0, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 582.000062][ T26] audit: type=1804 audit(1556243394.667:60): pid=21463 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/710/file0" dev="sda1" ino=16675 res=1 01:49:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:54 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x3b, 0x0, @thr={&(0x7f0000000280)="b1b25cbd0abeea0a2a70a87c3139349402f1dd36ef4d68caed98fafdccebb47cdeb923f2c615703eed0ca18794b923a29e3b7490bb5907a0d50cb2a226bcd68a4d8e3a35c028ab01b6277495876c87ff76c2f5ec680f6a4e0c41f0ecb921a11d1d02e7cc557f1481ae3d3834b3a615208b0b66b1c9b3c84fe3cc95a7f316129f6d2a5c389102a9d8927f9a389f92938d330fdc46771cd003a53349b28485024d799fbca78c38c9d2206f4aeaf4e503b0b6f1fe9dbd1b087361aa6b980cb88c518a2f44f28eb4760aeaff01e0b9ea16232e1a37a43d0438194349ca1435768e04f5cc467fcec6cfe12c60092f8d895251dfb5383808652cdeefa1c60242f301287e54ac82741affc28bdc2a36afded976d4b0d30ee507988922200c3715063a483be94d7652ee12fa06ab4c9be34edbaa5b33a54fe8530f14faf020b04898a0a51c11d4fa19316b85bd30ce72031fa5f634eb7c43171037072cf9080e9a4f1f48cd7873b3ad46fc2ae1d773a95986877f229916e598187c4f36364e1e1aaaeed2df64f350076dacf92ba4c7870a0cb5203688113c681825c39b146122d077d11f5db9a631e886542d5f0bac6866c208f3be977599b1f17294ab7b105e8e63b1647a0eacb1111fb5a67a36dccafefe344113393b8934b28d0710702b4312ce5b3c8dbee9b00aeee15b757fba941db9f821c6b16963109de2ee2dd0dbe3b619b3c593139e1d16c744923983413b4d86c0697f3fd64885677ee58bac1fab507ee392e193047c1304602aa1a2b42bc87b6394aff8e4622df8c7eae8af44a5c0d61c07da20d4220b6e1bb4c89bd5c3429077049f2676000abd623eb0ea4805d040ec56a991a88702011a6278d5763948cee42239abaf62001511e9c2dcd440950e026538458cddfa0957695cd8bee3d73e4c8c0d54f5aea90e0d8205de47ee44e19603af70bdd1651319dcea0faae98e587748e153a60f4153d5616f50f7658908e025f5a564ca18c57321d1e3b0c304a4843c6fe1c07565da6f99730fded0e1109ea16c6f71cc8bde8b1f87aaa8cad5a55c8f4c690461cddbf2868fbe313f191f0671c18358f69cda70035d78bad0c9baca6ab791b15b381e3aa53da51b4df3dad74b99c33264fcfc7269e58d8dd89566a212ac193842804b1ea4736bb6eaa256805861f577b228fcdaf44bf1dfd12f1227fbbd1258dd88374d0b558e9d17b743b9f5594ca8eb1a097fed1ada21f8e4a9b7c1077ca08e8e9b8b3d83850c8c3f82161f0b87210251120f17940e78b88e70b85e98de9574300a1d515a7d88067c77e4699ee14e0fe01594cbb2d3504b0de9d8cbef2cb4d4e19d1b46d6f21e4438aea044c0540653553d7db638e2fa51eb108803bf0b8bfde29415aa582001cb6ef37663a16231c7e212d39b3e3a97e8dc9731d42a7dacdae4b1a12633e8cc7942a7c4b948f39bede8220951923b2798022113c509361c09e70f6e1b7e6dd748347a1e44786343c37beec5b4dc19701a4c281bea84d44c66178a0382d910d09fa6f1a22fd096ca433061a793232e00d3a39a784609ca5988500bea07c427d495eae3d8ba0e5b306fa4ccc9868f97caeb9d78ad38352f952d5398ee0a9a39857176c83c99540bf8b493efc62cdf38b0d408a317c618f0e94ffa19fdf7c7d8b4388eab78937f6d00a0e34cbee5ec3041ca96f37c839014e159cc435344b6fbd9218bfa40815d98b4b7d6fcff931b4d2c67131dd0daf06fb70668672740930d228f5fee76c1494be986063afe71821603d909bb8083b89611dad6f094d9798529dcca739ae145e74f12edfd8e8b36ded25bd1b9efa60dee02dc41bd8378a18aa1b1a0e247086b6d0035cf5b3040ff2f31dbecb8b68e2539d9a89deb8838c4bae9512beac9885af6a0d844a2a98b2c81dba5450280ef99d5f8971e22e83652556d19f3aa0c39ca62c1f563c10e48807ef79e50b44e8f4cbfb7688edf71062cabe5bdc575c347fc67939229c502d39727121bd818dae9b28d4e79ffb19339989622532b88fb78bb90a3124cd40d49e9a6aae44bb6a635a6d84a88d7305814748a47f80e4fe9d5d03800fc634b316e1ed7f3becb43bb47fdfe2642526139831928d96bea293cdc6111710819777ebc4e0bc5b1ff184d0f9fdec01a90238b59ef0a1c7f51ee241e6506a5f1ef6abb47adcad137c6a23f890dfabc30af0843647e55220a0972feaffa1341581abe74bb5a9cdb8cc229e60614f66ae3cae405886001fa9fcf621c57f15700bbba7086c6735ba3c6e95dbff40507d0858ae6c9dd73f9fb1e4c0abcc9e234c3e0b927747b7279ed6f3b06701670e66ba804d2dd8db557c62b186ff9c6f29082335653944e1f9cc531e5e15f471b49ceab1c2d48dbe468c7b80c7a48aa7f7cd07edaa644b668986ac6eea4ce05431518f41d37dcd170be3c94c82471b491d647ee55a0b7e7ab3e76e570bb881f05656653955255cba7a449698607dc1053f6b2b931188d19bbcafde20e01ef54cd4b616c22176f45950344545c78accc7ca07ea3664e09788930d4b373cd72b5334760723443af714287eb5c3106239c22c2b2922daf9c5fb2aabd3527da4cee1fb21aaabf42ff07c97d2b3b7b38ea2f51fd7c701ec956879e64da045a4fe6d4ee0231d7ab4f4aff4c9d386e39843e05db5419be83187100bb4555ccd83cb0c9b8e411049d3c9f1605132a8e52820fdb83711c3b043412dcbce633b3e4cffd1fffcb38201ede8c580909edf11caf69b93ebc21124dc5b8745dc00d0dbb8c6ae17f7714efa1c3dd960bd6b25d71fade9967040b7bb52c7f5d4f675c8c4916b3bd74483ed5cec6a6e39290fc3b5b3403848698f790199725edf3babf218260f08e9da16fb26bc45226b0de1d296a0a7aabe4705dad402f6059ec3fe78f0b03ad53a4c62955d4bf637d03d129e3035da342ed3343c3bd65b1ce493645b69fec4e219b480404f46732b5888c16a75f64b7ad0091bb33223efe4d128f2f2a54c8478a0e11170d94a9224592bbe42bf37f6d4cdb94f421416797f7c91dd4fe10780e4cff9785c8c6c77df056dd505e3ed6ecabddf93d2bc311f8fab2e19fecb7388824d2ee55e71f09bd72ddb78502160027ee770087f391a5a5ffb4adcfd74edba36fc10e42abf917a22c6e58de5a1778554c154257cd17163e4f0ff946ed64e1104e80d3ad104d92b934b5169374fb43dda64df77c95296215c67f58c2e21dba7b1ecd544414be61720a55bb73cc9cca0a700b6e204a58af7bbbbe1aa40bce3910bdc1fd657be41d01d01728d4b0b37cb83f29ecb57ef68ba60fbc79b79a9f8c7ca8a85487d8151231597293a0cbbe7cfda1174d02361d8281ee7f866e24a84fb984f861fddd4b9283935156e48ca30194c42a8cb57e5c9d22ab76666f57f86534a0933b062865f1d9da7fb57a06043415300eb12ab27763272f9a131378398bc50b5df7a4fc6dc219c278dd1d1a24a268d9214f5e73b076915bd7b8bcdf52fdd415f1a9d73343dba5f29dec1b085b8ce07fc3dacdc5c46a175e72c325b697c7420d312647f50ab72c44623a87986f73bd94c09c0eb144606f761ae8ca7743f963dd7286179b74b5ba1ecf6d49de928774badbef6791d977d6cfca63c82e5806ab8ae81f5dc20d3646879170781506acd278c2cc791aa7637a513873b51ec6673a2c8868c283459d6f399fb9b512cea2110241a0e4a06f3b00251332b4222baf0b9a4386ff6dfb70a831cc9db0d92f23fb9ef5560f3e0dabeb70d339e6ef905154398b54e2893dbf1a267d9f4a73b59ba821d4d7ffc38e16bf2310c46c1af35255b07813b61e19aa19afbcb1ba73ddf038c69d192bc63a6c102b51a80871e36c2c76eb395cf21dd3bc2317bbe3b05ebf49b0aae5cb199bdad36f0f71ea2b8169d9e01748a2938c415b6d3cc222648d83721f076e520a0702b1df2502263fd1f7978f8215832ebb02d34d2ea0ebe1776ae7daddfa7aa94019b56fcb9f4497b936f635c91d9b60a87ca34528a9bedfa7ae53c1cc40ed75d84c855681d75ddcf716fb524b6fdcc7ac61983068cbe8b062a30d872404feebe65a64ef92629bd2cc4ac1de5785b4a201e24656e186fe51ed351f160964d0581d772b674c70a87e123fe0bc9b5ad1f35b0e7b0298a7e9996b48907d2540d2d815e4ced79f3439e9ff324451765baf15d6c07032b6b08f2a96f0f46cfe7b4ad4a19b9899362ad663c2967431289af67658be0061813535ab7277305703a0b8b8903f7f328a8613dc159260ddecb10e300a74b452248a77ef609699e79241fb1af7b371f6804f3b5cef538fd017ac6bc0cc20c42abc421d4be139d1b9dee18834a44c5daa05eb7f3dde4c80d984b52dbe84e60b525be6a79f249ab5b91096e35fcbc0da16084e5f55a7e9bc84e81436f72c0590e8900870cd50b4abbbef5a2121271cd8b31832422ca9c680800e3ca072a1a178335cdb402e5941049dcebe168e1ad8b210baa9b5575899c008366726de8f64febcd7c486ae2ae5b7a38915747957d660b3764ec6af01a67518e6e8c41875841d6e905446088b103485f15afb1f50d7e584656bd3bbd9a18a38f3fee9454449cc6436e6040586bd34698837d90422442ed39b6825c5fdc6b1bbabe52af678ab65fcd2d4f9c878beb435b4eb759c47ca98c51690a46b42b54712fb486015c410632ea73bc2184c28192ce94272a52cdd4b16d3c5b400b70db0bcf33ad4a507616f7565e99bdefd28fc2bbe4fcec89958551bc446122909fd7acc02b22a6fa1262e17d92bb2edd81908c4f33a1e3dfadee4b6ebb74842c4e8432ed17389dc23fa6907530413ba9791a15e7a89e5e18c561043d2a173fa644f77cdba691ebf0bbd1ddab978895c06ab5b8c4823dcff2b15bb809435a17dc52637031265dc21dbf006c87f5efe28530e2d991de4d3ab72da73b0d12c2713524def8c0aa6fdfd01962dc60a64bcc1f1f9b8939cc45707bc70b018d5de641645677ad0c35a2b35139d46c77b8401910d8d44d7fc7ebe3fda478205300cbdf9fabc0f2a9064004c5db7fc4e75a6bb3b5b3622468d451d01b05ca999597d9e85aec15941c7e0b9cb642d3ecd4b08712778e765b35dacf364e58794fafb78c6b1715e05e9dccd7fd93d4eaa79a53c3572c0a2e50c0efecd2123131cae661487a14068e91f715efaeb5dbf08a1f90902297c95a121105aa72e2981a46ff2d341f207176b2513a74769c798a96c2a7a409894190987649ec8e980e6d4252819cd3046c33043a07e1b0804bcfd4b880503f13270e2275e3487033db3a31ffac28aa8eed38e3cd5bd57744ceb0ed08b115b815556eabd4a213517d5b3a7e770c0bb145ab102eefac3a3e66bbb2d88dd5b8c8ffbfd0a03e538d4830b7351bd154134033783a62bbfc19634c4f8b6135a7614490a2f4201858c835123423c62ba486294dde56e1545778b614b7dc1df805d832543e32ae279a0e4db109300d93571ce6eee29a3109887a26c0f4b8367cef5413f6f2693b9d4526ac7a4d513c10a4aa7772807b5e0556f1391318641c4e9292dd3c95a94d362e30427c8a9d5db66ad09b9372c52955ce400af8f99f60a588eb13f1a03432974e270e0c21cb36db23da349960fe60c3a8e0d6a10aefdad51db06a64a4e88237dbfbc15e6e972e903d148c7d9759fb39ae710aafea7bbf6230e7c213a8f3209c6ba9ee3cb5c2fe071ff0cbfd1cc24a52769e040d5f28e6160fa1dc2c0b63e4a12d6c3cefb263bc1be7fd952b633011d69c25aaf73123bd11b146a8712651cc3", &(0x7f0000000000)="090e38a88740828a6696f9bb4ca8828985e8500947c67609538e95790bda9d7e48d1fb9696bde473c88cbdb3ee3ca4d5f779565a7c5e3702dbfc32019f8f57c67db39250b4738cef3bfc7f51231dd59ec77fa1248868c58502ae4a4e42257271c4eeda1f9a4188afdc95239b"}}, &(0x7f00000000c0)=0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timer_settime(r1, 0x1, &(0x7f0000000140)={{r2, r3+30000000}}, 0x0) 01:49:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', 0x0, 0xffffffff, 0x3, &(0x7f0000000280)=[{&(0x7f0000000180), 0x0, 0x59}, {&(0x7f00000001c0)="cafbf33d4d3b54132ff73727d38e1305827143e07fca704fabc576996b80c1ca6168dc37793e80e33a671c737aababada9b3c887db27aa0b2c72c0f1bd86d2adc4ca2f24c0b25a9b3aefde45959fe12abf", 0x51, 0xffff}, {&(0x7f0000000240), 0x0, 0x400}], 0x1, &(0x7f0000000300)={[{@grpquota='grpquota'}, {@nodiscard='nodiscard'}, {@integrity='integrity'}, {@resize='resize'}], [{@permit_directio='permit_directio'}]}) [ 582.188470][T21463] EXT4-fs: 2 callbacks suppressed [ 582.188558][T21463] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:49:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 582.257874][T21483] binder: BINDER_SET_CONTEXT_MGR already set [ 582.297187][T21483] binder: 21479:21483 ioctl 40046207 0 returned -16 01:49:55 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:49:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xec0f0000000000, 0x0, 0x0) 01:49:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000180), 0x0, 0x59}, {&(0x7f00000001c0)="cafbf33d4d3b54132ff73727d38e1305827143e07fca704fabc576996b80c1ca6168dc37793e80e33a671c737aababada9b3c887db27aa0b2c72c0f1bd86d2adc4ca2f24c0b25a9b3aefde45959fe12abf", 0x51, 0xffff}, {&(0x7f0000000240), 0x0, 0x400}], 0x1, &(0x7f0000000300)={[{@grpquota='grpquota'}, {@nodiscard='nodiscard'}, {@integrity='integrity'}, {@resize='resize'}], [{@permit_directio='permit_directio'}]}) 01:49:55 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xffffffffffff7fff, 0x201) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x7c, &(0x7f0000000040)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, @in={0x2, 0x4e22, @loopback}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e23, @remote}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xd}}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6={0xa, 0x4e21, 0xff, @rand_addr="a1a1f2806708b8f51c0834999b03dfbd", 0x5}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={r1, 0xdc, &(0x7f0000000280)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, @in={0x2, 0x4e22}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, @in6={0xa, 0x4e24, 0x1f, @local, 0x3}, @in6={0xa, 0x4e20, 0x8177, @rand_addr="fb55e0ad92b247c3ac44ad7936e4bc59", 0x68}, @in={0x2, 0x4e22, @multicast2}, @in6={0xa, 0x4e21, 0x5, @rand_addr="b7bef1478defac45a1a307d0dd86a072", 0xfffffffffffff800}, @in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e22, 0x8, @dev={0xfe, 0x80, [], 0xb}}, @in6={0xa, 0x4e24, 0x7fff, @empty, 0x7}]}, &(0x7f0000000380)=0x10) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000003c0)) r3 = geteuid() mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x40, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_user='access=user'}, {@aname={'aname', 0x3d, '/dev/adsp#\x00'}}], [{@euid_eq={'euid', 0x3d, r3}}, {@appraise='appraise'}]}}) 01:49:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 582.395328][T21490] binder_transaction: 62 callbacks suppressed [ 582.395345][T21490] binder: 21489:21490 transaction failed 29189/-22, size 64-16 line 2995 [ 582.443809][ T26] audit: type=1804 audit(1556243395.107:61): pid=21492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/711/file0" dev="sda1" ino=16715 res=1 [ 582.478705][T21499] jfs: Unrecognized mount option "permit_directio" or missing value [ 582.480459][T21495] binder_fixup_parent: 32 callbacks suppressed 01:49:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 582.480468][T21495] binder: 21493:21495 got transaction with invalid parent offset or type [ 582.528993][T21492] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:49:55 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000001280)={0x4, 0xf, 0x4, 0xfffffffffffffffc, {0x0, 0x2710}, {0x3, 0x2, 0xfe, 0x3, 0xffffffffffffdc40, 0xffff, "f8a5b8d7"}, 0xfffffffffffffffd, 0x7, @fd=r1, 0xfc000000}) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, &(0x7f0000000080)=0xffff) preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) ioctl$TIOCSSERIAL(r0, 0x541f, &(0x7f0000000100)={0x1, 0x7, 0x3, 0x1, 0x6, 0x0, 0x7eb, 0x3f, 0x2, 0x1000, 0x0, 0x3, 0x2360, 0xad, &(0x7f0000000280)=""/4096, 0x9, 0x3f1f, 0xce6}) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f0000000040)={0x1, 0x0, {0x235b, 0xfffffffffffffff9, 0x3, 0x7fff}}) timer_create(0x3, &(0x7f0000001300)={0x0, 0x38, 0x1, @thr={&(0x7f00000000c0)="f405869c61bf8c3d2c834e9e32b7922436757750f87c2f8b016e51fb52e34ceb4b5ae95d6111b12aa57c4a9537003625e453", &(0x7f00000013c0)="ec2be77212360f28d745535f81b72cdec41fce8a053e190f2da8399681b41508ef556a87b2f0e31d90bb64c07f2d82d13bc3c596d70da568290270eb15c408525f5f1b7e6ec6fb7c64b706f62c59155828faf7f3968d82ba2826bf6771d412ee9b143ad7518bc02b06f00bd45cf99a988dae59c110f26d6ab7e65842bf7c223f9d3b6a0298a81a061f2f9a49b3458831dd05408f13889d452364ec2692e3ff2e8f2d5a645413228a0435333c657f3e055e247c19879c6857127ca7a2d75a4cb9ec6d6d684cc0c21193f54af7cd785a4f7630c39223d8ca3ebdcfe545f7cedb777fa8859f55be80d72b5d4afb7dedfbbb85b7dffe"}}, &(0x7f0000001340)=0x0) clock_gettime(0x0, &(0x7f00000014c0)={0x0, 0x0}) timer_settime(r3, 0x1, &(0x7f0000001500)={{0x0, 0x989680}, {r4, r5+10000000}}, &(0x7f0000001540)) [ 582.550795][T21506] binder: 21504:21506 got transaction with invalid parent offset or type 01:49:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300)={[{@grpquota='grpquota'}, {@nodiscard='nodiscard'}, {@integrity='integrity'}, {@resize='resize'}], [{@permit_directio='permit_directio'}]}) [ 582.593898][T21495] binder: 21493:21495 transaction failed 29201/-22, size 64-16 line 3389 01:49:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x100000000000000, 0x0, 0x0) [ 582.636278][ T8032] binder_release_work: 62 callbacks suppressed [ 582.636285][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 582.636430][T21506] binder: 21504:21506 transaction failed 29201/-22, size 64-16 line 3389 [ 582.645836][T21495] binder: BINDER_SET_CONTEXT_MGR already set 01:49:55 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:49:55 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0xffffffffffffff58}], 0x1179, 0x1000000000053) gettid() fcntl$getown(r0, 0x9) unlink(&(0x7f0000000100)='./file0\x00') fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) r2 = syz_open_procfs(r1, &(0x7f0000000040)='net/wireles{\x00') preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @multicast2}}}, {{@in6}, 0x0, @in6=@mcast2}}, &(0x7f00000000c0)=0xe8) fadvise64(r2, 0x30, 0x68173b27, 0x3) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f0000000340)={{0x5, 0x2, 0x5, 0x9, '\x00', 0x81}, 0x0, [0x1f, 0x8, 0xfffffffffffffff7, 0x4, 0x1b, 0x7, 0x1, 0xffffffffffffffc0, 0xff, 0x7fff, 0xfffffffffffffeff, 0x2, 0x9c, 0x9, 0x5, 0x6, 0x9, 0x7fff, 0x7, 0x1, 0x80000000, 0x7ff, 0x0, 0xfffffffffffffff8, 0x4, 0x1, 0x4, 0xc43, 0x0, 0x0, 0xfff, 0xfffffffffffffeff, 0xfe0000000000000, 0x2, 0x5dba0, 0x1911fab2, 0x2, 0x80000001, 0x6, 0x3, 0x80000001, 0x2, 0x2, 0xfffffffffffeffff, 0x100000000, 0x1, 0x0, 0xcf8d, 0xff, 0x0, 0x6, 0x3, 0x7f, 0x96, 0x4, 0x0, 0x80, 0x80000001, 0x40, 0x5, 0x0, 0x54, 0x200, 0xa27, 0xfff, 0x80000000, 0x8000, 0x20, 0x7ff, 0x2, 0x0, 0xffff, 0x5, 0x5, 0x765c5940, 0x2, 0x3, 0x5, 0x9, 0x6, 0xfc, 0x8000, 0x8, 0x5, 0x1000, 0x4, 0xe3, 0xffffffffffffffff, 0x2, 0x4, 0xfffffffffffffe48, 0x8, 0xfffffffffffffffa, 0x4, 0x7ff, 0x5, 0x1, 0x7, 0x8, 0xce, 0x3, 0x62, 0x2, 0x9, 0x9, 0x9, 0x6, 0x20, 0x6, 0x2, 0xb080, 0x800, 0xfffffffffffffffc, 0x3f82, 0x9, 0x6, 0x1, 0x1000000000000000, 0x853, 0x0, 0x3ff, 0x7, 0x8001, 0xad1, 0x44c1, 0x2, 0x2, 0x2], {0x77359400}}) [ 582.697377][T21511] JFS: Cannot determine volume size 01:49:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 582.730724][T21511] jfs: Unrecognized mount option "permit_directio" or missing value [ 582.758277][T21509] binder: 21493:21509 transaction failed 29189/-22, size 64-16 line 2995 [ 582.758323][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 582.809412][T21495] binder: 21493:21495 ioctl 40046207 0 returned -16 [ 582.810886][T21519] binder: 21518:21519 transaction failed 29189/-22, size 64-16 line 2995 [ 582.826353][ T5] binder: undelivered TRANSACTION_ERROR: 29189 01:49:55 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x400000, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') chdir(&(0x7f0000000040)='./file0\x00') 01:49:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@grpquota='grpquota'}, {@nodiscard='nodiscard'}, {@integrity='integrity'}, {@resize='resize'}], [{@permit_directio='permit_directio'}]}) 01:49:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 582.928237][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 582.974243][ T26] audit: type=1804 audit(1556243395.647:62): pid=21528 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/712/file0" dev="sda1" ino=16727 res=1 [ 582.991848][T21527] JFS: Cannot determine volume size 01:49:55 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x100000001, 0x447327b881534ef9) getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', 0x0, 0x10}, 0x10) syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0xffffffffffffffe8}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') 01:49:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x100004000000000, 0x0, 0x0) [ 583.025123][T21530] binder: 21526:21530 got transaction with invalid parent offset or type [ 583.035792][T21530] binder: 21526:21530 transaction failed 29201/-22, size 64-16 line 3389 [ 583.044958][T21527] jfs: Unrecognized mount option "permit_directio" or missing value [ 583.058268][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 583.068394][T21530] binder: BINDER_SET_CONTEXT_MGR already set [ 583.101277][T21533] binder: 21526:21533 transaction failed 29189/-22, size 64-16 line 2995 [ 583.111713][T21539] binder: 21534:21539 transaction failed 29189/-22, size 64-16 line 2995 [ 583.131867][T21530] binder: 21526:21530 ioctl 40046207 0 returned -16 [ 583.141172][ T5] binder: undelivered TRANSACTION_ERROR: 29189 01:49:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 583.162705][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:49:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@grpquota='grpquota'}, {@nodiscard='nodiscard'}, {@integrity='integrity'}, {@resize='resize'}], [{@permit_directio='permit_directio'}]}) 01:49:55 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 583.275155][T21546] binder: 21543:21546 got transaction with invalid parent offset or type [ 583.306967][T21549] JFS: Cannot determine volume size [ 583.338628][T21546] binder: 21543:21546 transaction failed 29201/-22, size 64-16 line 3389 [ 583.351702][T21549] jfs: Unrecognized mount option "permit_directio" or missing value [ 583.370599][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 583.379112][T21552] binder: BINDER_SET_CONTEXT_MGR already set [ 583.399398][T21553] binder: 21543:21553 got transaction with invalid parent offset or type [ 583.429460][T21552] binder: 21543:21552 ioctl 40046207 0 returned -16 [ 583.452298][T21553] binder: 21543:21553 transaction failed 29201/-22, size 64-16 line 3389 [ 583.465442][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:49:56 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:49:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x100008000000000, 0x0, 0x0) 01:49:56 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) syz_open_procfs(r1, &(0x7f0000000040)='net/ip6_tables_names\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:49:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 01:49:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 583.704095][T21560] binder: 21558:21560 got transaction with invalid parent offset or type [ 583.708109][T21562] binder: 21561:21562 got transaction with invalid parent offset or type [ 583.739498][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:49:56 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x400, 0x0) perf_event_open(0x0, 0x0, 0x6, r0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00') getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e23, @empty}}, [0x10000, 0x76d, 0x9, 0x5, 0x100000001, 0x6480000, 0x5, 0x7e1, 0x9, 0x81, 0x0, 0x8e1, 0x6, 0x2, 0x8]}, &(0x7f0000000680)=0x100) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000600)={r2, 0x1, 0x30, 0x20, 0x6}, &(0x7f0000000640)=0x18) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r1, 0x300, 0x70bd2a, 0x25dfdbff, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f00000002c0)=0xc) getsockopt$bt_l2cap_L2CAP_CONNINFO(r3, 0x6, 0x2, &(0x7f0000000440), &(0x7f0000000480)=0x6) perf_event_open(&(0x7f0000000100)={0x4, 0x70, 0x0, 0x3a6, 0x9, 0x2, 0x0, 0x8, 0x4, 0x2, 0xea5, 0x3, 0x3, 0x7fff, 0x5, 0x2, 0x1, 0x401, 0x8, 0x2b, 0x6, 0x3ff, 0x5, 0x101, 0x9, 0x4, 0xfff, 0x1c2, 0x7fff00000, 0x0, 0x20, 0x9, 0x2, 0x9, 0x61b0, 0x100000001, 0x1ff, 0xe400, 0x0, 0x7fffffff, 0x0, @perf_bp={&(0x7f00000000c0), 0x1}, 0x20000, 0x5, 0x7, 0x5, 0x8000, 0x446f, 0x1}, r4, 0x8, r0, 0xa) connect$unix(r3, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e) preadv(r3, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 583.750972][T21566] binder: 21558:21566 got transaction with invalid parent offset or type 01:49:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 583.810203][ T26] audit: type=1804 audit(1556243396.477:63): pid=21567 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/713/file0" dev="sda1" ino=16736 res=1 01:49:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 583.950637][T21577] binder: 21576:21577 got transaction with invalid parent offset or type 01:49:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_mount_image$jfs(&(0x7f00000000c0)='jfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 01:49:56 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000040)) getpgrp(0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40, 0x0) r1 = dup2(r0, r0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0) r2 = getpgrp(0x0) r3 = syz_open_procfs(r2, &(0x7f0000000080)='\x00'/13) preadv(r3, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 583.995957][T21579] binder: 21578:21579 got transaction with invalid parent offset or type [ 584.082429][T21579] binder: transaction release 2081 bad handle 2, ret = -22 01:49:56 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:49:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x10000c000000000, 0x0, 0x0) 01:49:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:56 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 584.260102][ T26] audit: type=1804 audit(1556243396.927:64): pid=21594 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/714/file0" dev="sda1" ino=16721 res=1 01:49:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 584.379660][ T26] audit: type=1804 audit(1556243397.047:65): pid=21601 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/672/file0" dev="sda1" ino=16736 res=1 01:49:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:49:57 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:49:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 584.705563][ T26] audit: type=1804 audit(1556243397.377:66): pid=21615 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/715/file0" dev="sda1" ino=16726 res=1 [ 584.746840][T21615] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:00 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r0, &(0x7f0000000480), 0x0, 0x0) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000000)={0x0, 0xdf, "04990e8b9e1c5d686a77c97d07b1dbd58fd91b9d384a6102eb69918d544993330b23c9ab2f59362717c79fa2ff11ca40fdc89f5c50810f6944c4330b0bf7d7c2f273c140e006bb00a4d9ccd2d866d34f00e2847f0c57b1dc312bcaabb8b3fd5fd7db895451eaeb367b121d884098ea6aa28638b2ffe43fd8a430ff067dd22b1f2b23bc22ad5aa1af9f1dfb95a012eb74dec0a02393126f8902efec2d9dcd64df93c353a691115a20f923a30234c3d29e392ba09ebec242ecb5641d687e444d7ce84bf9e984e51a9479b886747df5a24d8fbe92cbbecd04ea9e13ddaf6ffa8f"}, &(0x7f0000000100)=0xe7) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/net/pfkey\x00', 0x101, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYBLOB="07008300a3a2f9fe50ddd3740892f1ce492d22009ed8489856fe13bf21069f9bd2f0361c622e2968dbef8f9cb6c4e9721bcf594ee524f508f6ca2645a9e124e2d09aee1dad08bc4474fda8550fa21374a0091de4ed48ccf76041bd9aba82f5925cc6313c06ac5fa472012dd0b937032d5f3236628318a1c985dcd75148cf833704ff1d9a88"], 0x8b) 01:50:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x101000000000000, 0x0, 0x0) 01:50:00 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:00 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 587.582704][T21628] binder_transaction: 17 callbacks suppressed [ 587.582720][T21628] binder: 21627:21628 transaction failed 29189/-22, size 64-16 line 2995 [ 587.601005][T21631] binder_fixup_parent: 10 callbacks suppressed [ 587.601015][T21631] binder: 21624:21631 got transaction with invalid parent offset or type [ 587.604070][ T26] audit: type=1804 audit(1556243400.277:67): pid=21625 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/673/file0" dev="sda1" ino=16735 res=1 [ 587.639671][T21631] binder: 21624:21631 transaction failed 29201/-22, size 64-16 line 3389 [ 587.656621][ T26] audit: type=1804 audit(1556243400.317:68): pid=21630 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/716/file0" dev="sda1" ino=16772 res=1 01:50:00 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_wait(r0, &(0x7f0000000040)=[{}, {}], 0x2, 0x5) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000140)=0x0) r3 = syz_open_procfs(r2, &(0x7f0000000240)='net/wireless\x00') preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000280)=""/104, 0x1c7}, {&(0x7f00000000c0)=""/58, 0x3a}], 0x2, 0x0) ioctl$EVIOCSABS0(r3, 0x401845c0, &(0x7f0000000080)={0x100000000, 0x0, 0x8, 0x4, 0xda, 0x2}) [ 587.658407][ T8032] binder_release_work: 16 callbacks suppressed [ 587.658414][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 [ 587.680650][T21630] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 587.712532][T21638] binder: BINDER_SET_CONTEXT_MGR already set [ 587.718562][T21638] binder: 21624:21638 ioctl 40046207 0 returned -16 01:50:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 587.741874][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:00 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="18934d0ee090eda4223fdfe76244a6cdbef526b223107587862acc0e573f6797ad6773b9ad4eec5edb1e20ea13bdaeb08d24bb4f909a7a87591f861f0dd453468ecb7c90b7cdfbe21fd037b8ac0a736de607cd9807eb862c16d4ac77293a83261000197560531b34c401f9ca12e24d478a09197476c4206cd2b6124bd775d1901f8bbb75edc9a3c10b89d1495d9ba8ba796392337b1ca5271251e48bf854fe80bce099253c497e9ef5", 0xa9, 0xfffffffffffffffb) r2 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)="6878f89978a9c7a6779aa6419fbf7713106aaff168aec88b7e22979b009b6910427fa0a764dd59a3fc", 0x29, 0xfffffffffffffffc) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000140)='rxrpc\x00', &(0x7f0000000340)=@chain={'key_or_keyring:', r2, ':chain\x00'}) preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000380)={0xf, 0xffffffffffff2c92, 0x0, 0x80000, 0xffffffffffffff9c}) 01:50:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1ec0f0000000000, 0x0, 0x0) [ 587.835131][T21646] binder: 21645:21646 got transaction with invalid parent offset or type 01:50:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:00 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 587.899404][T21646] binder: 21645:21646 transaction failed 29201/-22, size 64-16 line 3389 01:50:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 587.989796][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 588.007352][T21654] binder: 21652:21654 got transaction with invalid parent offset or type 01:50:00 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:00 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 588.017675][ T26] audit: type=1804 audit(1556243400.687:69): pid=21655 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/717/file0" dev="sda1" ino=16772 res=1 [ 588.046189][T21654] binder: 