 3: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x9e, 0x0) 14:13:16 executing program 0: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900000000000000, 0x0) 14:13:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000068000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) 14:13:16 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000a00000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 911.256751][ T7367] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 911.271536][ T7327] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 911.278846][ T7327] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 911.301863][ T7367] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 911.316806][ T7367] binder: 7366:7367 transaction failed 29201/-28, size 24-8 line 3148 [ 911.316913][ T7371] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 911.330058][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 911.333838][ T7371] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 911.349481][ T7371] binder: 7369:7371 transaction failed 29201/-28, size 24-8 line 3148 [ 911.351938][ T7571] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.368660][ T7371] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 911.368738][T27606] binder: undelivered TRANSACTION_ERROR: 29201 [ 911.384829][ T7371] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 911.390388][ T7571] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:16 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) 14:13:16 executing program 5: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x280, 0x0) 14:13:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000006c000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 911.406598][ T7371] binder: 7369:7371 transaction failed 29201/-28, size 24-8 line 3148 [ 911.409212][ T7370] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 911.415417][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 911.424850][ T7370] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 911.429465][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 911.450359][T23633] binder: undelivered TRANSACTION_ERROR: 29201 14:13:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x3c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000001200000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 14:13:17 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, {0x2, @empty, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 911.469523][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 911.477774][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 911.488462][ T7378] binder_alloc: 8547: binder_alloc_buf size 32 failed, no address space [ 911.497285][ T7370] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 911.497966][ T7378] binder_alloc: allocated: 12288 (num: 516 largest: 32), free: 0 (num: 0 largest: 0) [ 911.504634][ T7370] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 911.516560][ T7378] binder: 7377:7378 transaction failed 29201/-28, size 24-8 line 3148 [ 911.525176][ T3878] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.539499][T23633] binder: undelivered TRANSACTION_ERROR: 29201 [ 911.540626][ T3878] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 911.557397][ T7370] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env 14:13:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x34, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000074000000000018000000000000000800000000000000"], 0x0, 0x0, 0x0}) [ 911.557642][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 911.571058][ T7370] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 911.572402][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 911.588497][ T7374] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.594079][ T3878] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 911.601214][ T7374] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' 14:13:17 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 911.608312][ T3878] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 911.629877][ T3878] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 911.648210][ T3878] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 911.659640][ T3878] kobject: 'loop1' (0000000097c9045e): kobject_uevent_env [ 911.675407][ T7388] kobject: 'loop5' (00000000b07f0f92): kobject_uevent_env [ 911.682874][ T7388] kobject: 'loop5' (00000000b07f0f92): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 911.687221][ T3878] kobject: 'loop1' (0000000097c9045e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 911.713968][ T3878] kobject: 'loop2' (000000002cdec75d): kobject_uevent_env [ 911.722023][ T3878] kobject: 'loop2' (000000002cdec75d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 911.735376][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 911.740788][ T7374] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.742974][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 911.750229][ T7374] kobject: 'loop3' (00000000fe948bde): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 911.820801][ T7564] kobject: 'loop0' (000000009b8f3521): kobject_uevent_env [ 911.828121][ T7564] kobject: 'loop0' (000000009b8f3521): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 911.845227][ T3878] kobject: 'loop4' (00000000715cdb6b): kobject_uevent_env [ 911.847666][ T7374] kobject: 'loop3' (00000000fe948bde): kobject_uevent_env [ 911.852460][ T3878] kobject: 'loop4' (00000000715cdb6b): fill_kobj_path: path = '/devices/virtual/block/loop4'