21652:21654 transaction failed 29201/-22, size 64-16 line 3389 [ 588.072413][T21655] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 588.103860][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 588.114593][T21662] binder: 21661:21662 got transaction with invalid parent offset or type [ 588.123732][T21664] binder: BINDER_SET_CONTEXT_MGR already set [ 588.131164][T21665] binder: 21652:21665 got transaction with invalid parent offset or type 01:50:00 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') r1 = epoll_create(0x8001) preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000280)={{{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000140)=0xe8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='9p\x00', 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c0066646e6f3deb55b9cf40fb19d579d16b8186", @ANYRESHEX=r1, @ANYBLOB=',version=9p2000.L,dfltuid=', @ANYRESHEX=r2, @ANYBLOB=',version=9p2000,euid>', @ANYRESDEC=r3, @ANYBLOB=',pcr=00000000000000000050,seclabel,smackfsroot=net/wireless\x00,\x00']) [ 588.163879][T21662] binder: 21661:21662 transaction failed 29201/-22, size 64-16 line 3389 [ 588.173828][T21664] binder: 21652:21664 ioctl 40046207 0 returned -16 01:50:00 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 588.209454][T21665] binder: 21652:21665 transaction failed 29201/-22, size 64-16 line 3389 [ 588.221051][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 588.244511][ T26] audit: type=1804 audit(1556243400.917:70): pid=21667 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/674/file0" dev="sda1" ino=16545 res=1 [ 588.247310][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:01 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x8000, 0x0) getsockname$inet(r0, &(0x7f0000000040)={0x2, 0x0, @initdev}, &(0x7f00000000c0)=0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = getpid() r2 = syz_open_procfs(r1, &(0x7f0000000080)='net/wireless\x00') preadv(r2, &(0x7f0000000000), 0x0, 0x4d) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000100)={r0, 0x0, 0x9, 0xffff, 0x81}) [ 588.360319][T21674] binder: BINDER_SET_CONTEXT_MGR already set [ 588.384676][T21675] binder_alloc: 21652: binder_alloc_buf, no vma [ 588.391098][T21674] binder: 21672:21674 ioctl 40046207 0 returned -16 [ 588.443750][T21676] binder: 21672:21676 transaction failed 29189/-22, size 64-16 line 2995 [ 588.457486][T21675] binder: 21673:21675 transaction failed 29189/-3, size 64-16 line 3148 01:50:01 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 588.509300][T21676] binder: 21672:21676 got transaction with invalid parent offset or type [ 588.520140][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 [ 588.532319][T21676] binder: 21672:21676 transaction failed 29201/-22, size 64-16 line 3389 [ 588.538120][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x200000000000000, 0x0, 0x0) 01:50:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 588.599076][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 588.665776][ T26] audit: type=1804 audit(1556243401.337:71): pid=21679 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/718/file0" dev="sda1" ino=16757 res=1 [ 588.680091][T21682] binder: 21678:21682 transaction failed 29189/-22, size 64-16 line 2995 [ 588.710203][T21679] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 588.744906][T21691] binder: 21688:21691 got transaction with invalid parent offset or type [ 588.779627][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:01 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) preadv(r0, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 588.796720][T21694] binder: BINDER_SET_CONTEXT_MGR already set 01:50:01 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 588.851991][T21694] binder: 21688:21694 ioctl 40046207 0 returned -16 [ 588.861691][T21681] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 588.880286][T21695] binder: 21688:21695 got transaction with invalid parent offset or type [ 588.915237][T21699] binder: 21696:21699 got transaction with invalid parent offset or type 01:50:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x2800, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:01 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x300000000000000, 0x0, 0x0) 01:50:01 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') accept4$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14, 0x80000) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@loopback, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@local}}, &(0x7f0000000280)=0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@remote, 0x4e20, 0x7, 0x4e21, 0x4c21, 0xa, 0x0, 0xa0, 0x3b, r1, r2}, {0x5, 0x100000001, 0x1f, 0x80000000, 0xfffffffffffffffc, 0xfb4, 0xffff, 0x9}, {0x7f, 0xb574acf, 0x6a3f, 0xffffffffffffffff}, 0x9, 0x6e6bb5, 0x2, 0x1, 0x3, 0x1}, {{@in=@multicast1, 0x4d3, 0x7c}, 0xa, @in=@remote, 0x0, 0x0, 0x1, 0x81, 0x5, 0x0, 0x1}}, 0xe8) preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 589.060232][T21707] binder: 21706:21707 got transaction with invalid parent offset or type 01:50:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 589.117838][T21705] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 589.131214][T21716] binder_alloc: 21706: binder_alloc_buf, no vma [ 589.135343][T21707] binder: BINDER_SET_CONTEXT_MGR already set [ 589.157590][T21707] binder: 21706:21707 ioctl 40046207 0 returned -16 01:50:01 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x80000000000000) getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, r0, 0x0, 0xa, &(0x7f0000000000)='-userbdev\x00', 0xffffffffffffffff}, 0x9) r2 = syz_open_procfs(r1, &(0x7f0000000080)) prctl$PR_GET_TIMERSLACK(0x1e) preadv(r0, &(0x7f0000000080), 0x0, 0x6) r3 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio\x00', 0x80, 0x0) ioctl$VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f00000000c0)={0x0, 0xc, 0x4, 0x200000, {0x0, 0x7530}, {0x1, 0xb, 0x5, 0x3ff, 0xdb3fa1c, 0x6, "24f90355"}, 0x101, 0x1, @userptr=0x4d, 0x4}) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140)={0x0, 0x4}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f00000002c0)={r4, @in6={{0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}}, 0x84) [ 589.187094][ T26] audit: type=1804 audit(1556243401.857:72): pid=21717 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/719/file0" dev="sda1" ino=16782 res=1 01:50:01 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:02 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 589.336908][ T26] audit: type=1804 audit(1556243402.007:73): pid=21725 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/720/file0" dev="sda1" ino=16772 res=1 01:50:02 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='ldg\x8f]\r\x18d\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x400000000000000, 0x0, 0x0) 01:50:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 589.421944][T21733] binder: BINDER_SET_CONTEXT_MGR already set [ 589.427987][T21733] binder: 21726:21733 ioctl 40046207 0 returned -16 [ 589.436430][T21725] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:02 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = accept4(0xffffffffffffff9c, &(0x7f0000000000)=@ethernet={0x0, @remote}, &(0x7f0000000080)=0x80, 0x80800) sendto$llc(r0, &(0x7f00000000c0)="9853f14a78e39d99c57eb6b7a5232c44d74f2815667757e646a398c774c6ff61b3cf6f154a4fd178f2af1fff29ff3b0c7ff5c64358a1fc8bded414d57c9eeb7d4db08f95e1222cdf3f33299e470984c231a5b9", 0x53, 0x0, &(0x7f0000000140)={0x1a, 0x321, 0xfff, 0x1ff, 0x3f, 0x5247, @dev={[], 0x1e}}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 589.497906][T21735] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:02 executing program 1: io_setup(0x4, &(0x7f0000000080)=0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0xc9, 0x240040) r3 = openat$cgroup_subtree(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ptmx\x00', 0x2200, 0x0) r6 = syz_open_dev$vbi(&(0x7f0000000500)='/dev/vbi#\x00', 0x1, 0x2) r7 = openat$random(0xffffffffffffff9c, &(0x7f0000000580)='/dev/urandom\x00', 0x101000, 0x0) r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000740)={&(0x7f0000000700)='./file0\x00', 0x0, 0x18}, 0x10) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000800)='/dev/hwrng\x00', 0x121000, 0x0) r10 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000880)='/dev/dlm-control\x00', 0x400, 0x0) r11 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/qat_adf_ctl\x00', 0x4000, 0x0) r12 = syz_open_dev$sndtimer(&(0x7f0000000cc0)='/dev/snd/timer\x00', 0x0, 0x101000) r13 = syz_open_dev$cec(&(0x7f0000000980)='/dev/cec#\x00', 0x3, 0x2) r14 = socket$inet_dccp(0x2, 0x6, 0x0) r15 = syz_open_dev$sg(&(0x7f0000000a80)='/dev/sg#\x00', 0x86de, 0x8000) r16 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) r17 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/ubi_ctrl\x00', 0x100, 0x0) io_submit(r0, 0xa, &(0x7f0000000c40)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x7, r1, &(0x7f00000000c0)="f192ec2df93268387893eac309b89eec629ccbf114d7cb076df67d85e58b032b09ea07e070ae2de10889f8ea1b3ae4260014f320caa4dce9522a9e0c2847583ad8c06e89dee2e6776dd8f7fb80b4f1c9dfdd4c56d654cba455a241d04cc4e784d07e8870c32c8bfdc290b01ef973bafe9380d284a3e83ddae0274e3d47a68ded70570d2e2e3f5377eb2700a8551a171678d2fecbf1a88be317cc33531fd4896704909f80493b984ffc5f5055e7710f4617cf122eb97e8fa579", 0xb9, 0x80000000, 0x0, 0x0, r2}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x2, 0x0, r3, &(0x7f0000000300)="e566e4", 0x3, 0x7f, 0x0, 0x3, r4}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0xf, 0x3, r5, &(0x7f0000000400)="2b01f6f2cf0857c2ff75eede6d5f88199b9eb83e0cb97ea2ed45021d69d61d9f0d61c59404b027160ce6f1b1d679345c6c3272c643add4d751431454e2bcf16cf5da243e0f60686e184def79e33120eed5886d22882075eb6718283bb0b2a0df88020db7bbd73c42d000de4d3e7c7626337f9e1c5e70b7755ddd9f057e078202498103af696a8a316fdeb472dadf58802281faa1f20ed6597affe6c20ad3244ca24f5e5bdb73d989e9e3b805252ae662f4b0f0f3bb1e13445238e8089dcab94b571d27d2b761eff6f672540486b06008ce54001d5934cc0f5f41243b29aa6430f5ed337a83acef2c1963a9a81d78", 0xee, 0x1000, 0x0, 0x0, r6}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x7, 0xfffffffffffffffc, r7, &(0x7f00000005c0)="a1f125e407f48c0185f08bf0a73e9d727a788043deac691735ec26070e154df6421344061859e94e0d1f1f76eb10b3a54a9fc9661bdf5c50b36ef1db652769184b6f4e89fc1d5becbb19d9f0c252488935690b31bd042502dc3fecb04965f29397aacbaee2c4c5ac556d22b4348fe53d4e04cb33316aaad4aac4d39645eb333ae812a1330b40709d70089f1cf4b49f868ea8de1de8249debfb7289eaf6eb494bcae7b818220b7c1051e60b4acb080933f1120f44e174ecb596ed9f76f2b03abbf18e773faeed548310b05eb6c610647103df3d19bfb4e1a28132945ad3bf6e20a400d0b1f12fd04e3c269a1f6b9bf027a6f5", 0xf2}, &(0x7f0000000840)={0x0, 0x0, 0x0, 0xf, 0x8000, r8, &(0x7f0000000780)="982ae833864cb148bfa1ea226b66fcc45edd77661218fb4a70c126ca5e1cc849bde13a2e0ee6053ede70e8ce3530c0da4ae53c686a7ce30556b7912ece0bc72c23ae0e4f26db42a1eaa0b2454d1519aaa4", 0x51, 0x8, 0x0, 0x0, r9}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x5, 0x1, r10, &(0x7f00000013c0)="d51572f5c1075998d63dca837496a1b2c2858d9ae896656188f2378566a9662978c1a94eefaf4a5f7c6eb8e06ea3265c1ac4ec616d2bb289ccac0432315958b91e3acb7dde24dcca8805ef2482f2b6ae3248aa8ee389b61659b6b130d78b1226ba046bf82d2e033921f1a52de52321e5b7e6da5f29ee1e3a13d7ee98530e0f281917afaa01306a02a833d48d02bb49f4104c466afcd39050fea7723f082f6808e567e6d4cb75d54d9072c77a3c2e5e5e627686376961f43bf7ffcb2cc7ef4f0127d1b2ff2fed31f46c01d491475fd0cb41863fac668dbbb83d102fc8f1aec79244582deeaaa91749084b1828378ba52f1d8758de0563bfe464da0b317b041f3d6d970bf78a5dae07db2da96536535f86070a7e7e267e0b7e9ab27cb734bdfb934559305949cb5b2b0dde60593a9a394b67c6c574822019f43326338b77b48e5a9603d78e94796b22263db5a34e260ef83face3aa9bc64979b58377780e78defffafd2f63a605953227ab9dbc7ba3931b5aac167a3d0ea3f0eeb8df44a4d7d35ba1a975529fd7db72bd24884c4f191e749a1df6edc3c0e44ca52a6568e8d57ab715b54d161cee03619f3bce0c5e73cb582f8b5c2bcf66cc0da6663ac3c96a845542cb2c20511dc46c21c2fed91e96d49aa07291bd2f09eb009704165b60b8c32de6921f69949a13086986d0d0b213192d8e08b60b6510bc2f4552bcd94f01eac1f766443a193372a6eaa3b97c194a3a4ffd48e1f034f2c72bebe18361f664216b4d332d2d8c75a4e7c13c9c1d69790b11acf0fdc116a9849924169f00eeb61276057c660e540a34419173c6d2834b0adaf64004381f4168ddb3b28345b08ca4e30db1a2a4b1f45e1fb67f07ec0eaf2aa085889817f90c661e255e310466e1cc0cdd03fa052a876e1f5ea7994de7ca33ed208e0be27d5161a81ec157baa5a7d33daf659ad512a08a6c51944ee75b9e84adffbf4430a0d2055d18506ca598709a865d9a848a5ad29feeff4b9420e6ea503c3b1d2a560e6f57d843105a51e82ebeedb2501d92ee9a0c94336c911916a9acd37a2cfd1c3d25eb12afdcc6d8001a1cff9474dc81813a5d4ca10ccdf808ae604c387e9eae9b0e6f69a5b6d0806b684b6120af4811dd66e6342dc072cbc0c63063f18ddf94ba472ee2f7f0048dcc300c5069dadea86b2df28ce53d3fd78b94e52ffd5e5b6c7214ef991c9ca541d6a289777101388e95cd49430a5d17b9981013abee8b2fc922bd73f9d133363ca90a4270fab6e1e2e2553774fc85b76c9e9f2d34d3a2777c26437ca245923210027624caf1f71ca05be97487e5d465a5e0b4a012e99210369c5b193ff0c90d5c60399e7eab2f22ea3635052c09b50de7482b8cf4327315c199fdc28ea6de9039f7ba45f2e6b06fc92eeae115fccc5caa6b07a2580aa83de153d2e6b2be99d479ef9160c189c7431a0a40868a4d7de9244ccb734b8bf1a0abe84e4804b2dccf96638d03a318659eefcb5f7a912ca390ee163f03ecd4b26d771ac9667e38441cd28484f416f610f6742ecd4f9869c8c1b7a1e65e9b5820e544b9275d37dfa1168fd97655dc96429874a0e4bad93cd519bf8c10f187c053f26c805df935248ebf0e1eba7b61de1bb9bc3fc7a434366e51a0b6b51bef60f878f88b67ef5c8b9c85a622b11632b139b1cc875a850d160c64b65c0c511b0af52f3be1c3c6273a681915328597adc48c36c12afb7ad0bff7b51c0c8bd9240743471cf79d532b8b3ab973c9153869f72d793f49081d21353f2b78042ba86580f193ed1b8f9200d7538602523e4451bea57e4f81dd3f37470d803018733f6081cdf8e3ed109d9edaba238195e652d0e50f7cfb7e873c474f47fcb680b4c93ec142bbad5e2337bda187f4781dd52db53cf2445b11275d9aeac95d337b31586e43f42c33991adfff742fa1c1d1bde5f30f35a1677f1773fe43ac991f3d3ac28e5a34f03382104e5f8f0c568428d77212370864cfd3669126f5965a80d54f1d6deebdb073036eaa9c253afc1dd1c20585ca3fa0e3267ef3d499cb73113a07e113910ca623e076f3a1aabc4e3a58e584c31c4284c5092b07d1855222b22646308539f455597e9ef44c04f6335f264efbd4dae9252a712e1250b043a65813f6490b0c6faa9f83c5aa62b368502eee29f5995d9c92efd78f1778d43cf967b6f2512ee4cedb1aab9b1d2f005469e169b7f2ea90a4b82e19f33ca654e7a26bad22da8544fbd115f94116e325df81f470c6a6afef310ce9973f38348afe31607fc02e385e79d3972ef8d91c33bf434cc4dcf3e135860e377420a42d7c5d54ed8d450970e5b0e08ab5c71b26db1343fdac41dedbf3f923bb92fca17a0320fb6dc42bc347c4a4807f983ae5ca6a1269de04c965147ee532df4052061465e7f19e032f5d5ea5b0835a0b83b5d376b05b4d8790e47755298146079b503076c37bda4b496c44160eaf042203602b5f4460406da1a80ea1f2b0952023d32aba5596e915423e5ccc53e1b191608a9eec36e9c90a2a29fb45be3b31fa08d3c16f181eac3a4044008e8dd874b39db751e1ee522cec4ea015ba1a900615266bdd27b670766c43dbf92dd7c1b0cc6d1ec7e10d5b6b81e58cd2b2bd3a1a1e16634b225158851f182c26a1821e27782a400f881001839ec412ecddddc955756e2f2029b4ef5bc0043d74af2d6afb4712bf7ee8a0dfead4e015ee8061ab5f11f10e6b6ed7cac4b1757f9f1eaea681dfcaba4301f8981842f2e1ff39080092a6f6d4cf94c745e50f5c38a908ab19ccf920517b4306a8c35ce9236d93471702717f82f98010cf99874a1e3eab465c045756fbe03ccd47a4b1be5ba34d7bde836bb42956c2b9c435908a0e96cc5265b403cbc0f865b77367ac1ac7099b6c37082f8535246a604823d0eb3dba07ebe11ca7eea97d7dbd537691bf0360431352e29fba6f3da303a078731cd4d90a10740fa40a7270d35b1596c56717b6e2530232dedfbdcf0b88666f62caf099415c5dbde0c87917b4737f47af15b28ac33371f5b78fa2144c8277b876eff2f6bbb9f775f0939d307493955912b2eecd19685c84ee84b813668a0b8c0caf655aea5277a5a027d4344befcb3a8a57256ed02a983ec117ff4541325818d9712a3f790da02f8a7f12078fd7140ac1033e6d2f16e28dec9d4eced998f43608655a081e73d1ccc98ca65d0dc30d7bda65251238ce01ef00f8d0fe00383a0cd074051f48cdfb77bd507f93682c98c9fff59e8d7cff31a6070adf25e05755779709786db91ec6428ce459abd4c5add0b4b46293e48832e9b8f81e2040f8979ebffe031a6ff21775e500e6ce8104440d1a1b2b75cbbba5943277342dc56a452ad903c4e309c4049493697daa05f45170998bc535577d8e58c6b38ae82fd21fba87f31641179ca724936fe183039eaf64061605ac104bbf0d9b5c70c5e7e509019ceeac1ca5da1829f10d4c9a21c2f68c7199811818246d95bb0373f785a375eb53b77ec7f1ef5211680227875542b6f6dceb5d081c4363169dbaa03cbb7f32d40eff77ed9b9a122a9fab1c366fb882c8161e54db6ac9d3e3bdd8f81435d787bef15a0543c1de50e0babb3bd2f698517dfeb1743f284960a16d9220135bad11a825379fa73895cb2bc75985232b891ab160ba770cb4d02138c20eded9bba35e351ad2f30dd9408c893fb3d85bed889c485c1ba251954d76832a0f57a988463ad49829b2f8c73170a860f2709ae439d2f145a00c5f5041cd331ac98ee70a4e18225bd746cd21399a3646703007a58249b1798a5459546a7f47df03ac8586a3162280daef10bd845a64170ecc4420fc7bce69b3a58f70a70df708afdc5722883159576132c27475e24d5e341a276a05ea2400054242fb62e50aa00b177309cdfb2ce6cfe119c114b854a93aea14cf51d84587fdcd9155f81f01af58bf83c17a448f777c783e2de16e730b920c43040112121617c9d66e591d12f8b9007d054fb12aee29f1ee4dc878ea21809ab0ea6fb8d3ab63a5cfbd1a22b8c815285fbb20bf2316bbc39580869debc5686ceb9cc91f389b40e42bdcdb308d8210b2d89328956dbd623aeb1f90c433d4a9a2c0d5211039ca37b62ef7f9d877b3401850f13ab06afbbe0ec67e17845918737562acb81eccd7be6a2a565422522e659071ff3c2109af7da4c44c6cdf6447c5d12e89cbb1313eac50bbcb62198ddc4c3b92af652755d22d97af54753ca0618659e24c74f8cbe51d978a3f02cda901e81c49fa8abf7117164659dea3877879828e1a12b8310142eb7cf264812254b11a00d1f9d9537434341a726b6d21100efbf2e045b807b528f89490639b772a777e8991e77aec65ca94debac5c16a8615204056c0bb468e154c310e31b1de15a4c1bd562f1d43c6d223514169d045c264e54c97173ee8d6416b962d5f53695bc3bd7da2c323871193a084a50a2dbcea49bee2a970e5a5931e32a262347f3232c6f5bcfe6de6c9357169deeec3c2249fd0386343d90cec112472cac297a04f4667f64c30060bed389fcbcb436be3de620606c07efa9c857e2452ce3a12c2ef0a739f6e5a74c49f4a5af0a418ed3c0b7a7f4ce720cb82576cf6df8de7f021a8566aef6d6330649654a22bebb8c3d939141932efc2cc433b38fc6c709bc35dea667b250715be28dbb2dc32fc3977bfe63a627d5f20ce75a8bc28d9c38a1a78652ac0ea53156877115f175bbb080645e9d65e91a6f497d19eed6b0cd7da1daacb0b912c934a23bbe82c5df765f323ea0588508fd68da70763cbc49fb4a73988d1f41b23680d125bcd6052b9a9c40ecec775edd00182a3d5369d285c76f3ff2840b4a34a3ce7f8220f94bc1020ef2bac6954b360a5a76d26b9759917389c09e67aedb5f8971f64992f03cce8084a48348b14afd4e2e8fa2544887983f6a81e9c716173b8de54a78f0a42e05f3dedcbd6f6c4b3165f447c84fe6982101f9b11c5b3beba989dd85b7bec522b04a50cff747ac1c9df511a1b4e306d120c56410de62c6779aaa3effeed4cebb5a130bc07a3c2322c4d5491e06f5a195e2cedc79c914cc2869e100e86f6cb7aeabf8818005719c6b019cc9f896142f77daee5fb0bd4eeeabe7bdba07e5643b604b265b57da523458d2046a50355bd2b18dae9ca75453eb6a25061d066fa7c97ffde121f155b99dff00d04aec51a11f559e64a0c6086f83ef37662e8fc903b003207173cb469ae55d4e4a0fca33eb025e0ee1e51a10ac20d1670b6d4c4b1ec8c98eb58a26c4ea8dfd2018faf5d4d6f706e6315679eb28f4fd22d77a50c8137d729fd2901d6da86ba1f55624f394c22287483c2716cfe09bcb97014cd2a45ba6fd260ffe25d356584f71edc77e4478d11c5f5c73cac4fbae2b8161057260987cf38de4fc224eb49326d39299e8c846b713d84db427ef6ad36d19ba8c85580bab40a0244db03a70bcc0f6ebedc90de62c15a78a77939a8ad83b51e7dfd0320b5e5226967a9d544e8081cae3da8e3ba8f4022754d2913670c9f6b953504cede07995d141360895b7fa03401712f460eb7a470c3692d977a8559ca43236d25d779285015ee5052495c57d09a6bf9ba9b7ea70c09e134e680743f81682fc4b88b6a0e1c46e2423ba692129dedfd5edc287db12c4c92912a3e43c3023b0ea10a2badc12a1728243665277c1fd3af1b7b421f5f34a0f1282a168f2a055b3c5a7149e0df399573ed1ed652bc1c5e1782f3e4ba54860afd08c9d8221a7c8f3e4010134b59f9cd400f7038646ab79afe0a7d6a9100532f866e", 0x1000, 0x6, 0x0, 0x0, r11}, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0xf, 0x6, r12, &(0x7f00000023c0)="77620638994b348ec8f179aa758f01ab61b2c09e3c9530a545e1533154cdd69a38edbf27167428f765c64bdbaff2d61e063e450ff8251189a264f9db6984b140357397e2adcf68cef7d73610fa2441331bd3ac3ae94ffe51835972bf5fd90ac50260c70e321975b683e8061157877a5d3463febd635858bf7c8f3e6ca7ecc41d33d107ead4bb1c2107a7742488aa2ea31bf381bcacacb64351674bdca591d86b640fa658e099226ec1ce58e614f7e0e3682dd333dc34e070533fdeac6a5672b7f51c0c3e9c8d8084b9bd0e35dec2008736972e400b8bb442bbfe7c315c49e5506c114d9bc71c50c03bcf92ecdea5233074d162fe0a6a08c3bc9dc40cfb8b063b5de540242b61e58ef6838c3c31f6a897228d725e5ea2d304c7a6413bcf60d934199bdb5f2bc001a1e3c9bd95af4b7a0c6cd495887c962edd02670b26df57fda22d74fd21a0d688d3e31b0c7215123134f553f194e6cd854df1603fdfe53f0c4950ca11541ea3df3e74f8a79cd2c7e5a9319795cbdc10200f1497fc679bb3071a9135d42d047210fd303ff96c0421711ee876f57410ac3544721c96c576d1078674b55e7a76472a5d4f5b497fc2260618edcc3e6a106b04318b08b09a22ba89f280562a310f04b1919da0d170d7a89a36ba312aae49c73b41aed1e5336b43ea7da60a4749bb4eab14765befa55b73d81056c84ea80d10fd30f9d042800ab4f7df4dd3e8e5f1ee255c49c79accd5d4ae20b7ec2380343fac3e88c3c49cad695a124ebd8b7cdcc934d458f72db09a65ad951f6529ab8cc2874d715f3b64af2407dc5a9db3bad5d0806ba22b0562c797bec407dabb17791d071699e3a0b35fc97ca996fc8c8ae01b5b4d3f6b0bb46fe6eb6efc11694dea4e492420c829fc69a9611e96f0bfac40050885d66073ac5971d10e59d645cd5316fcb261291b63f0b561a7927f59a244787b2d1ca82c91e9b805225920f048ca7499aeb7c21aa859cceb0978b4db718485228719911908229c17be567e138e8a67c32e21dc0d795c9cc6cd08c21bff6a65e842e922f56ddd9ae7057028c6f4f57291fc7cc237953734de3c1ffc202e412f7fbffe51b75678eb98600c2007c519d25f799c28740423488ca43cc42bc00eb5c366fb97f9a25fadf090aa7dfd9708910cefd3d4288af97fb619a76d00f0c8dc82c31d044b1909d2557badbc9bbe25de943c08663800eecdd21caa47fee7795eacfd9a2520d1a908609f36095aeb2db31f23f481a6da14481b0409d770940eebef2deedd5dd947e4b6cdf32c783c436ee20bede28752035714ff8357f8e6a3dce9e0ce6d9b307522e956fb83133f70c9c66c8d5b8712d0f60156ec6a750eeca9b30ea65e5eed6f3f761ca00e80b782a495371e16f8b4bc2ab7a9f32aac18019a64f46e1b48119acebbae44fd362bac9faa5b5f7fe76c3fe5205bbbcfa33d3b20d0e158c542fabb3d4ccb095e66309a45610ac7afecda1102de19b6375216cacb63fc196e984cadbd7e46d66772748749f67237e1ca64e6492b979af2c6b9e5b3a5824bc37a84fdd18f0ce1f6150e01c50c7c945f8556ce00b2a24f96a18dac4b3ade03a3330ed49cee8a09cdc83326259d34c05ec2cd3b031baf5dc28637b56287771a21314140c2de3b6a3283fd579639618c29410dfe4ec0106aa6e74e0cc3d98536f2444eeac21b1bd93e6e7104aaf282c46e21fbfaf2cb8053880ef35bcb1606d89810f7f9bc65fd6755b85f5c36ced3d6d05ac896d15e0c0d60bac0bd8b2a6b9791c251268d38117f39f7002efd4dc61d897e39c7fc754d2d9da07ba427cdc6038c11d1244407797cab186db1d5ce87a4726e9bc6a746c580e4cfebb6bdcd7b9be1b80e7729c03498cac5dc7e8efa85d826e7f5e8738a8608f167dcd9708cdf942d4ea8fece4f9bc061e6bc2b77b022448258b1b8dc0eaf090125563e80850bcd4cb6fd426661bfc3565bbb5f0cc4d70677a8565660412b4e348ed7e8ea8b99ccba00227b2c93c52c5b598ec8c1525b4c42ac2ac0f7db85a86b234bd9da5a5665d8434adf53ca6ecc06650d2da0ffe2eb6ff2321cbcdec663d726e7d0b0a78ca8e43fca035a920289ae743ca77aef0a887e73253f14c16ed5d8eac74b4c64bcb034aaa2ad4c9e5139869cfe2fa096174e1ee4c6a83a8cbc68781f9bdc18de1b34b9b9f45cb15371d141dd10446b945a228b9ee2c8269af4e4f1ba041765e375e60260dedb3dc4e7d3019c518f4cf4eb91939674382fd2b45f45e2c676e38268a0213882c3a421ce843f1d147c83cbeb5f7c9a8e8d1e290b6b639e22ddfb5808e8877c14ef05a8170d7032bf9c9f8a4dbaba26c800207f17f6156d2687c208de459fc35514d5a71793c1a81620df5cc37a961ee76ba6c42eb8f3143e426e449d1ec6c7aafc5004bc7bbd792511e656eeb6eb2f114b91f61a046e931158677e02861e7dc7cf0b47e7942c0b4c0d6ee568ea6bb27bcd1e09efc40fe5299e2ff2092cb9c0b4e71d4f2ba158d5425d84adf1e5f241a8f16d5d09f820d5a8c10925cd0a926dce88c45666fbd7e92446cf9aa28955b4b3e72731a6f9e03438dc5a726cf33282979e2d24024a9c50173be538ba4541cbf7af3a49d2478ec159dcbab88c7d53e5bc01714052ed564511c4c3aa9ff11e5aff7f39f14f6c24bac23b494acf77714ebfd29598a6b683d14ff7ab83fc7b562243bc35ca29fcdd5be97d691a262e72c89df1c05417e2bcf2ebb48147e1052c94acc89f5bb009fa9e8286acbff1f0c93e1db5bb42848f9eb040b5f390891f77787f860aff0dbea113b7a597f1243b6de87178ad50ba70602af31d1c3f85792e75d4281036951b2203f4369907b123eb8d2ea761e4364a1d9eadeaf18a3e4cd8e480acc2a3f796c5a4af1cb8db13c9293d21fcbcdc2a105d2d0249c0eb113cfcc48a8b668ab93e21bfbad4ed5c4387c91fb80e792abb546d1cdcb3cb65faeb6757c2ab5f9cf9db35649c639fa1e8eef0e478444e8b8358e38cf1fa73d206ab621a8ef78e2da9ca0df22229a3dfde58ab13b6b1d2aac3904935fe2ed0a46d5a155316e56d897c977188e9b4db2069ffdc35fe80801d9e2a992feb357155abb9c5e701cdc475b35cc58268cf36eae8023daf5750ea6ee0ef270f1b0652981e6e8b57cc3cdfc6aee82dc18d3c0efc78109c8c67842f220d7df161af5630e4acde6135e992f7c547d0de86b1b626fb84243d8389a9cf28c957c43823d3935c824841d3f9d46b909c295f5ce11b2f8ea8051383e0d0b07f1eb410eab69573a691fef83a88b2f3d6e098a46f866ac8c37130bac49395d24d1ee6496dcc28ba5647ae3944edd71869eecb3a97bb0ba5d492b3ab1c3edffa8a3e52b077c220119087db3099d5e6a15884a32d8c4dfa1f40dc981830a2534df42881b43138f2c44568330d5efadee279a4a3c5821159a03c989fddacf1440a70d419e888c3cfed9566abcad3e438ca52652cecf20ca5eefdd2ff9f82e9730d16630aa2d7472c79d6db075c3d2e904239da04aaea4a6450221090bc4a2a61d4857d31ba7db939c00a78cf33e0489d4f581fead8dbde197156131fa7ff27a9e60fa703c2c93a33fd0700b1b9e94c28057f32c4f546bfd092844d4c875f88b417ef203bd99f12d4acb8ae1f7d9309ebd0be3ec0c8c7904d8797e1fee76ab33603ae4740c2978da3a94e3d9fa58eeca4cb686941e93da465306c79333c68eb4fbb4eb30c6ae882ac95e4216a982cc80182f22103f75f947afc2559b118519592c2cb68e1d12fd60ee5307cd95da3bc09de073349406e06264e07cd3153c56d74089ece12c0a135ddbe9b2800f79f5850e0044b097d84eb6271d684568f431733c44dab49b9dded7f77f4a835192d7977a0b7e170fdc400ea0c572e861a13ee013b05c92439a9181b09be7d25e3d33098eb511deebaa332945a2a0a54043160c9bbed82b819c3114f6e1d10d806a9cceb1f9a6c6c852b98701de60a3d6010393696e56f59d3114c1269b1f2d8a4539b687bc5d74dfc67dc21d024c94bace517380edd3b3021781ec03133764333d0fcaafb4a7e25c6744db39e2d737a232f37bccd95bf2d790d1137c2b2b4bb06353c56df577813694b03b13b3eea34ed79fd7980a1a631eeadf507208d2452eca1038968a3640d50579a9fd15760369df1388e56fded7cb70c97c17c96b60776409c85def76908aa7cacdbb2504ed31c367f53db1f56fc8140a5fdf2f8b1b4ef652ab98b48f1d9d607d70cbf548cc165bc80c76cc93895a235b7c530748b3ce515f1d17ae0a98fa64b02b857a15e5ad2d4173a08c06b05767d721f2ac0d5d528e96a2b1c201a6eab2669ff4d411daf5aef1cda0282a50e44cd581146f9ed677b8fa17b6f71ea19431e769d347941af23ceb470eef8f792cbb5a09c2c49f3fc2bf48266912dc7140bff918f1645531d435b7ae3baa24d41ef01a74bbb9edf2c6370583d3cff5ab57438dea3bb10ff3b1a8fea5446ff9352b37b20b06ae95e68c7f764cd38bf616ff97efb7c9f028b0bbd9fd70737b0e327a4ddfa43ed0ef706c48a9504f7c03ed6ba5b72c72df6c9f26f619058d49203d3f02c2942c0d3bbe700e5380245fc234e5c15baa1224caac90585f7ec85f42ac209ac16bc3d3c2de96422c55ece9f127804a95b05cdfda6de02528afa6f48f36a30dc28c15380a255fa2b25f83e53cae98a62e0e3f5af176418401c2f79c76ad34b98a5e0f3f57636ddd467bd92e3f3a2d344b76469757f077a6990dd81399524c25c397f5bb29f24825366a0c20be7b135fd4afac6369df72e8cbd3d5413e6e1d81c4f00ad271d59c71046997e260fd36c8772c431c5dc403d9da6ee22ab592ec6c04b4754aee9a38fb6f766191e4d8fb98f9cf1d433350a4ddf3073aa73ef83e7173f2cb01546bfdcb949d251b6d5aa9bf291987160891a35fc46639ab6eeb7e4cb93357ae2b2cf28acb86fb04ca56c1ff4de6480aa08a960fd5fb9a4ec2d11fb511dda2f469f966b090f6090e9017b1aa34be7139d72cada9db01c5cbc1cca859b6ad89c83041d1f9fd768f1d8509de6ddb8da12a254be8c7a7e001795504b293060d3dca76307ca43f9a8786aa040db22a4653580b7dcf35d9bd486ca7996d78a0ae8d9f4b1651d6c3a0abe2ac83c6fc5159121b90c72f99a8e6f602d115d2fa81d75bb9c0bc6e199b7d95e6e829107411c9c42cad67849e3eb481c243553a1c499b8be1f2d57cfdf1816600cc59d4c3d5d7fc0965d0c724326e65e11b01845592bc93ac82f60fecf46c1a17288fa8278a7567203338a1b579c04759ff7c5ac423d4d37508ded8b8d398363f46c62f0c26f4f45791ecd5f1300ff6f439e58e83fa4484ede12cfa1c5ca9778065b2690f7cebcddbb525c35421047107410a65914e639f60ba4375570a1a8dc9a93d726f86298ce6576747eaff7abfbf5ac41c90f2078adce8a54a4c47cc4fd3be3ac61e3d2821f8671698dc1307f9da32da9edf1dfe2a162691cffb9bc6a7399427d3f3390d7e57fd3b4b7a867aa52b194f91998866911c30f079d1f92ccc32a179cc0108b1325d2002406fdc830a1c841ce29ad220f92b901b34db1a07d2c0fc609985929022e3d27a7c15fbc994ff63188f986bcb9315fbadf60d9e4e9f245c2e5169054f2ffd8c05eecbc0d9ad587536017d179547d905dfa9a61f11b2b8473644d1e076f121390ca8a317c5c2ebd2233223b09c3fd2e1cad8356791a1dbcd357e78530797c83e960afd138740b6789423ecf247ed1247a2f157f1562fee61e", 0x1000, 0x8, 0x0, 0x1, r13}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x7, 0x8000, r14, &(0x7f0000000a00)="a873a023b578ea51047d20b02b4cdffe7ebe01c9bf1cdc739c22c0689f1e474d39d9f380132d44b9b0d518269063c818aa0b2c5bea", 0x35, 0x67e5, 0x0, 0x1, 0xffffffffffffff9c}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x8, 0x1, r15, &(0x7f0000000ac0)="1df1ce1257904996f4", 0x9, 0x200, 0x0, 0x1, r16}, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x2, 0x3, 0xffffffffffffff9c, &(0x7f0000000b80)="d1b479ee48441703a3f28e33060f8e0b9ea1f7a4966b0857185ba2336ebc1e5308a7de85aa0d3f60d81429e6d7c58e3f6b5fa9a347dc69f45a6f7080bbc9", 0x3e, 0xf9da, 0x0, 0x2, r17}]) r18 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) ioctl$PERF_EVENT_IOC_ID(r18, 0x80082407, &(0x7f0000000000)) r19 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00') preadv(r19, &(0x7f0000000480), 0x2000000000000113, 0x0) fadvise64(r19, 0x2, 0x5, 0x1) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r18) 01:50:02 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:02 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x500000000000000, 0x0, 0x0) 01:50:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 589.827326][T21760] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 589.840319][ T26] audit: type=1804 audit(1556243402.507:74): pid=21767 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/721/file0" dev="sda1" ino=16790 res=1 01:50:02 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/wireless\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 589.882122][T21771] binder_alloc: 21763: binder_alloc_buf, no vma 01:50:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:02 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x600000000000000, 0x0, 0x0) 01:50:02 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:02 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000000)) [ 590.115822][ T26] audit: type=1804 audit(1556243402.787:75): pid=21784 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/722/file0" dev="sda1" ino=16778 res=1 01:50:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x5000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 590.261724][T21790] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x500, 0x0) ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000100)={0x3, 0x4}) preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000280)=""/148, 0x29}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') fsetxattr$trusted_overlay_origin(r2, &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x80) preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:03 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x700000000000000, 0x0, 0x0) 01:50:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 590.456002][ T26] audit: type=1804 audit(1556243403.127:76): pid=21810 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/723/file0" dev="sda1" ino=16772 res=1 01:50:03 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)={0x0, 0x8001}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={r1, 0x2}, 0x8) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x9, 0x10282) r2 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) getpid() r3 = gettid() perf_event_open(0x0, r3, 0x0, r2, 0x2) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r4, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 3: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x700008000000000, 0x0, 0x0) 01:50:03 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x1, 0x100) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000280)={0x3}) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') write$P9_RATTACH(r1, &(0x7f0000000000)={0x14, 0x69, 0x1, {0x12, 0x1}}, 0x14) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x6636d49c) preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) write$P9_RSTAT(r1, &(0x7f0000000040)={0x71, 0x7d, 0x2, {0x0, 0x6a, 0x4, 0x0, {0x10, 0x1, 0x8}, 0x40050000, 0xfff, 0x3ff, 0x6, 0x10, '}wlan1cpusetppp1', 0xd, 'selfvboxnet0(', 0xd, 'net/wireless\x00', 0xd, 'net/wireless\x00'}}, 0x71) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000000c0)=""/30, &(0x7f0000000100)=0x1e) 01:50:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:03 executing program 3: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x800000000000000, 0x0, 0x0) [ 591.041880][T21848] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:03 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:03 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') ioctl$VIDIOC_G_INPUT(r0, 0x80045626, &(0x7f0000000000)) preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) write$P9_ROPEN(r0, &(0x7f0000000040)={0x18, 0x71, 0x2, {{0x4, 0x0, 0x6}, 0x3}}, 0x18) 01:50:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 591.162432][T21867] binder: BINDER_SET_CONTEXT_MGR already set [ 591.190451][T21867] binder: 21861:21867 ioctl 40046207 0 returned -16 01:50:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x80, 0x0) ioctl$sock_x25_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@remote={[], 0x1}, 0xc, 'ipddp0\x00'}) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 591.418081][T21885] QAT: Invalid ioctl [ 591.450459][T21890] QAT: Invalid ioctl 01:50:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x800008000000000, 0x0, 0x0) 01:50:04 executing program 3: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000000)=0x9) 01:50:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r0, 0x10000) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:04 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x0, 0x504000) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000040)={'broute\x00'}, &(0x7f00000000c0)=0x78) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000280)=0x68) 01:50:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 3: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x900000000000000, 0x0, 0x0) 01:50:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x8) ioctl$EVIOCSABS2F(r1, 0x401845ef, &(0x7f00000003c0)={0x100, 0xbf6, 0xd19, 0x10001, 0x10000, 0xffffffff}) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000040)={0x6, 0xb, 0x4, 0x21000c00, {0x0, 0x2710}, {0x1, 0x8, 0x6, 0x1, 0x2, 0x9, "5e28e9e7"}, 0x1, 0x7, @planes=&(0x7f0000000000)={0x2, 0x2, @mem_offset=0x800, 0x7}, 0x4}) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000280)=""/213, 0x416}, {&(0x7f00000000c0)=""/76, 0x4c}, {&(0x7f0000000400)=""/107, 0x6b}], 0x3, 0x2) 01:50:04 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 592.002195][T21932] binder: BINDER_SET_CONTEXT_MGR already set 01:50:04 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000140)={0x6, 0x1, 0x100000000, 0x1, 0x8, 0x3}) preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) fcntl$getown(r0, 0x9) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="04000000000000001c0900000000000001000000000000002f0b0010000000000300000000000000460a0000004000000400000000000000c30b000000000000310000000000000098728e16c4bd041bf667b7776ba72baaac67846eb782e3da7099088705c4a9b554310d4e011b27ba89e435182d32bb90c5c93a25702eab56a89d48c7e8e6310b6be635ef8568d2be12b5eab79fc8c9d0714907c052e20ae9cc04dcf3c902ba20b1e022d6f66f534301bf73587be5e6"]) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$VIDIOC_ENCODER_CMD(r2, 0xc028564d, &(0x7f00000000c0)={0x3, 0x1, [0x6, 0x20, 0x5, 0x5, 0x6, 0xfffffffffffffffc, 0x5, 0x3f]}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, r0, 0x0, 0xd, &(0x7f0000000040)='net/wireless\x00'}, 0x30) r4 = syz_open_procfs(r3, &(0x7f0000000000)='neJ\x0f\x00\x00\x00\x00\x00\x00tor\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000000), 0x4) preadv(r4, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 592.061557][T21932] binder: 21930:21932 ioctl 40046207 0 returned -16 01:50:04 executing program 3: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:04 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:04 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000040)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)=0x0) ioctl$KVM_GET_SREGS(r0, 0x8138ae83, &(0x7f00000003c0)) r2 = syz_open_procfs(r1, &(0x7f0000000240)='oom_score\x00') preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x102000, 0x5002, 0x0, 0x2, 0x5, 0xfffffffffffffbff, 0xf448, 0x6, 0x0, 0xffffffff, 0x3, 0x47e}, {0xd000, 0x1002, 0xd, 0x240000000, 0x0, 0xb37, 0x9c5, 0x0, 0x1ff, 0x2, 0x5060, 0x6}, {0x102000, 0x0, 0xe, 0x6, 0x6, 0xd1, 0x100, 0xdd, 0x1, 0xfffffffffffff000, 0x5, 0x7c}, {0x14000, 0x7004, 0xf, 0x1, 0x60000000000, 0x1, 0x0, 0x3, 0x7fffffff, 0x4000000000000000, 0x401, 0x401}, {0x5, 0x101000, 0xb, 0x6, 0x3d6, 0xfffffffffffffffd, 0x3ff, 0x61c9, 0x80, 0x9, 0x47, 0x2}, {0x100000, 0x5000, 0x4, 0x20, 0x1ff, 0x2, 0x425d, 0xffffffff00000001, 0x1000, 0x9, 0x20, 0x6068}, {0x2000, 0x7001, 0xe, 0x7, 0x5, 0x7, 0x40, 0x7, 0x1, 0x3, 0x7fffffff, 0x4}, {0xf000, 0x1000, 0x6900170479dfe075, 0xb23, 0x0, 0x4, 0x2, 0x2e15, 0x7d, 0x1f, 0x3ff, 0x5}, {0x3000, 0x3000}, {0x2, 0x100000}, 0xa0010011, 0x0, 0x4, 0x20, 0x1, 0x1, 0x2001, [0x5, 0x4, 0x81, 0x9]}) 01:50:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0) 01:50:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:05 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') dup2(r0, r0) preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:05 executing program 3: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:05 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') 01:50:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 592.631294][T21980] binder_fixup_parent: 42 callbacks suppressed [ 592.631316][T21980] binder: 21974:21980 got transaction with invalid parent offset or type 01:50:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xb00000000000000, 0x0, 0x0) 01:50:05 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000), &(0x7f0000000040)=0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', r0}, 0x10) [ 592.681023][T21980] binder_transaction: 59 callbacks suppressed [ 592.681041][T21980] binder: 21974:21980 transaction failed 29201/-22, size 64-16 line 3389 [ 592.721052][ T3480] binder_release_work: 59 callbacks suppressed [ 592.721060][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 592.742228][T21980] binder: BINDER_SET_CONTEXT_MGR already set [ 592.748750][T21984] binder: 21974:21984 transaction failed 29189/-22, size 64-16 line 2995 [ 592.763582][T21980] binder: 21974:21980 ioctl 40046207 0 returned -16 [ 592.792618][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 [ 592.803762][T21986] binder: 21985:21986 transaction failed 29189/-22, size 64-16 line 2995 01:50:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 592.840953][ T5] binder: undelivered TRANSACTION_ERROR: 29189 01:50:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:05 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)={0x0, @speck128, 0x0, "667f1235a5453552"}) [ 592.939726][T21994] EXT4-fs: 6 callbacks suppressed [ 592.939742][T21994] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 592.959699][T21997] binder: 21993:21997 transaction failed 29189/-22, size 64-16 line 2995 [ 592.972950][T21998] binder: 21996:21998 got transaction with invalid parent offset or type [ 592.989759][T21998] binder: 21996:21998 transaction failed 29201/-22, size 64-16 line 3389 01:50:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 593.030282][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 593.048165][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 593.059910][T21998] binder: BINDER_SET_CONTEXT_MGR already set 01:50:05 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000005c0), &(0x7f0000000600)=0x4) ioctl$int_in(r0, 0x5473, &(0x7f0000000640)=0xffffffffffffff62) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000540)=[{&(0x7f0000000000)=""/61, 0x3d}, {&(0x7f0000000040)=""/64, 0x40}, {&(0x7f0000000080)=""/95, 0x5f}, {&(0x7f0000000100)=""/18, 0x12}, {&(0x7f0000000280)=""/74, 0x4a}, {&(0x7f0000000300)=""/243, 0xf3}, {&(0x7f0000000400)=""/109, 0x6d}, {&(0x7f0000000480)=""/187, 0xbb}], 0x8, 0x0) [ 593.099085][T21998] binder: 21996:21998 ioctl 40046207 0 returned -16 [ 593.137549][T22003] binder: 21996:22003 transaction failed 29189/-22, size 64-16 line 2995 [ 593.155072][T22006] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 593.171339][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 01:50:05 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xc00000000000000, 0x0, 0x0) 01:50:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:05 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x3, 0x20080) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000280)) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x66dd, 0x40000) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000100)={0x0, {0x2, 0x1}}) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000040)=0x1) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) write$P9_RXATTRWALK(r1, &(0x7f0000000080)={0xf, 0x1f, 0x2, 0x5}, 0xf) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 593.314322][T22021] binder: 22014:22021 transaction failed 29189/-22, size 64-16 line 2995 [ 593.326575][T22022] binder: 22017:22022 got transaction with invalid parent offset or type [ 593.332382][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 593.341246][T22015] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 593.352460][ T26] audit: type=1804 audit(1556243406.027:77): pid=22018 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/730/file0" dev="sda1" ino=16797 res=1 [ 593.375123][T22022] binder: 22017:22022 transaction failed 29201/-22, size 64-16 line 3389 01:50:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:06 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x9, 0x0) write$FUSE_POLL(r0, &(0x7f0000000040)={0x18, 0x0, 0x4, {0x2}}, 0x18) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000080)={0x1, 0x0, {0xfffffffffffffffc, 0x4b, 0x100, 0x7fff}}) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 593.452188][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 593.460250][T22027] binder: BINDER_SET_CONTEXT_MGR already set [ 593.471622][T22027] binder: 22017:22027 ioctl 40046207 0 returned -16 [ 593.495909][T22028] binder: 22017:22028 got transaction with invalid parent offset or type [ 593.508155][T22028] binder: 22017:22028 transaction failed 29201/-22, size 64-16 line 3389 01:50:06 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 593.550756][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 593.579966][T22034] binder: 22033:22034 got transaction with invalid parent offset or type 01:50:06 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xd00000000000000, 0x0, 0x0) 01:50:06 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 593.612227][T22034] binder: 22033:22034 transaction failed 29201/-22, size 64-16 line 3389 01:50:06 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000000)=""/230, 0xe6}, {&(0x7f0000000100)=""/118, 0x76}], 0x2, 0x0) [ 593.664526][T22037] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 593.672264][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 01:50:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:06 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 593.733482][T22043] binder: 22042:22043 got transaction with invalid parent offset or type [ 593.743314][ T26] audit: type=1804 audit(1556243406.417:78): pid=22041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/731/file0" dev="sda1" ino=16783 res=1 [ 593.803538][T22050] binder: 22048:22050 got transaction with invalid parent offset or type [ 593.817834][T22051] binder: 22042:22051 got transaction with invalid parent offset or type 01:50:06 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, r0, 0x0, 0xd, &(0x7f0000000040)='net/wireless\x00'}, 0x30) r2 = syz_open_procfs(r1, &(0x7f0000000100)='net/stat\x00') preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 593.849172][T22050] binder: transaction release 2358 bad handle 1, ret = -22 01:50:06 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:06 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x28000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:06 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xe00000000000000, 0x0, 0x0) 01:50:06 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) getpgrp(0x0) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000000)='attr/sockcreate\x00') setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000040)={0xda9b}, 0x4) [ 594.008855][T22061] binder: 22059:22061 got transaction with invalid parent offset or type [ 594.027987][T22064] binder: 22063:22064 got transaction with invalid parent offset or type 01:50:06 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x38000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 594.055438][ T26] audit: type=1804 audit(1556243406.727:79): pid=22062 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/732/file0" dev="sda1" ino=16772 res=1 [ 594.094671][T22064] binder: transaction release 2369 bad handle 2, ret = -22 01:50:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:06 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x400, 0x0) setsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, &(0x7f0000000040)=0x9, 0x4) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@empty, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}}}, &(0x7f0000000740)=0x3f69f87410d9e814) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f00000000c0)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x549a, 0x0, 0x0, 0x0, 0x10001}, @generic={0x4, 0x7f0000000000000, 0x1, 0xe8df, 0xdf4}, @map={0x18, 0x4, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x59}, @alu={0x4, 0x1ff, 0xd, 0x0, 0x3, 0xfffffffffffffff8, 0xfffffffffffffffc}, @map={0x18, 0x5, 0x1, 0x0, r1}], &(0x7f0000000000)='syzkaller\x00', 0xfffffffffffffff8, 0x2c, &(0x7f0000000140)=""/44, 0x0, 0x1, [], r2, 0xd, r1, 0x8, &(0x7f00000003c0)={0xcad, 0x9}, 0x8, 0x10, &(0x7f0000000400)={0x695000000000, 0x100000001, 0x5, 0xffff}, 0x10}, 0x70) preadv(r1, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:06 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:06 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:07 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$isdn(0x22, 0x3, 0x0) r2 = getpgid(0x0) r3 = geteuid() r4 = getegid() setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={r2, r3, r4}, 0xc) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) write$binfmt_elf32(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x80000000, 0x6, 0x0, 0x2, 0x1ffe0, 0x2, 0x6, 0xd5b, 0x240, 0x38, 0x1e8, 0x3, 0x5, 0x20, 0x2, 0xc07, 0x71b, 0xe00f}, [{0x70000007, 0x8, 0x0, 0x9, 0x400, 0x8, 0x10000, 0x3}], "1b7f48d58dcc58222f4bd451dfd3775287191c399076416027352ec7919842aa786ce34235e6f2a6aea433d4e26f83aa5ea5266b84e95f71ffe2e8ea78ce2bc6deb9412e8b1b32f4a9464c7642cf7448fc22e22e62d9b581b63a7bb1840538facafeb79240b4c15c2b39e8f27840892552798ca321ebe9f2086079e1565883a4aef0b960e2cf26b5aee24a9f61ef405dda725eea7f3f039700cc1becbf8ea58933ae09ca7a29e2cf7caff11f2e6eba27dff4028a6309c9fac713579f5c4501893eadf39f01875290f2d6234e1cccae291ad0c95d42f15b2c47db990430f74e14420eef46c233b6525859f921f19d25218c790bec08cf0282107d2698c2", [[], [], [], [], [], [], [], [], [], []]}, 0xb55) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x40, 0x0) ioctl$TIOCGDEV(r5, 0x80045432, &(0x7f0000000040)) ioctl$TCGETA(r5, 0x5405, &(0x7f0000000080)) r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r6, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xf00000000000000, 0x0, 0x0) 01:50:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 594.440688][ T26] audit: type=1804 audit(1556243407.107:80): pid=22088 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/733/file0" dev="sda1" ino=16799 res=1 01:50:07 executing program 4: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 1: perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 594.574194][T22105] binder: BINDER_SET_CONTEXT_MGR already set [ 594.611868][T22105] binder: 22104:22105 ioctl 40046207 0 returned -16 01:50:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:07 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000000280)={0x0, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e20, @remote}, 0x180, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000100)='bridge0\x00', 0xfffffffffffffffd, 0x3ff, 0x4}) r2 = socket$kcm(0x29, 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x8050}], 0x1, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)={0xffffffffffffffff}, 0x8) ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r3, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:07 executing program 4: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1000000000000000, 0x0, 0x0) 01:50:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x50000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 595.025123][ T26] audit: type=1804 audit(1556243407.697:81): pid=22135 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/734/file0" dev="sda1" ino=16811 res=1 01:50:07 executing program 4: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:07 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1100000000000000, 0x0, 0x0) [ 595.245521][ T26] audit: type=1804 audit(1556243407.917:82): pid=22150 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/735/file0" dev="sda1" ino=16779 res=1 01:50:08 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = socket$inet_dccp(0x2, 0x6, 0x0) vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000280)="2f60cc693ca51009f3d361204367126ebe9d39e1a50d625f21bb77da693e7c74a09925dc33848de4cdfca2473f559b3d97caf4a875c3c55caa7af492065d6ae71711afba648fff20cc231a5d674e35151b649d10e32dbfd0d7663e88f4f12b3ab693145bc1434918fb36424e04616b6d67534d5051917f0bb7", 0x79}, {&(0x7f0000000300)="2ee4d938b26416c99717d8a8480b75b8061c14d761cdd67f78edd5192a2f8d6014438c57e125b49760aebcb9d97880b311347690d2d382c60956f6b47d8eec307aed510cab44de86346905cb1c5bc4b4e212194e2a65645b630bb269784e4ee631a9a7e1b6c905ec56781b45d50f625b8aa845a8cdd9b0dcbec2e35c40242a447169c6234d34642f58fcce5944c5304d8c84cf13737606f9931d6e97039b0bc0292a840c91e1456394db8394d1c79872668e60d972ab729686fa52434145d010d9ea5fb92a8bca725d80373bd496b2056e306adf004db65083fd1b1584d1e83a9b48407b2dcebed622647b03f52ab561ccd81b82ff6b916b", 0xf8}, {&(0x7f0000000400)="0310c90ab4a70c1243bb6124de41cbcc7655ec48f0f891128a756de6bdde3f14d0fcc7b983bf901c4680c96ab7c806f5c80eb7019c5dec206aea87ad7c2ef4a4ba015d7e2a8c3de70881f6ec2b539ccd54492444446591b5cc306c7a7c7d86598d9c26712768d7a4c06efcfc07911b46a199fef033870a4b", 0x78}, {&(0x7f0000000480)="5d99bc50c4ee3b55728e07a051365b173215b345d1b82191aa160a190b41080d557695c7d42894b9fb4fc7d927e2e7dc03ee5ce0c90ebdd0fcea0ac8f0f2e5375d2579a8ba43e3ea4251714b28", 0x4d}], 0x4, 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={0x0, @multicast2, @loopback}, &(0x7f0000000100)=0xc) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x400000, 0x0) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000040), &(0x7f0000000080)=0x18) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:08 executing program 4: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:08 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0) [ 595.797462][ T26] audit: type=1804 audit(1556243408.467:83): pid=22171 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/736/file0" dev="sda1" ino=16808 res=1 [ 595.870292][T22171] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 595.870548][T22173] binder: BINDER_SET_CONTEXT_MGR already set 01:50:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:08 executing program 4: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 595.911069][T22173] binder: 22169:22173 ioctl 40046207 0 returned -16 01:50:08 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:08 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 596.063562][ T26] audit: type=1804 audit(1556243408.737:84): pid=22190 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/737/file0" dev="sda1" ino=16810 res=1 01:50:08 executing program 4: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:08 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000000)) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r2, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1300000000000000, 0x0, 0x0) 01:50:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 596.124171][T22190] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 1: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) perf_event_open(0x0, r0, 0xd, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x12000, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f00000000c0)={'syz_tun\x00', {0x2, 0x4e21, @local}}) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r2, &(0x7f0000000480), 0x0, 0x0) 01:50:09 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 596.477992][T22221] binder: BINDER_SET_CONTEXT_MGR already set 01:50:09 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:09 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') setsockopt$inet6_tcp_int(r0, 0x6, 0x6, &(0x7f0000000100)=0x9, 0x4) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x100}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080)={r1, 0x5, 0x30}, &(0x7f00000000c0)=0xc) preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:09 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1400000000000000, 0x0, 0x0) [ 596.525163][T22221] binder: 22220:22221 ioctl 40046207 0 returned -16 01:50:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_settime(0x3, &(0x7f0000000040)={r0, r1+30000000}) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x2, 0x0) mq_timedreceive(r2, &(0x7f00000013c0)=""/4096, 0x1000, 0x2, &(0x7f0000000640)={0x0, 0x1c9c380}) r3 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') r4 = request_key(&(0x7f0000000680)='big_key\x00', &(0x7f00000006c0)={'syz', 0x2}, &(0x7f0000000700)='net/wireless\x00', 0xffffffffffffffff) r5 = add_key$user(&(0x7f0000000740)='user\x00', &(0x7f0000000780)={'syz', 0x0}, &(0x7f00000007c0)="5e1a2867f1e905f80e409b0c62a31769b04e78ddcbb70759139ca3ba0b4c94657a6c944f7f243821332ad12c0cde95dd53fbbaf6dfb7dba7aab9e6963cf6954edd7b03829dd642a5fa41581fb0423f7598fb5240b10cb69a912906ddf72247fcf710c9d1ab6431e93d4f4f7c2fbd3ba602b72fbff56fa06e659f8e6b4613d79375241494dc28d60e35325ffbdb52d05a454fd1e7c0098bed8abb8e1bfdceca830a41545189ee371ca1a32c5392c8cd58fa49cc467b786a6ab890cf497a17bdab", 0xc0, 0xfffffffffffffff9) r6 = request_key(&(0x7f0000000880)='.dead\x00', &(0x7f00000008c0)={'syz', 0x2}, &(0x7f0000000900)='net/wireless\x00', 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000940)={r4, r5, r6}, &(0x7f0000000980)=""/239, 0xef, &(0x7f0000000b80)={&(0x7f0000000a80)={'ghash-generic\x00'}, &(0x7f0000000ac0)="487aa92642bb413651161add0d44e48be08d9aaff1a51969a84e3e77fe2fa32e465536c7b121a4a532c8e62f6e49e409eb998c0a4c672086d1d39343821d18702fe1efd54a424418672c0d1d9e037db81e68ea7708813b7b4e3c3d0dfc48e6fa30c460e0fd89bcfc8d8ebd52a41b27713fa357af458dcab4607b8c3c61104c0fa881ae73674a94d15914e7667e82786e4e8ac31f907e1e7f1f", 0x99}) syz_mount_image$jfs(&(0x7f0000000080)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x6, &(0x7f0000000500)=[{&(0x7f0000000100), 0x0, 0x10}, {&(0x7f0000000280)="e7948ae09a92f183596ddd61e02752484c3766fa0e4a415c0bb62e93b2aaa7bbeb24b49e94ed90534546ccfab6f3f55be8d2cffe3d4ddd74773dae96b117b7c6ff78bf9e764eaedf8510ea0b6c841c1046c64a0f652c0ba9f4a61b5626ba47e05fca4340671a956458de6bad0022c0678ebbcebe42f13b8cd0c3ea3469fd7536d9226719d9", 0x85, 0xcdb}, {&(0x7f0000000340)="785276ab4868f3e4b2db52bf691370d30569f4fcb2608bccf8e4ae0ccfa90c26428f6a0384387b1d6afbf8548f9e3c65b180ae8809884afd7184f415043cc93fd416031552a8262b6952959d0860c22fcff8fb447bea2f4328d2c4bcf2987e4cb49d2f13b2ed340cfce5e595c1aa87b31af60931d739fd4373", 0x79, 0x6}, {&(0x7f00000003c0)="230063111139272f17f580d5b506a1964e4453c98241afe43f4d3f3e39de7ca8f51984e105628329e5c5d34d6d4bed4e0c8efe8515d0f56e6f1e8d48c8a1f21fc41c750d87729ee367dad4d7c4334f6cf81335232ad9", 0x56, 0x10000}, {&(0x7f0000000140)="9f7f3d8444ebfaabfd80a7a94fb6d5825ab678ca15bf5c92", 0x18, 0xa19}, {&(0x7f0000000440)="9d7aca5c84f497bd6a2aeb5e285382462e456c3f4f76ddc9a407f46e1f118a3ab5cdd88176fd4b38fe034e551c64284c8a545ab17e7f7bd07b450297da494a15ba1a508f30ff3a46efd342787d676564fc6150f3b2891a438e736892ae976d4ea947e0cc52b85d9068c85245196f7c4b970cf08abf8d264fa867718d6bfae4826134c6057fbe384791fe7b668020589d5913f76740dcc041f56cc452640d2fdacab94830b7b2800c9e53b7529b0b6c5bd9d8cd5a0f00e9e4ee4896cc9e6e", 0xbe, 0x80000001}], 0x20, &(0x7f00000005c0)=ANY=[@ANYBLOB="726573697a653d3078303030303030303030303030303030322c737261636b66737472616e736d7574653d6e65742f77696561737572652cfa000000000000000000"]) preadv(r3, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 596.620528][ T26] audit: type=1804 audit(1556243409.287:85): pid=22234 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/738/file0" dev="sda1" ino=16816 res=1 01:50:09 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 596.698617][T22234] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:09 executing program 1: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='net/wireless\x00') perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r1, &(0x7f0000000000), 0x1000022d, 0x0) [ 596.746688][T22241] binder: BINDER_SET_CONTEXT_MGR already set [ 596.792050][T22241] binder: 22239:22241 ioctl 40046207 0 returned -16 01:50:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1500000000000000, 0x0, 0x0) 01:50:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f00000000c0)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r0, 0x0, 0xffffffffffffffee, &(0x7f0000000000)='#\x00', 0xffffffffffffffff}, 0x30) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000080)=0x0) kcmp(r2, r3, 0x7, r0, r0) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r4, &(0x7f0000000480), 0x2000000000000113, 0x0) 01:50:09 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:09 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 597.006350][ T26] audit: type=1804 audit(1556243409.677:86): pid=22265 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/739/file0" dev="sda1" ino=16815 res=1 01:50:09 executing program 1: r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x5, 0x20000) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = dup(r1) ioctl$KDSKBMETA(r2, 0x4b63, &(0x7f0000000000)=0x40) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x0, 0x5, 0x5, 0x3, 'syz0\x00', 0xffff}, 0x0, [0x7ff, 0xffffffffffffffff, 0x0, 0x1, 0x3, 0x5, 0x0, 0x80000001, 0x0, 0x9, 0x63, 0x10000, 0x8, 0x5, 0x6, 0x2, 0x9, 0x10000, 0x10001, 0xff, 0x3, 0x6e, 0xfffffffffffffffd, 0x2, 0x0, 0x100, 0xbab1, 0x6, 0x1, 0x0, 0xfff, 0x8001, 0xfffffffffffffffa, 0x20, 0xfd, 0x3ae3, 0x3f, 0x7fff, 0x101, 0x2, 0x80, 0xfffffffffffffffa, 0x2, 0x5, 0x4, 0x200000000000000, 0x2, 0x9, 0x0, 0x401, 0x400, 0x62, 0x3, 0x20, 0xfffffffffffffe00, 0x1000, 0x3ff, 0x10000, 0x6, 0x8, 0xef, 0x4, 0x1e4, 0x8001, 0x401000000000000, 0x101, 0x9, 0x2, 0x200040000000000, 0x100, 0x7fff, 0x0, 0x7, 0x158, 0x5, 0x0, 0x8, 0xfffffffffffffffa, 0x86, 0x5b, 0x400, 0x8001, 0x0, 0x4c9, 0x6, 0x2, 0x4, 0x5, 0x63b7, 0x3ff, 0x4, 0xe3, 0x2, 0x1, 0x0, 0xbcb, 0x9, 0x7, 0xfffffffffffffffb, 0x4, 0x9, 0x8, 0x9, 0x8000, 0x0, 0x7, 0x7b42, 0x2, 0xbe, 0x2, 0x4, 0x2, 0x1, 0x32, 0x7, 0x0, 0x814, 0x2, 0x4, 0x30d06135, 0x5, 0x8f, 0x57, 0x1, 0x0, 0x0, 0x5, 0x3f], {r3, r4+10000000}}) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000780)={0x7, 0x0, 0x10000, 0x3}) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f00000007c0)={0x0, r5, 0x1, 0x7fff}) getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000800), &(0x7f0000000840)=0x4) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='n\x1f\x00\x00\x00ir\t\x00\x00\x00s\x00P\x96\xd1\xa1\\\xa3\xe4c\x7fw\xc3K\xb2\\\xc3}\xa1Fo\x18\xf6\xdcC\x92+2\x94\x95u\xad\xf0\xca\xb3\xcdB\xd8\xe2\xb6( \xd98\x1f\x87\xb2\xacJ\x9a[hY\xfd\xe3y\xd9v\xfeL\xff\x98|\xabH\xafe\x9eD\"d\xbb)\xa7YX%,j\xf83\xa6\x9b\xff\xcb\xb8\xb3\x1d\xf3\x9fp[\xe9\xf1\xa7\xa4~(@\xd7\xb2\xa2.L\xdaG\xe8\x9c\x05\xd4aMq\x9d\x91\"\xd5\xca\xc8\x00\xee:_\x94\x84C\xf1\x01ad\xb2\xa3c\x03\xf9\xa7\x12h&\xb12\xab\xca\x86\x89\xb0\xfe\xb56T\xb7;\xf3\x91\x1dU\x1e\xaaQ\x98n!\x83\x14\xb1\xe2\x16') preadv(r6, &(0x7f0000000480), 0x2000000000000113, 0x0) [ 597.062634][T22265] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:09 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:09 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1600000000000000, 0x0, 0x0) 01:50:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:09 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 597.269505][ T26] audit: type=1804 audit(1556243409.937:87): pid=22282 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/740/file0" dev="sda1" ino=16811 res=1 01:50:10 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:10 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:10 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 597.419839][ T26] audit: type=1804 audit(1556243410.087:88): pid=22295 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir527343697/syzkaller.y4YxBG/854/file0" dev="sda1" ino=16837 res=1 [ 597.498047][T22299] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 597.542053][ T26] audit: type=1804 audit(1556243410.147:89): pid=22299 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/741/file0" dev="sda1" ino=16808 res=1 01:50:10 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:10 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1700000000000000, 0x0, 0x0) 01:50:10 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 597.726167][T22315] binder_transaction: 57 callbacks suppressed [ 597.726183][T22315] binder: 22313:22315 transaction failed 29189/-22, size 64-16 line 2995 [ 597.741494][ T5] binder_release_work: 57 callbacks suppressed [ 597.741501][ T5] binder: undelivered TRANSACTION_ERROR: 29189 01:50:10 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 597.775052][T22316] binder_fixup_parent: 37 callbacks suppressed [ 597.775063][T22316] binder: 22314:22316 got transaction with invalid parent offset or type [ 597.830277][T22316] binder: 22314:22316 transaction failed 29201/-22, size 64-16 line 3389 [ 597.839861][T22323] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 597.857353][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 597.872431][T22332] binder: 22314:22332 got transaction with invalid parent offset or type [ 597.887027][T22333] binder: 22330:22333 got transaction with invalid parent offset or type [ 597.911681][T22332] binder: 22314:22332 transaction failed 29201/-22, size 64-16 line 3389 [ 597.922535][T22333] binder: 22330:22333 transaction failed 29201/-22, size 64-16 line 3389 01:50:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 597.940494][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 597.961829][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:10 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:10 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1800000000000000, 0x0, 0x0) 01:50:10 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 598.036102][T22337] binder: 22336:22337 transaction failed 29189/-22, size 64-16 line 2995 [ 598.052888][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 598.098386][T22339] binder: 22338:22339 transaction failed 29189/-22, size 64-16 line 2995 [ 598.137627][T22345] binder: 22341:22345 got transaction with invalid parent offset or type [ 598.150752][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 598.170507][T22346] EXT4-fs: 2 callbacks suppressed [ 598.170521][T22346] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 598.197505][T22345] binder: 22341:22345 transaction failed 29201/-22, size 64-16 line 3389 [ 598.232723][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 598.239199][T22348] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 598.248201][T22353] binder: 22341:22353 got transaction with invalid parent offset or type [ 598.258394][T22354] binder: 22351:22354 got transaction with invalid parent offset or type [ 598.284530][T22353] binder: 22341:22353 transaction failed 29201/-22, size 64-16 line 3389 [ 598.299865][T22354] binder: 22351:22354 transaction failed 29201/-22, size 64-16 line 3389 [ 598.310642][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 598.325660][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:11 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:11 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:11 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:11 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1900008000000000, 0x0, 0x0) 01:50:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 598.426595][T22364] binder: 22363:22364 transaction failed 29189/-22, size 64-16 line 2995 [ 598.442032][T22360] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 598.453224][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 598.465602][T22368] binder: 22366:22368 got transaction with invalid parent offset or type 01:50:11 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:11 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:11 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 598.534454][T22374] binder_alloc: 22366: binder_alloc_buf failed to map pages in userspace, no vma 01:50:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:11 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 598.710636][T22386] binder: 22380:22386 got transaction with invalid parent offset or type [ 598.746918][T22387] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 598.768149][T22390] binder: 22380:22390 got transaction with invalid parent offset or type 01:50:11 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:11 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1a00008000000000, 0x0, 0x0) 01:50:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:11 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 598.876558][T22392] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 598.921635][T22401] binder: 22400:22401 got transaction with invalid parent offset or type 01:50:11 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:11 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 598.971794][T22403] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 598.997030][T22404] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:11 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:11 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 599.122317][T22413] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x1d00008000000000, 0x0, 0x0) 01:50:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:11 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:11 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x2800000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 599.222250][T22424] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 599.265299][T22426] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:12 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x3800000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:12 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:12 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:12 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 599.462873][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 599.462888][ T26] audit: type=1804 audit(1556243412.137:101): pid=22444 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/746/file0" dev="sda1" ino=16832 res=1 01:50:12 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0) [ 599.558031][ T26] audit: type=1804 audit(1556243412.227:102): pid=22453 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir527343697/syzkaller.y4YxBG/862/file0" dev="sda1" ino=16761 res=1 01:50:12 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:12 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:12 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:12 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 599.772160][ T26] audit: type=1804 audit(1556243412.447:103): pid=22465 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/747/file0" dev="sda1" ino=16809 res=1 01:50:12 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 599.908193][T22472] binder: BINDER_SET_CONTEXT_MGR already set [ 599.958335][T22472] binder: 22470:22472 ioctl 40046207 0 returned -16 01:50:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x3000000000000000, 0x0, 0x0) 01:50:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:12 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x5000000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:12 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:12 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:12 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 600.167002][T22490] binder: BINDER_SET_CONTEXT_MGR already set [ 600.191829][T22490] binder: 22488:22490 ioctl 40046207 0 returned -16 01:50:12 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 600.263243][ T26] audit: type=1804 audit(1556243412.937:104): pid=22496 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/748/file0" dev="sda1" ino=16779 res=1 01:50:13 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0) 01:50:13 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:13 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:13 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:13 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 600.679185][T22515] binder: BINDER_SET_CONTEXT_MGR already set [ 600.697014][ T26] audit: type=1804 audit(1556243413.367:105): pid=22518 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/749/file0" dev="sda1" ino=16812 res=1 01:50:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 600.742058][T22515] binder: 22514:22515 ioctl 40046207 0 returned -16 01:50:13 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:13 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:13 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:13 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 600.979928][T22534] binder: BINDER_SET_CONTEXT_MGR already set 01:50:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x5000000000000000, 0x0, 0x0) [ 601.025237][T22534] binder: 22533:22534 ioctl 40046207 0 returned -16 [ 601.079303][ T26] audit: type=1804 audit(1556243413.747:106): pid=22541 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/750/file0" dev="sda1" ino=16836 res=1 01:50:13 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:13 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:13 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 601.263136][T22552] binder: BINDER_SET_CONTEXT_MGR already set [ 601.318100][T22552] binder: 22550:22552 ioctl 40046207 0 returned -16 01:50:14 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:14 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0) 01:50:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:14 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:14 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:14 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:14 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 601.659867][ T26] audit: type=1804 audit(1556243414.327:107): pid=22581 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/751/file0" dev="sda1" ino=16779 res=1 [ 601.712201][T22589] binder: BINDER_SET_CONTEXT_MGR already set [ 601.718250][T22589] binder: 22582:22589 ioctl 40046207 0 returned -16 01:50:14 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xebffffff00000000, 0x0, 0x0) 01:50:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:14 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:14 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:14 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 602.008479][T22608] binder: BINDER_SET_CONTEXT_MGR already set [ 602.039844][T22608] binder: 22606:22608 ioctl 40046207 0 returned -16 01:50:14 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xfc01000000000000, 0x0, 0x0) 01:50:14 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:14 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:14 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:14 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 602.258401][ T26] audit: type=1804 audit(1556243414.927:108): pid=22625 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/752/file0" dev="sda1" ino=16657 res=1 01:50:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:15 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xfcfdffff00000000, 0x0, 0x0) 01:50:15 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:15 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:15 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:15 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:15 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0) [ 602.967270][T22659] binder_fixup_parent: 41 callbacks suppressed [ 602.967280][T22659] binder: 22658:22659 got transaction with invalid parent offset or type [ 602.975827][T22662] binder: 22654:22662 got transaction with invalid parent offset or type [ 603.001250][T22662] binder_transaction: 63 callbacks suppressed [ 603.001266][T22662] binder: 22654:22662 transaction failed 29201/-22, size 64-16 line 3389 [ 603.008391][T22659] binder: 22658:22659 transaction failed 29201/-22, size 64-16 line 3389 [ 603.058392][ T5] binder_release_work: 63 callbacks suppressed [ 603.058400][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 603.085086][ T26] audit: type=1804 audit(1556243415.747:109): pid=22668 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/753/file0" dev="sda1" ino=16853 res=1 01:50:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:15 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)) [ 603.123997][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 603.158118][T22659] binder: BINDER_SET_CONTEXT_MGR already set 01:50:15 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 603.171732][T22670] binder: 22658:22670 transaction failed 29189/-22, size 64-16 line 2995 [ 603.201475][T22659] binder: 22658:22659 ioctl 40046207 0 returned -16 [ 603.222086][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:15 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 603.272744][T22673] binder: 22671:22673 transaction failed 29189/-22, size 64-16 line 2995 [ 603.282773][T20780] binder: undelivered TRANSACTION_ERROR: 29189 [ 603.314650][T22674] EXT4-fs: 24 callbacks suppressed [ 603.314660][T22674] EXT4-fs (sda1): re-mounted. Opts: 01:50:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xfe01000000000000, 0x0, 0x0) 01:50:16 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 603.363380][T22677] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 603.375918][T22681] binder: 22680:22681 got transaction with invalid parent offset or type [ 603.400633][T22681] binder: 22680:22681 transaction failed 29201/-22, size 64-16 line 3389 01:50:16 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)) [ 603.440977][T20780] binder: undelivered TRANSACTION_ERROR: 29201 [ 603.457935][T22682] binder: 22680:22682 got transaction with invalid parent offset or type 01:50:16 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 603.487273][T22682] binder: 22680:22682 transaction failed 29201/-22, size 64-16 line 3389 [ 603.501199][T22686] binder: 22683:22686 got transaction with invalid parent offset or type [ 603.543998][ T26] audit: type=1804 audit(1556243416.217:110): pid=22690 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/754/file0" dev="sda1" ino=16852 res=1 [ 603.580839][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 603.585423][T22686] binder: 22683:22686 transaction failed 29201/-22, size 64-16 line 3389 01:50:16 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 603.614406][T22685] EXT4-fs (sda1): re-mounted. Opts: [ 603.701568][T22695] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 603.708132][T20780] binder: undelivered TRANSACTION_ERROR: 29201 01:50:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:16 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 603.838890][T22700] binder: 22697:22700 got transaction with invalid parent offset or type [ 603.866856][T22702] binder: 22701:22702 got transaction with invalid parent offset or type 01:50:16 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xffefffffff7f0000, 0x0, 0x0) 01:50:16 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 603.900760][T22700] binder: 22697:22700 transaction failed 29201/-22, size 64-16 line 3389 [ 603.924451][T22702] binder: 22701:22702 transaction failed 29201/-22, size 64-16 line 3389 [ 603.937066][T20780] binder: undelivered TRANSACTION_ERROR: 29201 [ 603.959777][T22700] binder: BINDER_SET_CONTEXT_MGR already set [ 603.966750][T20780] binder: undelivered TRANSACTION_ERROR: 29201 [ 603.973752][T22704] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 603.980518][T22706] binder_alloc: 22697: binder_alloc_buf, no vma [ 603.988313][T22700] binder: 22697:22700 ioctl 40046207 0 returned -16 [ 603.999947][T22706] binder: 22697:22706 transaction failed 29189/-3, size 64-16 line 3148 01:50:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 604.016557][T20780] binder: undelivered TRANSACTION_ERROR: 29189 01:50:16 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:16 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00') preadv(r0, &(0x7f0000000480), 0x100000000000029c, 0x0) [ 604.136182][T22716] binder: 22715:22716 got transaction with invalid parent offset or type [ 604.180522][T22720] binder: 22717:22720 got transaction with invalid parent offset or type [ 604.195279][T22721] binder: 22715:22721 got transaction with invalid parent offset or type 01:50:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0x0) 01:50:16 executing program 4: r0 = msgget(0x1, 0x0) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000040)=""/214) mkdirat(0xffffffffffffff9c, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='net/packet\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0) preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000) syz_genetlink_get_family_id$ipvs(0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x5000aea5, 0x0) 01:50:16 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 604.237805][T22720] binder: transaction release 2767 bad handle 1, ret = -22 01:50:16 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 604.412876][T22736] binder: BINDER_SET_CONTEXT_MGR already set [ 604.444543][T22736] binder: 22734:22736 ioctl 40046207 0 returned -16 01:50:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0) 01:50:17 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:17 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) close(r1) openat$cgroup_ro(r0, &(0x7f00000000c0)='io.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0) readv(r1, &(0x7f0000000480), 0x260) 01:50:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 604.766525][T22759] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 1: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 604.856087][T22768] binder: BINDER_SET_CONTEXT_MGR already set 01:50:17 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x0, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0xffffffffff600000, 0x0, 0x0) [ 604.910465][T22768] binder: 22764:22768 ioctl 40046207 0 returned -16 01:50:17 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 1: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 605.056904][T22778] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:17 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) close(r1) openat$cgroup_ro(r0, &(0x7f00000000c0)='io.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0) readv(r1, &(0x7f0000000480), 0x260) 01:50:17 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x0, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:17 executing program 1: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x2) 01:50:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="8f07003d9d38be1a9bf1"], 0x1, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value, &(0x7f0000000140)=0x8) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:50:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 605.394138][T22798] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:18 executing program 1: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:18 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:18 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x0, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 605.544089][T22815] kvm: emulating exchange as write 01:50:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x3) 01:50:18 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:18 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r1, &(0x7f0000000080), 0x1c) epoll_create1(0x0) sendmmsg(r1, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) 01:50:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:18 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x0) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 605.871218][T22839] binder: BINDER_SET_CONTEXT_MGR already set 01:50:18 executing program 1: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 605.919907][T22839] binder: 22838:22839 ioctl 40046207 0 returned -16 01:50:18 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 605.985332][T22847] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x4) 01:50:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:18 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:18 executing program 1: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 606.231506][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 606.237402][ C1] protocol 88fb is buggy, dev hsr_slave_1 01:50:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r1, 0x80045518, 0x0) 01:50:19 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x5) 01:50:19 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:19 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x0) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:19 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r2 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r2, &(0x7f0000000080), 0x1c) epoll_create1(0x0) sendmmsg(r2, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) 01:50:19 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:19 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 607.048942][T22881] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:19 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x0) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x6) 01:50:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:19 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:20 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 607.379308][T22912] binder: BINDER_SET_CONTEXT_MGR already set [ 607.421807][T22912] binder: 22911:22912 ioctl 40046207 0 returned -16 01:50:20 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:20 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 607.511588][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 607.517403][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 607.523264][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 607.523304][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 607.534855][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 607.540628][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 607.591498][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 607.597471][ C0] protocol 88fb is buggy, dev hsr_slave_1 01:50:20 executing program 4: 01:50:20 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x7) 01:50:20 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:20 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 608.272984][T22938] binder_transaction: 46 callbacks suppressed [ 608.273003][T22938] binder: 22935:22938 transaction failed 29189/-22, size 64-16 line 2995 [ 608.293615][T22939] binder_fixup_parent: 27 callbacks suppressed [ 608.293624][T22939] binder: 22936:22939 got transaction with invalid parent offset or type [ 608.299924][T22939] binder: 22936:22939 transaction failed 29201/-22, size 64-16 line 3389 01:50:21 executing program 4: [ 608.331982][ T3480] binder_release_work: 46 callbacks suppressed [ 608.331990][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 608.359345][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 01:50:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:21 executing program 4: [ 608.437855][T22939] binder: BINDER_SET_CONTEXT_MGR already set [ 608.460076][T22953] binder: 22936:22953 got transaction with invalid parent offset or type 01:50:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x8) [ 608.486820][T22958] binder: 22956:22958 got transaction with invalid parent offset or type [ 608.501033][T22958] binder: 22956:22958 transaction failed 29201/-22, size 64-16 line 3389 [ 608.512022][T22939] binder: 22936:22939 ioctl 40046207 0 returned -16 [ 608.519032][T22953] binder: 22936:22953 transaction failed 29201/-22, size 64-16 line 3389 01:50:21 executing program 4: [ 608.552655][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 01:50:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 608.600239][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 01:50:21 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:21 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:21 executing program 4: [ 608.682455][T22964] binder: 22963:22964 transaction failed 29189/-22, size 64-16 line 2995 01:50:21 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 608.730651][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 608.752428][T22969] binder: 22967:22969 got transaction with invalid parent offset or type 01:50:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 608.797486][T22969] binder: 22967:22969 transaction failed 29201/-22, size 64-16 line 3389 01:50:21 executing program 4: [ 608.843594][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 608.865554][T22975] binder: 22967:22975 got transaction with invalid parent offset or type 01:50:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x9) 01:50:21 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 608.886015][T22979] binder: 22977:22979 got transaction with invalid parent offset or type [ 608.914839][T22974] EXT4-fs: 2 callbacks suppressed [ 608.914909][T22974] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 608.918320][T22979] binder: 22977:22979 transaction failed 29201/-22, size 64-16 line 3389 [ 608.946317][T22975] binder: 22967:22975 transaction failed 29201/-22, size 64-16 line 3389 01:50:21 executing program 4: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]}) sendto$unix(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0xc804, 0x0, 0x0) [ 608.972702][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 609.000615][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 01:50:21 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 609.020524][T22983] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 609.143829][T22993] binder: 22992:22993 transaction failed 29189/-22, size 64-16 line 2995 [ 609.162968][T22994] binder: 22991:22994 got transaction with invalid parent offset or type [ 609.177436][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 01:50:21 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:21 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xa) [ 609.191666][T22994] binder: 22991:22994 transaction failed 29201/-22, size 64-16 line 3389 01:50:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 609.262228][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 609.273325][T22998] binder: BINDER_SET_CONTEXT_MGR already set [ 609.279380][T22998] binder: 22991:22998 ioctl 40046207 0 returned -16 [ 609.307053][T22999] binder: 22991:22999 got transaction with invalid parent offset or type [ 609.349496][T23004] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 609.378912][T23007] binder: 23006:23007 got transaction with invalid parent offset or type [ 609.388562][T22996] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:22 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:22 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) creat(&(0x7f0000000180)='./file0\x00', 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x100000000a, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_execute_func(&(0x7f0000000340)="c462653dce0fbdc52ecd8080000cc4e1ed64338a20d0d0f0408392300000002a6626f243e0ff0070e4c653fb0f450fbd27a95f5744be3c3b6446ddcb8f48508e307b8f69289bd19d670f381d6a2f67450f483bd1d97c7c63460f096161787896c401fe5ff666410fd7cae1b1c402010804f466400f38f556f6892a009f") [ 609.389268][T23007] binder: transaction release 2924 bad handle 1, ret = -22 01:50:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:22 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:22 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 609.506736][T23012] binder: 23010:23012 got transaction with invalid parent offset or type 01:50:22 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xb) 01:50:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:22 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_elf32(r1, &(0x7f00000002c0)=ANY=[@ANYRES64=r1], 0x15c) recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xffffffb1, &(0x7f0000000140)=[{&(0x7f0000000200)=""/156, 0x33f0f}], 0x1}}], 0x2, 0x0, 0x0) 01:50:22 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x2800, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 609.621623][T23022] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 609.646377][T23021] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:22 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:22 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:22 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 609.819968][T23040] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:22 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xc) 01:50:22 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 610.054253][T23053] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 610.103986][T23058] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:22 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 610.153867][T23078] binder: BINDER_SET_CONTEXT_MGR already set [ 610.184811][T23078] binder: 23072:23078 ioctl 40046207 0 returned -16 [ 610.304037][T23086] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000580)=[@flat={0x77622a85}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xd) 01:50:23 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:23 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 610.486796][T23101] binder: BINDER_SET_CONTEXT_MGR already set 01:50:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 610.542557][T23101] binder: 23098:23101 ioctl 40046207 0 returned -16 [ 610.580084][ T5] binder: send failed reply for transaction 2984 to 23098:23105 [ 610.605927][ T5] binder_release_work: 4 callbacks suppressed [ 610.605932][ T5] binder: undelivered TRANSACTION_COMPLETE [ 610.622848][T23111] binder_alloc: 23098: binder_alloc_buf, no vma 01:50:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xe) 01:50:23 executing program 4: syz_emit_ethernet(0x46, &(0x7f0000001180)={@link_local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1e9104", 0x10, 0x0, 0x0, @empty, @ipv4={[], [], @dev}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "117854", 0x0, "f6798e"}}}}}}}, 0x0) 01:50:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x5000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xf) 01:50:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:23 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:24 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x10) 01:50:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:24 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x11) 01:50:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:24 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:25 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x12) 01:50:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:25 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x13) 01:50:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:25 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 613.185431][T23270] binder: 23268:23270 got transaction with invalid offset (0, min 0 max 10) or object. 01:50:25 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 613.305042][T23276] binder_fixup_parent: 42 callbacks suppressed [ 613.305052][T23276] binder: 23273:23276 got transaction with invalid parent offset or type 01:50:26 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) [ 613.408104][T23276] binder_transaction: 62 callbacks suppressed [ 613.408123][T23276] binder: 23273:23276 transaction failed 29201/-22, size 64-16 line 3389 01:50:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x14) [ 613.469263][T23288] binder: 23283:23288 got transaction with invalid parent offset or type [ 613.494567][ T3480] binder_release_work: 63 callbacks suppressed [ 613.494575][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 613.517869][T23276] binder: BINDER_SET_CONTEXT_MGR already set [ 613.517888][T23290] binder_alloc: 23273: binder_alloc_buf, no vma [ 613.549487][T23276] binder: 23273:23276 ioctl 40046207 0 returned -16 [ 613.561551][T23288] binder: transaction release 3112 bad handle 1, ret = -22 01:50:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 613.580535][T23290] binder: 23273:23290 transaction failed 29189/-3, size 64-16 line 3148 [ 613.589845][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 [ 613.603650][T23288] binder: 23283:23288 transaction failed 29201/-22, size 94-16 line 3389 01:50:26 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 613.646678][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 01:50:26 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x0) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:26 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 613.741695][T23298] binder: 23297:23298 got transaction with invalid parent offset or type [ 613.812110][T23298] binder: 23297:23298 transaction failed 29201/-22, size 64-16 line 3389 [ 613.830489][T23307] binder: 23303:23307 got transaction with invalid parent offset or type [ 613.844686][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 613.848421][T23298] binder: BINDER_SET_CONTEXT_MGR already set 01:50:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x15) [ 613.868118][T23307] binder: 23303:23307 transaction failed 29201/-22, size 99-16 line 3389 [ 613.901604][T23298] binder: 23297:23298 ioctl 40046207 0 returned -16 [ 613.909528][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f5e0ff, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:26 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 613.962422][T23308] EXT4-fs: 16 callbacks suppressed [ 613.962509][T23308] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 614.019374][T23311] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 614.057006][T23319] binder: 23318:23319 transaction failed 29189/-22, size 99999999-16 line 2995 01:50:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 614.105978][ T5] binder: undelivered TRANSACTION_ERROR: 29189 01:50:26 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 614.196212][T23324] binder: 23322:23324 got transaction with invalid parent offset or type [ 614.225020][T23324] binder: 23322:23324 transaction failed 29201/-22, size 64-16 line 3389 01:50:26 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x0) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:26 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 614.244692][T23330] binder: 23329:23330 got transaction with invalid offsets size, 2 [ 614.276393][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 614.285832][T23324] binder: BINDER_SET_CONTEXT_MGR already set [ 614.302917][T23330] binder: 23329:23330 transaction failed 29201/-22, size 64-2 line 3202 [ 614.329522][T23332] binder: 23322:23332 transaction failed 29189/-22, size 64-16 line 2995 [ 614.344554][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x16) 01:50:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 614.359778][T23324] binder: 23322:23324 ioctl 40046207 0 returned -16 [ 614.368358][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 [ 614.404318][T23331] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 614.429693][T23343] binder: 23339:23343 transaction failed 29189/-22, size 64-3 line 2995 [ 614.447309][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:27 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 614.562735][T23337] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:27 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 614.617628][T23351] binder: 23349:23351 got transaction with invalid parent offset or type [ 614.638493][T23356] binder: 23352:23356 got transaction with invalid offsets size, 2 [ 614.657394][T23357] binder: 23349:23357 got transaction with invalid parent offset or type 01:50:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x17) 01:50:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:27 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:27 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x0, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 614.891747][T23371] binder: 23369:23371 got transaction with invalid parent offset or type [ 614.904323][T23370] binder: 23368:23370 got transaction with invalid offsets size, 2 [ 614.921140][T23374] binder: 23372:23374 got transaction with invalid offsets size, 6 [ 614.949070][T23377] binder: 23369:23377 got transaction with invalid parent offset or type 01:50:27 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x7, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:27 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x28000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 615.001951][T23373] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x8, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 615.117563][T23386] binder: 23384:23386 got transaction with invalid parent offset or type [ 615.122198][T23382] binder: 23381:23382 got transaction with invalid offsets size, 2 01:50:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x18) 01:50:27 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x38000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:27 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x0, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x9, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) [ 615.328164][T23402] binder: 23401:23402 got transaction with invalid offsets size, 9 [ 615.345019][T23399] binder: BINDER_SET_CONTEXT_MGR already set [ 615.351107][T23399] binder: 23396:23399 ioctl 40046207 0 returned -16 01:50:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xa, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 615.393274][T23398] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:28 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 615.506356][T23408] EXT4-fs (sda1): re-mounted. Opts: 01:50:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xb, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x30) 01:50:28 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 615.731231][T23420] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 615.750793][T23431] binder: 23426:23431 got transaction with invalid offsets size, 11 01:50:28 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:28 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xc, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 615.957900][T23436] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 615.991906][T23444] binder: BINDER_SET_CONTEXT_MGR already set 01:50:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x50) [ 616.009545][T23444] binder: 23438:23444 ioctl 40046207 0 returned -16 01:50:28 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 616.054849][T23440] EXT4-fs (sda1): re-mounted. Opts: 01:50:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xd, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x50000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:28 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 616.208548][T23459] binder: 23455:23459 got transaction with invalid offsets size, 13 01:50:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xe, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 1: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xc0) 01:50:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x2800000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 616.440849][T23473] binder: 23470:23473 got transaction with invalid offsets size, 14 01:50:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x11, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 1: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:29 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) [ 616.564564][T23483] binder: BINDER_SET_CONTEXT_MGR already set [ 616.589214][T23483] binder: 23480:23483 ioctl 40046207 0 returned -16 01:50:29 executing program 1: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x12, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 616.758510][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 616.758525][ T26] audit: type=1804 audit(1556243429.427:113): pid=23491 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/760/file0" dev="sda1" ino=17505 res=1 01:50:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 01:50:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1fc) 01:50:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2f, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:29 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 616.946772][T23509] binder: 23507:23509 ioctl c0306201 0 returned -14 [ 616.970419][T23512] binder: 23511:23512 got transaction with invalid offsets size, 47 [ 616.982543][T23510] binder: BINDER_SET_CONTEXT_MGR already set [ 616.991834][T23510] binder: 23508:23510 ioctl 40046207 0 returned -16 01:50:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 01:50:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5e, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 617.123945][ T26] audit: type=1804 audit(1556243429.797:114): pid=23516 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/761/file0" dev="sda1" ino=17457 res=1 01:50:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x63, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 617.199933][T23528] binder: 23524:23528 ioctl c0306201 0 returned -14 01:50:29 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 01:50:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1fe) [ 617.321044][T23533] binder_alloc: 23522: binder_alloc_buf failed to map pages in userspace, no vma 01:50:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x223, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 617.438894][T23538] binder: 23536:23538 ioctl c0306201 0 returned -14 01:50:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 617.496017][ T26] audit: type=1804 audit(1556243430.167:115): pid=23543 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/762/file0" dev="sda1" ino=17575 res=1 01:50:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5f5e0ff, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 617.667888][T23558] binder_alloc: 23549: binder_alloc_buf size 100000064 failed, no address space [ 617.688505][T23558] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 01:50:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x300) 01:50:30 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 01:50:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 617.842985][ T26] audit: type=1804 audit(1556243430.517:116): pid=23564 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/763/file0" dev="sda1" ino=17569 res=1 01:50:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x223, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x500) 01:50:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) [ 618.095322][ T26] audit: type=1804 audit(1556243430.767:117): pid=23584 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/764/file0" dev="sda1" ino=17233 res=1 01:50:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x5}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) 01:50:30 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:30 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:31 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 618.421725][T23610] binder_fixup_parent: 30 callbacks suppressed [ 618.421735][T23610] binder: 23605:23610 got transaction with invalid parent offset or type [ 618.423440][ T26] audit: type=1804 audit(1556243431.097:118): pid=23607 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/765/file0" dev="sda1" ino=17583 res=1 [ 618.439635][T23611] binder: 23609:23611 got transaction with invalid parent offset or type 01:50:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) [ 618.471814][T23610] binder_transaction: 63 callbacks suppressed [ 618.471839][T23610] binder: 23605:23610 transaction failed 29201/-22, size 64-16 line 3389 01:50:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x600) [ 618.515050][T23610] binder: BINDER_SET_CONTEXT_MGR already set [ 618.539304][T23610] binder: 23605:23610 ioctl 40046207 0 returned -16 [ 618.539361][ T5] binder_release_work: 63 callbacks suppressed [ 618.539368][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:31 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 618.546463][T23611] binder: transaction release 3300 bad handle 2, ret = -22 [ 618.568498][T23613] binder: 23605:23613 transaction failed 29189/-22, size 64-16 line 2995 [ 618.578355][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 [ 618.595986][T23611] binder: 23609:23611 transaction failed 29201/-22, size 64-16 line 3389 01:50:31 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 618.632984][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:31 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 618.720088][T23621] binder: 23616:23621 got transaction with invalid parent offset or type [ 618.740239][T23621] binder: 23616:23621 transaction failed 29201/-22, size 64-16 line 3389 [ 618.755482][T23624] binder: 23619:23624 got transaction with invalid offset (0, min 0 max 0) or object. [ 618.792445][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 618.797479][T23624] binder: 23619:23624 transaction failed 29201/-22, size 0-16 line 3242 [ 618.802647][T23621] binder: BINDER_SET_CONTEXT_MGR already set [ 618.851691][ T26] audit: type=1804 audit(1556243431.507:119): pid=23628 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/766/file0" dev="sda1" ino=17587 res=1 [ 618.853568][T23626] binder_alloc: 23616: binder_alloc_buf, no vma [ 618.882997][T23621] binder: 23616:23621 ioctl 40046207 0 returned -16 [ 618.884939][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:31 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:31 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:31 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x700) [ 619.027364][T23626] binder: 23622:23626 transaction failed 29189/-3, size 64-16 line 3148 [ 619.063730][T23637] binder: 23635:23637 got transaction with invalid offset (0, min 0 max 0) or object. [ 619.063761][T23636] binder: 23634:23636 got transaction with invalid parent offset or type [ 619.090533][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 [ 619.108575][T23637] binder: 23635:23637 transaction failed 29201/-22, size 0-16 line 3242 01:50:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x48}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 619.119196][ T26] audit: type=1804 audit(1556243431.787:120): pid=23640 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/767/file0" dev="sda1" ino=17581 res=1 [ 619.160852][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 619.165284][T23636] binder: 23634:23636 transaction failed 29201/-22, size 64-16 line 3389 01:50:31 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 619.199589][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 619.215309][T23636] binder: BINDER_SET_CONTEXT_MGR already set [ 619.229595][T23647] binder: 23634:23647 transaction failed 29189/-22, size 64-16 line 2995 01:50:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 619.246137][T23649] binder: 23646:23649 transaction failed 29189/-22, size 64-16 line 2995 [ 619.259651][T23636] binder: 23634:23636 ioctl 40046207 0 returned -16 [ 619.261764][T23645] EXT4-fs: 11 callbacks suppressed [ 619.261814][T23645] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 619.267249][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:32 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4c}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 619.345567][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 619.403394][ T26] audit: type=1804 audit(1556243432.077:121): pid=23653 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/768/file0" dev="sda1" ino=17591 res=1 01:50:32 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x60}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 619.506637][T23657] binder: 23655:23657 got transaction with invalid parent offset or type [ 619.516397][T23653] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 619.535423][T23664] binder: 23662:23664 got transaction with invalid offset (24, min 24 max 24) or object. 01:50:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x900) [ 619.575220][T23664] binder: transaction release 3323 bad handle 1, ret = -22 01:50:32 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:32 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x68}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 619.717394][T23667] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 619.742074][T23674] binder: 23672:23674 got transaction with invalid parent offset or type [ 619.786976][T23678] binder: 23676:23678 got transaction with invalid offset (24, min 24 max 24) or object. [ 619.813060][T23680] binder: 23672:23680 got transaction with invalid parent offset or type [ 619.836219][T23678] binder: transaction release 3332 bad handle 2, ret = -22 [ 619.854963][T23677] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:32 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 619.945724][T23685] binder: 23684:23685 got transaction with invalid parent offset or type 01:50:32 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xa00) 01:50:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6c}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:32 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 620.103442][T23694] binder: 23690:23694 got transaction with invalid parent offset or type [ 620.162579][T23693] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 620.169527][T23699] binder: 23690:23699 got transaction with invalid parent offset or type 01:50:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x74}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:32 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 620.244605][T23705] binder_transaction: 1 callbacks suppressed [ 620.244617][T23705] binder: 23702:23705 got transaction with invalid offsets size, 2 01:50:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xb00) [ 620.315000][T23704] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7a}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x2800000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:33 executing program 3: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x300}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x3800000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 620.555445][T23724] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:33 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x500}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xc00) 01:50:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x600}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 620.801096][ T26] audit: type=1804 audit(1556243433.467:122): pid=23743 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/772/file0" dev="sda1" ino=17583 res=1 01:50:33 executing program 3: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], 0x0}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x700}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:33 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], 0x0}}}], 0x0, 0x0, 0x0}) [ 621.169448][T23759] binder: BINDER_SET_CONTEXT_MGR already set [ 621.207218][T23759] binder: 23758:23759 ioctl 40046207 0 returned -16 [ 621.262059][ T3480] binder_thread_release: 4 callbacks suppressed [ 621.262113][ T3480] binder: release 23769:23771 transaction 3409 out, still active 01:50:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], 0x0}}}], 0x0, 0x0, 0x0}) [ 621.319579][ T3480] binder: undelivered TRANSACTION_COMPLETE [ 621.357318][ T3480] binder_send_failed_reply: 4 callbacks suppressed 01:50:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xd00) 01:50:34 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 621.357325][ T3480] binder: send failed reply for transaction 3409, target dead 01:50:34 executing program 3: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3f00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x5000000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 621.727578][T23796] binder: BINDER_SET_CONTEXT_MGR already set 01:50:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xe00) 01:50:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x700}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 621.784158][T23796] binder: 23791:23796 ioctl 40046207 0 returned -16 01:50:34 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 621.842180][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 621.842195][ T26] audit: type=1804 audit(1556243434.517:125): pid=23803 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/775/file0" dev="sda1" ino=17589 res=1 01:50:34 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 621.910063][T23803] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4c00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 621.955534][T23814] binder: BINDER_SET_CONTEXT_MGR already set [ 621.974431][T23814] binder: 23812:23814 ioctl 40046207 0 returned -16 [ 621.990507][T23815] binder_alloc: 23812: binder_alloc_buf, no vma [ 622.010189][T23816] binder_alloc: 23812: binder_alloc_buf, no vma [ 622.044526][T23818] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:34 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:34 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xf00) 01:50:34 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 622.263622][ T26] audit: type=1804 audit(1556243434.937:126): pid=23832 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/776/file0" dev="sda1" ino=17217 res=1 01:50:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 622.378461][T23842] binder: BINDER_SET_CONTEXT_MGR already set [ 622.388159][T23834] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 622.410070][T23842] binder: 23835:23842 ioctl 40046207 0 returned -16 01:50:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6c00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:35 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1100) 01:50:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7400}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7a00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 622.869462][ T26] audit: type=1804 audit(1556243435.537:127): pid=23871 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/777/file0" dev="sda1" ino=17574 res=1 01:50:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1200) 01:50:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x1000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x18]}}}], 0x0, 0x0, 0x0}) [ 623.028090][T23883] binder: BINDER_SET_CONTEXT_MGR already set 01:50:35 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 623.082533][T23883] binder: 23879:23883 ioctl 40046207 0 returned -16 [ 623.215042][ T26] audit: type=1804 audit(1556243435.887:128): pid=23892 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/778/file0" dev="sda1" ino=17591 res=1 01:50:35 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:35 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:36 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:36 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1300) [ 623.436121][ T26] audit: type=1804 audit(1556243436.107:129): pid=23903 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/803/file0" dev="sda1" ino=16897 res=1 [ 623.473829][T23907] binder_fixup_parent: 27 callbacks suppressed [ 623.473839][T23907] binder: 23905:23907 got transaction with invalid parent offset or type [ 623.508531][T23913] binder: 23906:23913 got transaction with invalid parent offset or type [ 623.513660][ T26] audit: type=1804 audit(1556243436.177:130): pid=23908 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/779/file0" dev="sda1" ino=17578 res=1 [ 623.549351][T23907] binder_transaction: 73 callbacks suppressed [ 623.549368][T23907] binder: 23905:23907 transaction failed 29201/-22, size 64-16 line 3389 [ 623.565614][T23913] binder: 23906:23913 transaction failed 29201/-22, size 64-16 line 3389 [ 623.582607][ T5] binder_release_work: 73 callbacks suppressed [ 623.582614][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 623.628179][T23907] binder: BINDER_SET_CONTEXT_MGR already set [ 623.650611][T23907] binder: 23905:23907 ioctl 40046207 0 returned -16 [ 623.650719][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:36 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 623.679637][T23917] binder: 23905:23917 transaction failed 29189/-22, size 64-16 line 2995 [ 623.707082][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 01:50:36 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 623.767197][T23921] binder: 23919:23921 transaction failed 29189/-22, size 64-16 line 2995 [ 623.776491][ T5] binder: undelivered TRANSACTION_ERROR: 29189 01:50:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x5000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:36 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:36 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r0, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 623.873813][ T26] audit: type=1804 audit(1556243436.547:131): pid=23925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/780/file0" dev="sda1" ino=17578 res=1 [ 623.892697][T23924] binder: 23923:23924 got transaction with invalid parent offset or type [ 623.906939][T23928] binder: 23926:23928 got transaction with invalid parent offset or type 01:50:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1400) [ 623.921786][T23928] binder: 23926:23928 transaction failed 29201/-22, size 64-16 line 3389 [ 623.930397][T23924] binder: 23923:23924 transaction failed 29201/-22, size 64-16 line 3389 [ 623.955504][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 623.962083][ T26] audit: type=1804 audit(1556243436.627:132): pid=23932 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/804/file0" dev="sda1" ino=17596 res=1 [ 623.989042][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 623.991044][T23924] binder: BINDER_SET_CONTEXT_MGR already set [ 624.009017][T23936] binder_alloc: 23923: binder_alloc_buf, no vma 01:50:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:36 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r0, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 624.054351][T23924] binder: 23923:23924 ioctl 40046207 0 returned -16 [ 624.081497][ T26] audit: type=1804 audit(1556243436.737:133): pid=23935 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir527343697/syzkaller.y4YxBG/954/file0" dev="sda1" ino=17601 res=1 [ 624.106325][T23936] binder: 23923:23936 transaction failed 29189/-3, size 64-16 line 3148 [ 624.106533][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 01:50:36 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 624.159382][T23943] binder: 23939:23943 transaction failed 29189/-22, size 64-16 line 2995 [ 624.182188][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 01:50:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 624.222130][T23947] binder: 23946:23947 got transaction with invalid parent offset or type [ 624.230961][ T26] audit: type=1804 audit(1556243436.897:134): pid=23944 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir768811279/syzkaller.CI7Xt0/805/file0" dev="sda1" ino=17596 res=1 01:50:36 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 624.268485][T23947] binder: 23946:23947 transaction failed 29201/-22, size 64-16 line 3389 01:50:37 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 624.308834][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 624.318920][T23947] binder: BINDER_SET_CONTEXT_MGR already set [ 624.348398][T23947] binder: 23946:23947 ioctl 40046207 0 returned -16 [ 624.352040][T23951] binder_alloc: 23946: binder_alloc_buf, no vma [ 624.375722][T23955] binder: 23950:23955 transaction failed 29189/-22, size 64-16 line 2995 [ 624.384922][T23944] EXT4-fs: 5 callbacks suppressed [ 624.384988][T23944] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 624.409519][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 01:50:37 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x20000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1500) [ 624.482922][T23958] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:37 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r0, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3f000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:37 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 624.539405][T23954] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 624.572452][T23966] binder: 23964:23966 got transaction with invalid parent offset or type [ 624.583887][T23967] binder: 23964:23967 got transaction with invalid parent offset or type 01:50:37 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 624.669191][T23973] binder: 23969:23973 got transaction with invalid parent offset or type [ 624.721725][T23973] binder: transaction release 3521 bad handle 1, ret = -22 [ 624.747398][T23979] binder: 23978:23979 got transaction with invalid parent offset or type 01:50:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x48000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:37 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 624.787889][T23981] binder: 23978:23981 got transaction with invalid parent offset or type [ 624.836634][T23977] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:37 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4c000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:37 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1600) 01:50:37 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:37 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 625.018990][T23993] binder: BINDER_SET_CONTEXT_MGR already set [ 625.055321][T23992] binder_alloc: 23987: binder_alloc_buf, no vma [ 625.062126][T23993] binder: 23990:23993 ioctl 40046207 0 returned -16 01:50:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x60000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:37 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1700) 01:50:37 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x68000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 625.279864][T24000] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 625.324765][T24003] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:38 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6c000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:38 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:38 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 625.530875][T24023] binder: BINDER_SET_CONTEXT_MGR already set 01:50:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x74000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 625.592095][T24026] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 625.592401][T24023] binder: 24021:24023 ioctl 40046207 0 returned -16 01:50:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1800) 01:50:38 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 625.716220][T24031] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7a000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:38 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 625.911939][T24042] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x2000) 01:50:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xfdfdffff}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 626.051754][T24059] binder: BINDER_SET_CONTEXT_MGR already set [ 626.089301][T24059] binder: 24052:24059 ioctl 40046207 0 returned -16 [ 626.098112][T24051] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xfffffdfd}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 4: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:39 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x3000) 01:50:39 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x100000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 4: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x200000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x3f00) 01:50:39 executing program 1: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x3, 0xc100) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692}]}, 0x18, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x300000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 3: r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000180)) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 626.838051][T24101] binder: BINDER_SET_CONTEXT_MGR already set [ 626.868019][T24101] binder: 24093:24101 ioctl 40046207 0 returned -16 [ 626.886449][ T26] kauditd_printk_skb: 16 callbacks suppressed [ 626.886465][ T26] audit: type=1804 audit(1556243439.557:151): pid=24103 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir527343697/syzkaller.y4YxBG/961/file0" dev="sda1" ino=17588 res=1 01:50:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x50, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x400000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x500000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 4: mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x4000) 01:50:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x600000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 627.233972][T24129] binder: BINDER_SET_CONTEXT_MGR already set [ 627.259692][T24129] binder: 24125:24129 ioctl 40046207 0 returned -16 01:50:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x700000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 4: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:40 executing program 1: creat(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}], [], 0x4800000000000000}) 01:50:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0) 01:50:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x5000) 01:50:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3f00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 1 (fault-call:1 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 4: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:40 executing program 3 (fault-call:10 fault-nth:0): creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) [ 627.849462][T24172] FAULT_INJECTION: forcing a failure. [ 627.849462][T24172] name failslab, interval 1, probability 0, space 0, times 0 [ 627.907851][T24172] CPU: 0 PID: 24172 Comm: syz-executor.1 Not tainted 5.1.0-rc6+ #85 [ 627.915889][T24172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.925986][T24172] Call Trace: [ 627.929294][T24172] dump_stack+0x172/0x1f0 [ 627.933660][T24172] should_fail.cold+0xa/0x15 [ 627.938260][T24172] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 627.944073][T24172] ? ___might_sleep+0x163/0x280 [ 627.948929][T24172] __should_failslab+0x121/0x190 [ 627.953871][T24172] should_failslab+0x9/0x14 [ 627.958382][T24172] kmem_cache_alloc_trace+0x2d1/0x760 [ 627.963765][T24172] ? kasan_check_read+0x11/0x20 [ 627.968615][T24172] ? do_raw_spin_unlock+0x57/0x270 [ 627.973733][T24172] ? _raw_spin_unlock+0x2d/0x50 [ 627.978607][T24172] binder_get_thread+0x1db/0x7c0 [ 627.983554][T24172] ? __might_sleep+0x95/0x190 [ 627.988336][T24172] binder_ioctl+0x1e5/0x183b [ 627.992935][T24172] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 627.999182][T24172] ? binder_thread_write+0x2820/0x2820 [ 628.004641][T24172] ? tomoyo_path_number_perm+0x263/0x520 [ 628.010285][T24172] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 628.016089][T24172] ? smack_log+0x415/0x540 [ 628.020525][T24172] ? binder_thread_write+0x2820/0x2820 [ 628.025986][T24172] do_vfs_ioctl+0xd6e/0x1390 [ 628.030599][T24172] ? ioctl_preallocate+0x210/0x210 [ 628.035709][T24172] ? smack_file_ioctl+0x196/0x310 [ 628.040729][T24172] ? smack_inode_rename+0x2d0/0x2d0 [ 628.045938][T24172] ? tomoyo_file_ioctl+0x23/0x30 [ 628.050871][T24172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 628.057119][T24172] ? security_file_ioctl+0x93/0xc0 [ 628.062235][T24172] ksys_ioctl+0xab/0xd0 [ 628.066399][T24172] __x64_sys_ioctl+0x73/0xb0 [ 628.070990][T24172] do_syscall_64+0x103/0x610 [ 628.075585][T24172] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 628.081476][T24172] RIP: 0033:0x458da9 [ 628.085368][T24172] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:50:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 628.106564][T24172] RSP: 002b:00007ff3f860fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 628.114976][T24172] RAX: ffffffffffffffda RBX: 00007ff3f860fc90 RCX: 0000000000458da9 [ 628.122943][T24172] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000003 [ 628.130915][T24172] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 628.139065][T24172] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3f86106d4 [ 628.147040][T24172] R13: 00000000004c010e R14: 00000000004d2468 R15: 0000000000000004 01:50:40 executing program 4: creat(0x0, 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 628.247870][T24180] FAULT_INJECTION: forcing a failure. [ 628.247870][T24180] name failslab, interval 1, probability 0, space 0, times 0 01:50:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4c00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 628.298755][T24172] binder: 24167:24172 ioctl c0306201 20000780 returned -12 [ 628.311088][T24180] CPU: 0 PID: 24180 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #85 [ 628.319117][T24180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.319125][T24180] Call Trace: [ 628.319154][T24180] dump_stack+0x172/0x1f0 [ 628.319179][T24180] should_fail.cold+0xa/0x15 [ 628.319201][T24180] ? retint_kernel+0x2d/0x2d [ 628.346022][T24180] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 628.351843][T24180] ? __should_failslab+0x14/0x190 [ 628.356877][T24180] __should_failslab+0x121/0x190 [ 628.361825][T24180] should_failslab+0x9/0x14 [ 628.366334][T24180] __kmalloc+0x2dc/0x740 [ 628.366350][T24180] ? fput_many+0x12c/0x1a0 [ 628.366369][T24180] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 628.366385][T24180] ? strnlen_user+0x1f0/0x280 [ 628.366400][T24180] ? __x64_sys_memfd_create+0x13c/0x470 [ 628.366418][T24180] __x64_sys_memfd_create+0x13c/0x470 [ 628.366438][T24180] ? memfd_fcntl+0x1550/0x1550 [ 628.375091][T24180] ? do_syscall_64+0x26/0x610 [ 628.375110][T24180] ? lockdep_hardirqs_on+0x418/0x5d0 [ 628.375128][T24180] ? trace_hardirqs_on+0x67/0x230 [ 628.375155][T24180] do_syscall_64+0x103/0x610 [ 628.386067][T24180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 628.386082][T24180] RIP: 0033:0x458da9 [ 628.386097][T24180] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 628.386105][T24180] RSP: 002b:00007f3609b94a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 628.386127][T24180] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458da9 [ 628.467869][T24180] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdd07 [ 628.475890][T24180] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 628.483872][T24180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3609b956d4 [ 628.491844][T24180] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000005 01:50:41 executing program 1 (fault-call:1 fault-nth:1): r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 628.518541][T24191] binder_fixup_parent: 26 callbacks suppressed [ 628.518552][T24191] binder: 24188:24191 got transaction with invalid parent offset or type [ 628.542542][T24192] binder: 24188:24192 got transaction with invalid parent offset or type 01:50:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x60ff) 01:50:41 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:41 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:41 executing program 3 (fault-call:10 fault-nth:1): creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) [ 628.610098][T24194] binder_transaction: 59 callbacks suppressed [ 628.610115][T24194] binder: 24193:24194 transaction failed 29189/-22, size 40-16 line 2995 [ 628.640230][ T8032] binder_release_work: 59 callbacks suppressed [ 628.640237][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 628.694661][T24199] binder: 24195:24199 transaction failed 29189/-22, size 64-16 line 2995 [ 628.709943][T24198] binder: 24197:24198 got transaction with invalid parent offset or type [ 628.744723][T20780] binder: undelivered TRANSACTION_ERROR: 29189 [ 628.756921][ T26] audit: type=1804 audit(1556243441.427:152): pid=24200 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/793/file0" dev="sda1" ino=17574 res=1 [ 628.782473][T24198] binder: 24197:24198 transaction failed 29201/-22, size 64-16 line 3389 01:50:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 628.790018][T24203] FAULT_INJECTION: forcing a failure. [ 628.790018][T24203] name failslab, interval 1, probability 0, space 0, times 0 [ 628.805082][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 628.834053][T24208] binder: 24197:24208 got transaction with invalid parent offset or type [ 628.851651][T24208] binder: 24197:24208 transaction failed 29201/-22, size 64-16 line 3389 [ 628.869030][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 628.915917][T24212] binder: 24210:24212 got transaction with invalid parent offset or type [ 628.925497][T24213] binder: 24209:24213 got transaction with invalid offset (24, min 40 max 40) or object. [ 628.943738][T24203] CPU: 0 PID: 24203 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #85 [ 628.951740][T24203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.961799][T24203] Call Trace: [ 628.961831][T24203] dump_stack+0x172/0x1f0 [ 628.961856][T24203] should_fail.cold+0xa/0x15 [ 628.961877][T24203] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 628.961901][T24203] ? ___might_sleep+0x163/0x280 [ 628.961923][T24203] __should_failslab+0x121/0x190 [ 628.961949][T24203] ? shmem_destroy_callback+0xc0/0xc0 [ 628.971348][T24212] binder: transaction release 3673 bad handle 1, ret = -22 [ 628.974127][T24203] should_failslab+0x9/0x14 [ 628.974144][T24203] kmem_cache_alloc+0x2b2/0x6f0 [ 628.974165][T24203] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 628.974182][T24203] ? shmem_destroy_callback+0xc0/0xc0 [ 628.974199][T24203] shmem_alloc_inode+0x1c/0x50 [ 628.974215][T24203] alloc_inode+0x66/0x190 [ 628.974231][T24203] new_inode_pseudo+0x19/0xf0 [ 628.974254][T24203] new_inode+0x1f/0x40 [ 628.980233][T24212] binder: 24210:24212 transaction failed 29201/-22, size 64-16 line 3389 [ 628.984900][T24203] shmem_get_inode+0x84/0x7e0 [ 628.984925][T24203] __shmem_file_setup.part.0+0x7e/0x2b0 [ 628.984947][T24203] shmem_file_setup+0x66/0x90 01:50:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6c00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:41 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 628.984964][T24203] __x64_sys_memfd_create+0x2a2/0x470 [ 628.984980][T24203] ? memfd_fcntl+0x1550/0x1550 [ 628.985001][T24203] ? do_syscall_64+0x26/0x610 [ 628.995285][T24203] ? lockdep_hardirqs_on+0x418/0x5d0 [ 628.995311][T24203] ? trace_hardirqs_on+0x67/0x230 [ 628.995331][T24203] do_syscall_64+0x103/0x610 [ 628.995355][T24203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.005916][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 629.007025][T24203] RIP: 0033:0x458da9 [ 629.007041][T24203] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 629.007050][T24203] RSP: 002b:00007f3609b94a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 629.007065][T24203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458da9 [ 629.007074][T24203] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdd07 [ 629.007082][T24203] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 629.007098][T24203] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3609b956d4 [ 629.078514][T24203] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000005 [ 629.188804][T24213] binder: 24209:24213 transaction failed 29201/-22, size 40-16 line 3242 01:50:41 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 629.212408][T24216] binder: 24215:24216 transaction failed 29189/-22, size 64-16 line 2995 [ 629.226994][T20780] binder: undelivered TRANSACTION_ERROR: 29189 01:50:41 executing program 3 (fault-call:10 fault-nth:2): creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7400000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 629.258576][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 629.259303][T24218] binder: 24217:24218 got transaction with invalid parent offset or type [ 629.301657][T24218] binder: 24217:24218 transaction failed 29201/-22, size 64-16 line 3389 [ 629.331028][T24218] binder: BINDER_SET_CONTEXT_MGR already set [ 629.353230][T24218] binder: 24217:24218 ioctl 40046207 0 returned -16 [ 629.357203][T20780] binder: undelivered TRANSACTION_ERROR: 29201 [ 629.364245][T24224] binder: 24222:24224 transaction failed 29189/-22, size 64-16 line 2995 [ 629.381404][T24221] binder: 24217:24221 transaction failed 29189/-22, size 64-16 line 2995 [ 629.401480][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 [ 629.407811][ T26] audit: type=1804 audit(1556243442.067:153): pid=24223 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/794/file0" dev="sda1" ino=17639 res=1 [ 629.435574][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 [ 629.472208][T24228] FAULT_INJECTION: forcing a failure. [ 629.472208][T24228] name failslab, interval 1, probability 0, space 0, times 0 [ 629.526379][T24228] CPU: 0 PID: 24228 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #85 [ 629.534402][T24228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.534410][T24228] Call Trace: [ 629.534440][T24228] dump_stack+0x172/0x1f0 [ 629.534464][T24228] should_fail.cold+0xa/0x15 [ 629.534480][T24228] ? find_held_lock+0x35/0x130 [ 629.534500][T24228] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 629.534524][T24228] ? ___might_sleep+0x163/0x280 [ 629.534545][T24228] __should_failslab+0x121/0x190 [ 629.534562][T24228] should_failslab+0x9/0x14 [ 629.534580][T24228] kmem_cache_alloc+0x2b2/0x6f0 [ 629.534597][T24228] ? __put_user_ns+0x70/0x70 [ 629.534613][T24228] ? shmem_alloc_inode+0x1c/0x50 [ 629.534631][T24228] ? rcu_read_lock_sched_held+0x110/0x130 [ 629.534659][T24228] security_inode_alloc+0x39/0x160 [ 629.534684][T24228] inode_init_always+0x56e/0xb50 [ 629.548029][T24228] alloc_inode+0x83/0x190 [ 629.548046][T24228] new_inode_pseudo+0x19/0xf0 [ 629.548063][T24228] new_inode+0x1f/0x40 [ 629.548079][T24228] shmem_get_inode+0x84/0x7e0 [ 629.548110][T24228] __shmem_file_setup.part.0+0x7e/0x2b0 [ 629.635207][T24228] shmem_file_setup+0x66/0x90 [ 629.639899][T24228] __x64_sys_memfd_create+0x2a2/0x470 [ 629.645285][T24228] ? memfd_fcntl+0x1550/0x1550 [ 629.650060][T24228] ? do_syscall_64+0x26/0x610 [ 629.654750][T24228] ? lockdep_hardirqs_on+0x418/0x5d0 [ 629.660047][T24228] ? trace_hardirqs_on+0x67/0x230 [ 629.665089][T24228] do_syscall_64+0x103/0x610 [ 629.669717][T24228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.675616][T24228] RIP: 0033:0x458da9 [ 629.679521][T24228] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 629.699142][T24228] RSP: 002b:00007f3609b94a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 629.707576][T24228] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458da9 [ 629.715557][T24228] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdd07 01:50:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x7400) 01:50:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:42 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7a00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:42 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, 0x0, 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 629.723542][T24228] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 629.731523][T24228] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3609b956d4 [ 629.739506][T24228] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000005 01:50:42 executing program 3 (fault-call:10 fault-nth:3): creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xfdfdffff00000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 629.846983][T24237] binder: 24230:24237 got transaction with invalid parent offset or type [ 629.872168][ T26] audit: type=1804 audit(1556243442.547:154): pid=24239 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/795/file0" dev="sda1" ino=17646 res=1 [ 629.949579][T24247] binder: 24230:24247 got transaction with invalid parent offset or type [ 629.961981][T24248] binder: 24242:24248 got transaction with invalid parent offset or type 01:50:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:42 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 630.027666][T24246] FAULT_INJECTION: forcing a failure. [ 630.027666][T24246] name failslab, interval 1, probability 0, space 0, times 0 [ 630.070746][T24246] CPU: 0 PID: 24246 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #85 [ 630.078776][T24246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.088844][T24246] Call Trace: [ 630.092161][T24246] dump_stack+0x172/0x1f0 [ 630.098019][T24246] should_fail.cold+0xa/0x15 [ 630.102641][T24246] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 630.108478][T24246] ? ___might_sleep+0x163/0x280 [ 630.113346][T24246] __should_failslab+0x121/0x190 [ 630.118301][T24246] should_failslab+0x9/0x14 [ 630.122997][T24246] kmem_cache_alloc+0x2b2/0x6f0 [ 630.127859][T24246] ? retint_kernel+0x2d/0x2d [ 630.132469][T24246] __d_alloc+0x2e/0x8c0 [ 630.136637][T24246] ? alloc_file_pseudo+0x90/0x280 [ 630.141684][T24246] d_alloc_pseudo+0x1e/0x30 [ 630.146196][T24246] alloc_file_pseudo+0xe2/0x280 [ 630.151058][T24246] ? alloc_file+0x4d0/0x4d0 [ 630.155576][T24246] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 630.161839][T24246] __shmem_file_setup.part.0+0x108/0x2b0 [ 630.167497][T24246] shmem_file_setup+0x66/0x90 [ 630.172207][T24246] __x64_sys_memfd_create+0x2a2/0x470 [ 630.177599][T24246] ? memfd_fcntl+0x1550/0x1550 [ 630.182398][T24246] do_syscall_64+0x103/0x610 [ 630.187019][T24246] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.192951][T24246] RIP: 0033:0x458da9 [ 630.196867][T24246] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:50:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:42 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 630.216581][T24246] RSP: 002b:00007f3609b94a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 630.225016][T24246] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458da9 [ 630.233007][T24246] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdd07 [ 630.241026][T24246] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 630.249011][T24246] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3609b956d4 [ 630.256998][T24246] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000005 [ 630.366517][ T26] audit: type=1804 audit(1556243443.037:155): pid=24256 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/796/file0" dev="sda1" ino=17648 res=1 [ 630.393767][T24257] binder: 24254:24257 got transaction with invalid parent offset or type 01:50:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x9400) 01:50:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:43 executing program 3 (fault-call:10 fault-nth:4): creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 630.626885][ T26] audit: type=1804 audit(1556243443.297:156): pid=24273 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/797/file0" dev="sda1" ino=17591 res=1 01:50:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x5}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 630.757300][T24282] binder: BINDER_SET_CONTEXT_MGR already set [ 630.777394][T24283] FAULT_INJECTION: forcing a failure. [ 630.777394][T24283] name failslab, interval 1, probability 0, space 0, times 0 01:50:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfc01) [ 630.831852][T24282] binder: 24279:24282 ioctl 40046207 0 returned -16 [ 630.855595][T24283] CPU: 0 PID: 24283 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #85 [ 630.863631][T24283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.873723][T24283] Call Trace: [ 630.877038][T24283] dump_stack+0x172/0x1f0 [ 630.881390][T24283] should_fail.cold+0xa/0x15 [ 630.886005][T24283] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 630.891830][T24283] ? ___might_sleep+0x163/0x280 [ 630.896701][T24283] __should_failslab+0x121/0x190 [ 630.901660][T24283] should_failslab+0x9/0x14 [ 630.906172][T24283] kmem_cache_alloc+0x2b2/0x6f0 [ 630.911067][T24283] __alloc_file+0x27/0x300 [ 630.915492][T24283] alloc_empty_file+0x72/0x170 [ 630.920269][T24283] alloc_file+0x5e/0x4d0 [ 630.924522][T24283] alloc_file_pseudo+0x189/0x280 [ 630.929459][T24283] ? alloc_file+0x4d0/0x4d0 [ 630.933985][T24283] ? alloc_file_pseudo+0x1f/0x280 [ 630.939016][T24283] __shmem_file_setup.part.0+0x108/0x2b0 [ 630.944658][T24283] shmem_file_setup+0x66/0x90 [ 630.949333][T24283] __x64_sys_memfd_create+0x2a2/0x470 [ 630.954730][T24283] ? memfd_fcntl+0x1550/0x1550 [ 630.959507][T24283] ? do_syscall_64+0x26/0x610 [ 630.964182][T24283] ? lockdep_hardirqs_on+0x418/0x5d0 [ 630.969564][T24283] ? trace_hardirqs_on+0x67/0x230 [ 630.974594][T24283] do_syscall_64+0x103/0x610 [ 630.979192][T24283] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.985083][T24283] RIP: 0033:0x458da9 [ 630.988975][T24283] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 631.008586][T24283] RSP: 002b:00007f3609b94a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 631.017007][T24283] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458da9 [ 631.024991][T24283] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdd07 01:50:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 631.032974][T24283] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 631.041309][T24283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3609b956d4 [ 631.049296][T24283] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000005 01:50:43 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x2800, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 631.076844][ T26] audit: type=1804 audit(1556243443.747:157): pid=24296 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/798/file0" dev="sda1" ino=17624 res=1 01:50:43 executing program 3 (fault-call:10 fault-nth:5): creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfe01) 01:50:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 631.261832][T24304] binder: BINDER_SET_CONTEXT_MGR already set [ 631.267876][T24304] binder: 24303:24304 ioctl 40046207 0 returned -16 [ 631.306014][T24311] binder: BINDER_SET_CONTEXT_MGR already set [ 631.327875][T24308] FAULT_INJECTION: forcing a failure. [ 631.327875][T24308] name failslab, interval 1, probability 0, space 0, times 0 [ 631.351335][T24311] binder: 24306:24311 ioctl 40046207 20000780 returned -16 [ 631.363071][T24308] CPU: 0 PID: 24308 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #85 [ 631.371075][T24308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.381138][T24308] Call Trace: [ 631.384440][T24308] dump_stack+0x172/0x1f0 [ 631.388778][T24308] should_fail.cold+0xa/0x15 [ 631.394163][T24308] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 631.399982][T24308] ? ___might_sleep+0x163/0x280 [ 631.404840][T24308] __should_failslab+0x121/0x190 [ 631.409779][T24308] should_failslab+0x9/0x14 [ 631.414285][T24308] kmem_cache_alloc+0x2b2/0x6f0 [ 631.419142][T24308] ? rcu_read_lock_sched_held+0x110/0x130 [ 631.424865][T24308] ? kmem_cache_alloc+0x32e/0x6f0 [ 631.429902][T24308] security_file_alloc+0x39/0x170 [ 631.434951][T24308] __alloc_file+0xac/0x300 [ 631.439374][T24308] alloc_empty_file+0x72/0x170 [ 631.444143][T24308] alloc_file+0x5e/0x4d0 [ 631.448388][T24308] alloc_file_pseudo+0x189/0x280 [ 631.453871][T24308] ? alloc_file+0x4d0/0x4d0 [ 631.458404][T24308] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 631.464675][T24308] __shmem_file_setup.part.0+0x108/0x2b0 [ 631.470337][T24308] shmem_file_setup+0x66/0x90 [ 631.475025][T24308] __x64_sys_memfd_create+0x2a2/0x470 [ 631.480404][T24308] ? memfd_fcntl+0x1550/0x1550 [ 631.485183][T24308] do_syscall_64+0x103/0x610 [ 631.489794][T24308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 631.495777][T24308] RIP: 0033:0x458da9 [ 631.499672][T24308] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 631.519283][T24308] RSP: 002b:00007f3609b94a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 631.527713][T24308] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458da9 [ 631.535690][T24308] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdd07 [ 631.543670][T24308] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 01:50:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x3800, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 631.551645][T24308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3609b956d4 [ 631.560079][T24308] R13: 00000000004c78a9 R14: 00000000004dd8c8 R15: 0000000000000005 01:50:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x48}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 631.716131][T24322] binder: BINDER_SET_CONTEXT_MGR already set [ 631.755129][T24322] binder: 24321:24322 ioctl 40046207 0 returned -16 01:50:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4c}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 632.016904][ T26] audit: type=1804 audit(1556243444.687:158): pid=24335 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/799/file0" dev="sda1" ino=16820 res=1 01:50:44 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, 0x0) 01:50:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfec00) 01:50:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x60}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x5000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x68}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 632.191624][T24345] binder: BINDER_SET_CONTEXT_MGR already set [ 632.230767][T24345] binder: 24339:24345 ioctl 4018620d 20000780 returned -16 [ 632.265238][ T26] audit: type=1804 audit(1556243444.937:159): pid=24350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/800/file0" dev="sda1" ino=16869 res=1 [ 632.302454][T24349] EXT4-fs: 5 callbacks suppressed [ 632.302502][T24349] EXT4-fs (sda1): re-mounted. Opts: 01:50:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 632.360103][T24350] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:45 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6c}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfec01) 01:50:45 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x2, 0x0, 0x0, 0x2000022, 0x0) 01:50:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x74}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 632.657100][ T26] audit: type=1804 audit(1556243445.327:160): pid=24377 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/801/file0" dev="sda1" ino=16721 res=1 [ 632.659137][T24379] binder: BINDER_SET_CONTEXT_MGR already set 01:50:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7a}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 632.760448][T24384] EXT4-fs (sda1): re-mounted. Opts: [ 632.784375][T24379] binder: 24374:24379 ioctl 40046207 0 returned -16 01:50:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x300}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x100000) [ 632.842920][T24384] EXT4-fs (sda1): re-mounted. Opts: 01:50:45 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x3, 0x0, 0x0, 0x2000022, 0x0) 01:50:45 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x500}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 633.075470][ T26] audit: type=1804 audit(1556243445.747:161): pid=24409 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/802/file0" dev="sda1" ino=16689 res=1 01:50:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x200000) 01:50:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 633.122322][T24406] EXT4-fs (sda1): re-mounted. Opts: [ 633.137690][T24417] binder: BINDER_SET_CONTEXT_MGR already set [ 633.161859][T24417] binder: 24411:24417 ioctl 40046207 0 returned -16 01:50:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x600}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:45 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 633.230382][T24406] EXT4-fs (sda1): re-mounted. Opts: 01:50:45 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 633.267954][T24426] binder: 24425 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 633.267969][T24426] binder: 24425:24426 ioctl c018620c 20000780 returned -22 01:50:46 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x4, 0x0, 0x0, 0x2000022, 0x0) 01:50:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x700}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 633.313491][ T26] audit: type=1804 audit(1556243445.987:162): pid=24429 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/803/file0" dev="sda1" ino=16785 res=1 01:50:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x400000) [ 633.482350][T24439] EXT4-fs (sda1): re-mounted. Opts: [ 633.526289][T24447] binder_fixup_parent: 31 callbacks suppressed [ 633.546890][T24447] binder: 24446:24447 got transaction with invalid parent offset or type 01:50:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3f00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 633.662078][T24455] binder: 24453:24455 got transaction with invalid parent offset or type [ 633.670715][T24439] EXT4-fs (sda1): re-mounted. Opts: [ 633.692683][T24455] binder_transaction: 49 callbacks suppressed [ 633.692701][T24455] binder: 24453:24455 transaction failed 29201/-22, size 64-16 line 3389 01:50:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x507100) [ 633.709240][T24459] binder: 24456:24459 got transaction with invalid parent offset or type [ 633.724669][ T5] binder_release_work: 49 callbacks suppressed [ 633.724676][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 633.745662][T24459] binder: 24456:24459 transaction failed 29201/-22, size 64-16 line 3389 01:50:46 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:46 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x5, 0x0, 0x0, 0x2000022, 0x0) 01:50:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306202, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 633.759236][T24460] binder: BINDER_SET_CONTEXT_MGR already set [ 633.774003][T24460] binder: 24453:24460 ioctl 40046207 0 returned -16 [ 633.789082][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 633.798543][T24462] binder: 24453:24462 got transaction with invalid parent offset or type 01:50:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 633.842575][T24462] binder: 24453:24462 transaction failed 29201/-22, size 64-16 line 3389 [ 633.851196][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 633.881906][ T26] audit: type=1804 audit(1556243446.557:163): pid=24469 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/804/file0" dev="sda1" ino=16785 res=1 01:50:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 633.938800][T24467] EXT4-fs (sda1): re-mounted. Opts: [ 633.946136][T24474] binder: 24472:24474 ioctl c0306202 20000780 returned -22 [ 633.950805][T24476] binder: 24475:24476 got transaction with invalid parent offset or type [ 633.977464][T24476] binder: 24475:24476 transaction failed 29201/-22, size 64-16 line 3389 01:50:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4c00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 634.011221][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306203, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 634.070521][T24480] binder: 24479:24480 got transaction with invalid parent offset or type [ 634.079802][T24467] EXT4-fs (sda1): re-mounted. Opts: [ 634.108711][T24480] binder: 24479:24480 transaction failed 29201/-22, size 64-16 line 3389 [ 634.136556][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 634.147512][T24480] binder: BINDER_SET_CONTEXT_MGR already set [ 634.163029][T24480] binder: 24479:24480 ioctl 40046207 0 returned -16 [ 634.163357][T24483] binder_alloc: 24479: binder_alloc_buf, no vma 01:50:46 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x6, 0x0, 0x0, 0x2000022, 0x0) [ 634.179887][T24484] binder: 24479:24484 transaction failed 29189/-22, size 64-16 line 2995 [ 634.190105][T24486] binder: 24485:24486 ioctl c0306203 20000780 returned -22 [ 634.214280][T24483] binder: 24482:24483 transaction failed 29189/-3, size 64-16 line 3148 01:50:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x50d000) [ 634.231682][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306204, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:46 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 634.260814][ T5] binder: undelivered TRANSACTION_ERROR: 29189 01:50:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 634.343859][ T26] audit: type=1804 audit(1556243447.017:164): pid=24494 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/805/file0" dev="sda1" ino=16550 res=1 [ 634.358379][T24497] binder: 24493:24497 ioctl c0306204 20000780 returned -22 [ 634.423429][T24501] binder: 24499:24501 got transaction with invalid parent offset or type [ 634.441805][T24503] binder: 24502:24503 got transaction with invalid parent offset or type [ 634.447617][T24501] binder: 24499:24501 transaction failed 29201/-22, size 64-16 line 3389 01:50:47 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306225, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 634.483235][T24503] binder: 24502:24503 transaction failed 29201/-22, size 64-16 line 3389 [ 634.510933][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x70c000) [ 634.529731][T24505] binder: BINDER_SET_CONTEXT_MGR already set [ 634.544388][T24505] binder: 24499:24505 ioctl 40046207 0 returned -16 [ 634.544516][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 634.567047][T24506] binder: 24499:24506 got transaction with invalid parent offset or type [ 634.604667][T24506] binder: 24499:24506 transaction failed 29201/-22, size 64-16 line 3389 [ 634.617489][T24508] binder: 24507:24508 ioctl c0306225 20000780 returned -22 [ 634.626177][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc030625e, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 634.647745][T24514] binder: 24513:24514 got transaction with invalid parent offset or type [ 634.667200][ T26] audit: type=1804 audit(1556243447.337:165): pid=24512 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/806/file0" dev="sda1" ino=16642 res=1 01:50:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6c00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:47 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x7, 0x0, 0x0, 0x2000022, 0x0) 01:50:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:47 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 634.798685][T24519] binder: 24518:24519 ioctl c030625e 20000780 returned -22 01:50:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc030626e, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 634.881661][T24524] binder: BINDER_SET_CONTEXT_MGR already set [ 634.891683][T24529] binder_alloc: 24520: binder_alloc_buf, no vma [ 634.912965][T24524] binder: 24520:24524 ioctl 40046207 0 returned -16 01:50:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7400}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 634.943282][T24533] binder: 24532:24533 ioctl c030626e 20000780 returned -22 [ 634.956346][ T26] audit: type=1804 audit(1556243447.627:166): pid=24534 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/807/file0" dev="sda1" ino=16879 res=1 01:50:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x715000) 01:50:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x5e, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7a00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:47 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x8, 0x0, 0x0, 0x2000022, 0x0) [ 635.094350][T24541] binder: BINDER_SET_CONTEXT_MGR already set [ 635.105935][T24541] binder: 24536:24541 ioctl 40046207 0 returned -16 [ 635.125425][T24546] binder: 24545:24546 got transaction with invalid offset (24, min 40 max 40) or object. 01:50:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x6e, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x1000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 635.257898][T24550] binder: BINDER_SET_CONTEXT_MGR already set 01:50:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 635.315187][T24550] binder: 24549:24550 ioctl 40046207 0 returned -16 [ 635.330449][T24559] binder: 24556:24559 got transaction with invalid offset (24, min 40 max 40) or object. 01:50:48 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x740000) 01:50:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 635.498321][ T26] audit: type=1804 audit(1556243448.167:167): pid=24568 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/808/file0" dev="sda1" ino=16674 res=1 [ 635.528260][T24572] binder: 24571:24572 unknown command 16456 01:50:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 635.557987][T24572] binder: 24571:24572 ioctl c0306201 20000780 returned -22 01:50:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 635.663332][T24581] binder: BINDER_SET_CONTEXT_MGR already set [ 635.682755][T24581] binder: 24580:24581 ioctl 40046207 0 returned -16 01:50:48 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xa, 0x0, 0x0, 0x2000022, 0x0) 01:50:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x80ffff) 01:50:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x5000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x28000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 635.891685][T24594] binder: 24593:24594 unknown command 64 [ 635.916546][T24594] binder: 24593:24594 ioctl c0306201 20000780 returned -22 01:50:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 636.029879][T24606] binder: BINDER_SET_CONTEXT_MGR already set [ 636.042236][T24606] binder: 24605:24606 ioctl 40046207 0 returned -16 [ 636.083234][T24609] binder: 24608:24609 unknown command 0 [ 636.088826][T24609] binder: 24608:24609 ioctl c0306201 20000780 returned -22 01:50:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x38000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x20000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xb, 0x0, 0x0, 0x2000022, 0x0) 01:50:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x5, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x940000) 01:50:48 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) setpriority(0x0, 0x0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 636.224465][T24620] binder: 24618:24620 unknown command 0 [ 636.256066][T24620] binder: 24618:24620 ioctl c0306201 20000780 returned -22 [ 636.265317][T24619] binder: BINDER_SET_CONTEXT_MGR already set 01:50:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3f000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 636.296361][T24619] binder: 24617:24619 ioctl 40046207 0 returned -16 01:50:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 636.461717][T24640] binder: 24637:24640 unknown command 0 [ 636.488972][T24640] binder: 24637:24640 ioctl c0306201 20000780 returned -22 01:50:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x48000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xc, 0x0, 0x0, 0x2000022, 0x0) 01:50:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4c000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 636.685567][T24652] binder: 24651:24652 unknown command 0 [ 636.706705][T24652] binder: 24651:24652 ioctl c0306201 20000780 returned -22 01:50:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xc07000) 01:50:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xa, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x50000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x60000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xe, 0x0, 0x0, 0x2000022, 0x0) [ 636.846795][T24664] binder: 24663:24664 unknown command 0 [ 636.921518][T24664] binder: 24663:24664 ioctl c0306201 20000780 returned -22 01:50:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x68000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x10, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6c000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xd05000) [ 637.088129][T24687] binder: 24684:24687 unknown command 0 [ 637.101812][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 637.101828][ T26] audit: type=1804 audit(1556243449.777:171): pid=24688 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/812/file0" dev="sda1" ino=16888 res=1 01:50:49 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x0) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 637.143477][T24687] binder: 24684:24687 ioctl c0306201 20000780 returned -22 01:50:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x28, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x74000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 637.282999][ T26] audit: type=1804 audit(1556243449.957:172): pid=24699 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/813/file0" dev="sda1" ino=16577 res=1 01:50:50 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 637.331542][T24701] binder: 24700:24701 unknown command 0 [ 637.349116][T24701] binder: 24700:24701 ioctl c0306201 20000780 returned -22 [ 637.367898][T24705] binder: BINDER_SET_CONTEXT_MGR already set [ 637.410422][T24705] binder: 24704:24705 ioctl 40046207 0 returned -16 01:50:50 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x10, 0x0, 0x0, 0x2000022, 0x0) 01:50:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7a000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x38, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xec0f00) 01:50:50 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 637.564126][T24719] binder: 24717:24719 unknown command 0 01:50:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xfdfdffff}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 637.604500][T24719] binder: 24717:24719 ioctl c0306201 20000780 returned -22 01:50:50 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x48, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1000000) 01:50:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xfffffdfd}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 637.762576][T24724] EXT4-fs: 12 callbacks suppressed [ 637.762719][T24724] EXT4-fs (sda1): re-mounted. Opts: 01:50:50 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 637.820366][T24738] binder: 24737:24738 unknown command 0 [ 637.855746][T24738] binder: 24737:24738 ioctl c0306201 20000780 returned -22 [ 637.944993][T24745] EXT4-fs (sda1): re-mounted. Opts: [ 637.981380][T24749] binder: BINDER_SET_CONTEXT_MGR already set [ 637.989126][T24749] binder: 24748:24749 ioctl 40046207 0 returned -16 01:50:50 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x48, 0x0, 0x0, 0x2000022, 0x0) 01:50:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x100000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4c, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1000040) 01:50:50 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(0x0, 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:50 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x60, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x200000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:50 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 638.224045][T24763] binder: BINDER_SET_CONTEXT_MGR already set [ 638.267711][T24763] binder: 24760:24763 ioctl 40046207 0 returned -16 [ 638.281764][T24764] EXT4-fs (sda1): re-mounted. Opts: 01:50:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x68, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x300000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:51 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 638.308773][ T26] audit: type=1804 audit(1556243450.977:173): pid=24775 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/817/file0" dev="sda1" ino=16737 res=1 01:50:51 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x4c, 0x0, 0x0, 0x2000022, 0x0) 01:50:51 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6c, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1000080) [ 638.448869][T24780] binder: BINDER_SET_CONTEXT_MGR already set [ 638.455187][T24764] EXT4-fs (sda1): re-mounted. Opts: [ 638.473235][T24780] binder: 24779:24780 ioctl 40046207 0 returned -16 01:50:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x400000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 638.545287][ T26] audit: type=1804 audit(1556243451.217:174): pid=24788 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/818/file0" dev="sda1" ino=16737 res=1 01:50:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x74, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:51 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x500000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 638.659995][T24796] EXT4-fs (sda1): re-mounted. Opts: 01:50:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7a, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 638.748826][T24807] binder_transaction: 66 callbacks suppressed [ 638.748842][T24807] binder: 24806:24807 transaction failed 29189/-22, size 64-16 line 2995 [ 638.759438][T24803] binder_fixup_parent: 42 callbacks suppressed [ 638.759448][T24803] binder: 24802:24803 got transaction with invalid parent offset or type [ 638.778737][T24796] EXT4-fs (sda1): re-mounted. Opts: 01:50:51 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x300, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 638.813902][T24803] binder: 24802:24803 transaction failed 29201/-22, size 64-16 line 3389 [ 638.832205][ T8032] binder_release_work: 66 callbacks suppressed [ 638.832213][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x600000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 638.858755][T24803] binder: BINDER_SET_CONTEXT_MGR already set 01:50:51 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x60, 0x0, 0x0, 0x2000022, 0x0) [ 638.908778][T24803] binder: 24802:24803 ioctl 40046207 0 returned -16 [ 638.910843][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x10000c0) 01:50:51 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 638.978473][ T26] audit: type=1804 audit(1556243451.647:175): pid=24814 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/819/file0" dev="sda1" ino=16658 res=1 [ 639.002811][T24817] binder: 24815:24817 transaction failed 29189/-22, size 64-16 line 2995 01:50:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x500, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.036529][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 639.069677][T24824] binder: 24823:24824 got transaction with invalid parent offset or type [ 639.096528][T24819] EXT4-fs (sda1): re-mounted. Opts: [ 639.109679][T24824] binder: 24823:24824 transaction failed 29201/-22, size 64-16 line 3389 01:50:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x700000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.147647][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 639.159431][T24831] binder_alloc: 24823: binder_alloc_buf, no vma [ 639.161341][T24824] binder: BINDER_SET_CONTEXT_MGR already set 01:50:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x600, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.195921][T24831] binder: 24823:24831 transaction failed 29189/-3, size 64-16 line 3148 [ 639.201142][T24824] binder: 24823:24824 ioctl 40046207 0 returned -16 [ 639.212956][T24819] EXT4-fs (sda1): re-mounted. Opts: [ 639.238232][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 639.264936][T24837] binder: 24836:24837 transaction failed 29189/-22, size 64-16 line 2995 01:50:51 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x0) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x700, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:52 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:52 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x68, 0x0, 0x0, 0x2000022, 0x0) [ 639.303396][ T8032] binder: undelivered TRANSACTION_ERROR: 29189 01:50:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1010000) [ 639.394823][ T26] audit: type=1804 audit(1556243452.067:176): pid=24840 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/820/file0" dev="sda1" ino=16706 res=1 [ 639.428918][T24844] binder: 24843:24844 transaction failed 29189/-22, size 64-16 line 2995 [ 639.440596][T20780] binder: undelivered TRANSACTION_ERROR: 29189 [ 639.460073][T24842] binder: 24841:24842 got transaction with invalid parent offset or type 01:50:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3f00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xa00, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.515024][T24842] binder: 24841:24842 transaction failed 29201/-22, size 64-16 line 3389 [ 639.541643][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:50:52 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x0) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 639.577630][T24842] binder: BINDER_SET_CONTEXT_MGR already set [ 639.609664][T24847] EXT4-fs (sda1): re-mounted. Opts: [ 639.619056][T24842] binder: 24841:24842 ioctl 40046207 0 returned -16 01:50:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.619106][T24856] binder_alloc: 24841: binder_alloc_buf, no vma [ 639.647769][T24854] binder: 24841:24854 transaction failed 29189/-22, size 64-16 line 2995 [ 639.694650][T24856] binder: 24855:24856 transaction failed 29189/-3, size 64-16 line 3148 [ 639.696009][T20780] binder: undelivered TRANSACTION_ERROR: 29189 [ 639.713470][ T26] audit: type=1804 audit(1556243452.387:177): pid=24860 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/821/file0" dev="sda1" ino=16898 res=1 01:50:52 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x0) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:52 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.758180][T20780] binder: undelivered TRANSACTION_ERROR: 29189 01:50:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.824240][ T26] audit: type=1804 audit(1556243452.487:178): pid=24869 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/822/file0" dev="sda1" ino=16895 res=1 01:50:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2800, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.864780][T24871] binder: 24870:24871 got transaction with invalid parent offset or type [ 639.876191][T24873] binder: 24872:24873 got transaction with invalid parent offset or type [ 639.880049][T24877] binder: 24870:24877 got transaction with invalid parent offset or type 01:50:52 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.911930][T24873] binder: transaction release 4062 bad handle 2, ret = -22 01:50:52 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x6c, 0x0, 0x0, 0x2000022, 0x0) 01:50:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1ec0f00) 01:50:52 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3800, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4c00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 639.985703][T24881] binder: 24880:24881 got transaction with invalid parent offset or type [ 640.060306][T24881] binder: BINDER_SET_CONTEXT_MGR already set [ 640.105187][T24881] binder: 24880:24881 ioctl 40046207 0 returned -16 [ 640.105194][T24883] binder_alloc: 24880: binder_alloc_buf, no vma 01:50:52 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 640.128489][ T26] audit: type=1804 audit(1556243452.797:179): pid=24888 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/823/file0" dev="sda1" ino=16891 res=1 01:50:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3f00, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:52 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 640.210462][T24892] EXT4-fs (sda1): re-mounted. Opts: [ 640.303188][ T26] audit: type=1804 audit(1556243452.937:180): pid=24897 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/824/file0" dev="sda1" ino=16883 res=1 01:50:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4800, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x2000000) [ 640.346849][T24906] binder: 24900:24906 got transaction with invalid parent offset or type 01:50:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 640.402779][T24909] binder: 24900:24909 got transaction with invalid parent offset or type 01:50:53 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x74, 0x0, 0x0, 0x2000022, 0x0) 01:50:53 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6c00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4c00, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 640.542827][T24918] binder: 24917:24918 got transaction with invalid parent offset or type 01:50:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7400000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 640.609283][T24918] binder: BINDER_SET_CONTEXT_MGR already set [ 640.639386][T24918] binder: 24917:24918 ioctl 40046207 0 returned -16 01:50:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x3000000) 01:50:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7a00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6800, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x7a, 0x0, 0x0, 0x2000022, 0x0) 01:50:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xfdfdffff00000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 640.859554][T24949] binder: BINDER_SET_CONTEXT_MGR already set 01:50:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6c00, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 640.914922][T24949] binder: 24941:24949 ioctl 40046207 0 returned -16 [ 640.950434][T24951] binder_alloc: 24941: binder_alloc_buf, no vma 01:50:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7400, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0x1000000, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x4000000) 01:50:53 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:53 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x300, 0x0, 0x0, 0x2000022, 0x0) 01:50:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7a00, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x1000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 641.369617][T24983] binder: BINDER_SET_CONTEXT_MGR already set [ 641.400317][T24983] binder: 24979:24983 ioctl 40046207 0 returned -16 01:50:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x2800000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x5000000) 01:50:54 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x500, 0x0, 0x0, 0x2000022, 0x0) 01:50:54 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x3800000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x5}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 641.782666][T25015] binder: BINDER_SET_CONTEXT_MGR already set [ 641.788710][T25015] binder: 25014:25015 ioctl 40046207 0 returned -16 01:50:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x600, 0x0, 0x0, 0x2000022, 0x0) 01:50:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x5000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x6000000) 01:50:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 642.048799][T25037] binder: 25036:25037 got transaction with too large buffer [ 642.079396][T25037] binder: transaction release 4138 bad handle 1, ret = -22 01:50:54 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x48}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 642.282421][T25053] binder: BINDER_SET_CONTEXT_MGR already set [ 642.315255][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 642.315271][ T26] audit: type=1804 audit(1556243454.987:186): pid=25058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/830/file0" dev="sda1" ino=16916 res=1 [ 642.320474][T25053] binder: 25050:25053 ioctl 40046207 0 returned -16 01:50:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x7000000) 01:50:55 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x700, 0x0, 0x0, 0x2000022, 0x0) 01:50:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xa000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4c}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x5000000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x60}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 642.536466][T25071] binder: BINDER_SET_CONTEXT_MGR already set 01:50:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x10000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 642.579760][T25071] binder: 25070:25071 ioctl 40046207 0 returned -16 [ 642.579810][T25073] binder_alloc: 25070: binder_alloc_buf, no vma 01:50:55 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x68}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x20000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x7000080) 01:50:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 642.784385][ T26] audit: type=1804 audit(1556243455.457:187): pid=25086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/831/file0" dev="sda1" ino=16909 res=1 01:50:55 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xa00, 0x0, 0x0, 0x2000022, 0x0) [ 642.863656][T25090] binder: 25087:25090 got transaction with too large buffer 01:50:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x28000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6c}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 642.948554][T25086] EXT4-fs: 15 callbacks suppressed [ 642.948568][T25086] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x38000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 643.028626][T25110] binder: 25105:25110 got transaction with too large buffer [ 643.048216][T25100] EXT4-fs (sda1): re-mounted. Opts: [ 643.063925][T25110] binder: transaction release 4182 bad handle 1, ret = -22 01:50:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x8000000) 01:50:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x74}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3f000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 643.167700][T25100] EXT4-fs (sda1): re-mounted. Opts: [ 643.183217][ T26] audit: type=1804 audit(1556243455.857:188): pid=25118 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/832/file0" dev="sda1" ino=16910 res=1 01:50:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xb00, 0x0, 0x0, 0x2000022, 0x0) [ 643.299300][T25118] EXT4-fs (sda1): re-mounted. Opts: init_itable, 01:50:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7a}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x48000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 643.464530][T25134] EXT4-fs (sda1): re-mounted. Opts: 01:50:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x300}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x8000080) 01:50:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4c000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 643.557819][ T26] audit: type=1804 audit(1556243456.217:189): pid=25145 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/833/file0" dev="sda1" ino=16910 res=1 [ 643.641664][T25134] EXT4-fs (sda1): re-mounted. Opts: 01:50:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x60000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x500}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xc00, 0x0, 0x0, 0x2000022, 0x0) 01:50:56 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 643.788025][T25166] binder_transaction: 61 callbacks suppressed [ 643.788041][T25166] binder: 25162:25166 transaction failed 29189/-22, size 64-16 line 2995 [ 643.818819][T25165] binder_fixup_parent: 25 callbacks suppressed [ 643.818830][T25165] binder: 25163:25165 got transaction with invalid parent offset or type 01:50:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x66642a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 643.833947][T25165] binder: 25163:25165 transaction failed 29201/-22, size 64-16 line 3389 [ 643.891801][ T5] binder_release_work: 61 callbacks suppressed [ 643.891810][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 643.898135][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 643.915110][T25173] binder: 25163:25173 got transaction with invalid parent offset or type 01:50:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x9000000) 01:50:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x600}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100), 0x0, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 643.939172][ T26] audit: type=1804 audit(1556243456.607:190): pid=25170 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/834/file0" dev="sda1" ino=16916 res=1 [ 643.975481][T25173] binder: 25163:25173 transaction failed 29201/-22, size 64-16 line 3389 01:50:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x66646185, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.007454][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 644.024346][T25181] binder: 25179:25181 got transaction with too large buffer 01:50:56 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.060914][T25181] binder: 25179:25181 transaction failed 29201/-22, size 64-16 line 3357 [ 644.074509][T25174] EXT4-fs (sda1): re-mounted. Opts: [ 644.094026][ T5] binder: undelivered TRANSACTION_ERROR: 29201 01:50:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x68000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x700}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.105242][ T26] audit: type=1804 audit(1556243456.777:191): pid=25184 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/835/file0" dev="sda1" ino=16923 res=1 [ 644.195487][T25184] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 644.219647][T25193] binder: 25190:25193 transaction failed 29189/-22, size 64-16 line 2995 [ 644.246954][T25174] EXT4-fs (sda1): re-mounted. Opts: 01:50:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6c000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.272158][T25196] binder: 25194:25196 got transaction with invalid parent offset or type [ 644.294601][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 [ 644.316902][T25196] binder: 25194:25196 transaction failed 29201/-22, size 64-16 line 3389 01:50:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.349707][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 644.362571][T25196] binder: BINDER_SET_CONTEXT_MGR already set [ 644.379257][T25198] binder: 25194:25198 transaction failed 29189/-22, size 64-16 line 2995 [ 644.410003][T25201] binder: 25200:25201 transaction failed 29189/-22, size 64-16 line 2995 [ 644.417442][T25196] binder: 25194:25196 ioctl 40046207 0 returned -16 [ 644.439774][T20780] binder: undelivered TRANSACTION_ERROR: 29189 01:50:57 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xe00, 0x0, 0x0, 0x2000022, 0x0) 01:50:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xa000000) 01:50:57 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100), 0x0, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x70742a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.457589][T20780] binder: undelivered TRANSACTION_ERROR: 29189 01:50:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3f00}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.513986][ T26] audit: type=1804 audit(1556243457.187:192): pid=25204 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/836/file0" dev="sda1" ino=16912 res=1 [ 644.552654][T25208] binder: 25206:25208 got transaction with invalid parent offset or type [ 644.580363][T25208] binder: 25206:25208 transaction failed 29201/-22, size 64-16 line 3389 [ 644.616827][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 01:50:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x73622a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.624054][T25217] binder: 25206:25217 got transaction with invalid parent offset or type [ 644.666146][T25213] EXT4-fs (sda1): re-mounted. Opts: [ 644.675254][T25217] binder: 25206:25217 transaction failed 29201/-22, size 64-16 line 3389 [ 644.697831][T25220] binder: 25218:25220 got transaction with too large buffer [ 644.710900][T20780] binder: undelivered TRANSACTION_ERROR: 29201 01:50:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x73682a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:57 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100), 0x0, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4800}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:57 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xf23, 0x0, 0x0, 0x2000022, 0x0) 01:50:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xb000000) [ 644.863530][T25227] binder: 25226:25227 got transaction with invalid parent offset or type [ 644.882659][T25232] binder: 25231:25232 got transaction with too large buffer [ 644.903108][T25233] binder: 25226:25233 got transaction with invalid parent offset or type 01:50:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4c00}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x74000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 644.983824][ T26] audit: type=1804 audit(1556243457.657:193): pid=25236 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/837/file0" dev="sda1" ino=16922 res=1 01:50:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x77622a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 645.088815][T25248] binder: 25244:25248 got transaction with invalid parent offset or type [ 645.137625][T25250] binder: 25244:25250 got transaction with invalid parent offset or type 01:50:57 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x77682a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 645.223335][T25257] binder: 25256:25257 got transaction with too large buffer 01:50:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xc000000) 01:50:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6800}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x1f00, 0x0, 0x0, 0x2000022, 0x0) [ 645.358958][ T26] audit: type=1804 audit(1556243458.027:194): pid=25260 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/838/file0" dev="sda1" ino=16942 res=1 [ 645.386659][T25265] binder: 25261:25265 got transaction with invalid parent offset or type 01:50:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6c00}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7a000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 645.446560][T25273] binder: BINDER_SET_CONTEXT_MGR already set 01:50:58 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 645.494899][T25273] binder: 25261:25273 ioctl 40046207 0 returned -16 [ 645.499698][T25276] binder: 25275:25276 got transaction with too large buffer 01:50:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6273, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7400}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xd000000) [ 645.617016][ T26] audit: type=1804 audit(1556243458.287:195): pid=25286 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/839/file0" dev="sda1" ino=16942 res=1 01:50:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6277, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x2000, 0x0, 0x0, 0x2000022, 0x0) 01:50:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7a00}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 645.756027][T25296] binder: BINDER_SET_CONTEXT_MGR already set [ 645.771241][T25296] binder: 25293:25296 ioctl 40046207 0 returned -16 [ 645.772300][T25297] binder_alloc: 25293: binder_alloc_buf, no vma 01:50:58 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r1, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x1000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6466, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}], 0x18}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xe000000) 01:50:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6873, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 646.064411][T25315] binder: BINDER_SET_CONTEXT_MGR already set [ 646.081723][T25315] binder: 25313:25315 ioctl 40046207 0 returned -16 [ 646.082110][T25320] binder: 25319:25320 got transaction with too large buffer 01:50:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6877, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:58 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x230f, 0x0, 0x0, 0x2000022, 0x0) 01:50:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xf000000) 01:50:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}], 0x18}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:59 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a7470, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}], 0x18}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x85616466, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x10000000) 01:50:59 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x3f00, 0x0, 0x0, 0x2000022, 0x0) 01:50:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x5000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:50:59 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xfdfdffff, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 646.761963][T25371] binder: 25370:25371 got transaction with too large buffer [ 646.781919][T25371] binder: transaction release 4326 bad handle 1, ret = -22 01:50:59 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xfffffdfd, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x11000000) 01:50:59 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x100000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:50:59 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x4000, 0x0, 0x0, 0x2000022, 0x0) [ 647.100751][T25398] binder: BINDER_SET_CONTEXT_MGR already set 01:50:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x200000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 647.153555][T25398] binder: 25396:25398 ioctl 40046207 0 returned -16 [ 647.174052][T25400] binder_alloc: 25396: binder_alloc_buf, no vma 01:51:00 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x20000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x12000000) 01:51:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x300000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x400000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x4800, 0x0, 0x0, 0x2000022, 0x0) 01:51:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 647.442518][T25425] binder_transaction: 1 callbacks suppressed [ 647.442529][T25425] binder: 25422:25425 got transaction with too large buffer [ 647.457704][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 647.457720][ T26] audit: type=1804 audit(1556243460.127:201): pid=25424 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/845/file0" dev="sda1" ino=17153 res=1 01:51:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x500000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3f000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 647.597850][T25432] binder: BINDER_SET_CONTEXT_MGR already set 01:51:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x600000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 647.646169][T25432] binder: 25431:25432 ioctl 40046207 0 returned -16 [ 647.689176][ T26] audit: type=1804 audit(1556243460.357:202): pid=25442 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/846/file0" dev="sda1" ino=17153 res=1 01:51:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x48000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x13000000) 01:51:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x700000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4c000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x4c00, 0x0, 0x0, 0x2000022, 0x0) 01:51:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 647.952502][ T26] audit: type=1804 audit(1556243460.627:203): pid=25458 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/847/file0" dev="sda1" ino=16947 res=1 01:51:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xa00000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x60000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 648.063566][T25467] binder: BINDER_SET_CONTEXT_MGR already set [ 648.101401][T25467] binder: 25466:25467 ioctl 40046207 0 returned -16 01:51:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x1000000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 648.156437][T25469] EXT4-fs: 17 callbacks suppressed [ 648.156484][T25469] EXT4-fs (sda1): re-mounted. Opts: 01:51:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x14000000) 01:51:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 648.296992][T25469] EXT4-fs (sda1): re-mounted. Opts: 01:51:01 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x68000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2000000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:01 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x6000, 0x0, 0x0, 0x2000022, 0x0) 01:51:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6c000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x15000000) [ 648.554758][ T26] audit: type=1804 audit(1556243461.227:204): pid=25502 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/848/file0" dev="sda1" ino=17249 res=1 01:51:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2800000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 648.641034][T25497] EXT4-fs (sda1): re-mounted. Opts: 01:51:01 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0, 0xffffffffffffffff]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x74000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 648.769329][T25497] EXT4-fs (sda1): re-mounted. Opts: 01:51:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3800000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 648.837196][T25523] binder: 25522:25523 got transaction with too large buffer [ 648.868861][T25523] binder_transaction: 59 callbacks suppressed [ 648.868879][T25523] binder: 25522:25523 transaction failed 29201/-22, size 64-16 line 3357 01:51:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x16000000) 01:51:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3f00000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 648.932784][ T3480] binder_release_work: 59 callbacks suppressed [ 648.932792][ T3480] binder: undelivered TRANSACTION_ERROR: 29201 [ 648.935041][T25526] binder_fixup_parent: 29 callbacks suppressed [ 648.935050][T25526] binder: 25525:25526 got transaction with invalid parent offset or type 01:51:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7a000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 648.994605][T25526] binder: 25525:25526 transaction failed 29201/-22, size 64-16 line 3389 [ 649.028934][T20780] binder: undelivered TRANSACTION_ERROR: 29201 [ 649.042715][T25526] binder: BINDER_SET_CONTEXT_MGR already set [ 649.060461][ T26] audit: type=1804 audit(1556243461.727:205): pid=25530 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/849/file0" dev="sda1" ino=17202 res=1 01:51:01 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x6800, 0x0, 0x0, 0x2000022, 0x0) 01:51:01 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4800000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 649.120973][T25536] binder: 25533:25536 transaction failed 29189/-22, size 64-16 line 2995 [ 649.121060][T25526] binder: 25525:25526 ioctl 40046207 0 returned -16 [ 649.183056][ T3480] binder: undelivered TRANSACTION_ERROR: 29189 01:51:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xfdfdffff}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4c00000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 649.242993][ T26] audit: type=1804 audit(1556243461.917:206): pid=25543 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/850/file0" dev="sda1" ino=17153 res=1 01:51:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x17000000) [ 649.306818][T25544] binder: 25542:25544 got transaction with invalid parent offset or type [ 649.331903][T25544] binder: 25542:25544 transaction failed 29201/-22, size 64-16 line 3389 01:51:02 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 649.355213][T20780] binder: undelivered TRANSACTION_ERROR: 29201 [ 649.376259][T25551] binder: BINDER_SET_CONTEXT_MGR already set 01:51:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6000000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 649.407655][T25554] binder: 25550:25554 got transaction with too large buffer [ 649.415505][T25552] binder: 25542:25552 got transaction with invalid parent offset or type [ 649.430482][T25549] EXT4-fs (sda1): re-mounted. Opts: [ 649.441622][T25554] binder: 25550:25554 transaction failed 29201/-22, size 64-16 line 3357 [ 649.472996][ T26] audit: type=1804 audit(1556243462.137:207): pid=25558 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/851/file0" dev="sda1" ino=16945 res=1 [ 649.474617][T25551] binder: 25542:25551 ioctl 40046207 0 returned -16 [ 649.530729][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 [ 649.537038][T25552] binder: 25542:25552 transaction failed 29201/-22, size 64-16 line 3389 [ 649.569672][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:51:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xfffffdfd}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6800000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 649.576737][T25558] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 649.626400][T25549] EXT4-fs (sda1): re-mounted. Opts: 01:51:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 649.660040][T25571] binder: 25568:25571 got transaction with too large buffer [ 649.710441][T25571] binder: transaction release 4437 bad handle 1, ret = -22 [ 649.731876][T25571] binder: 25568:25571 transaction failed 29201/-22, size 64-16 line 3357 01:51:02 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x6c00, 0x0, 0x0, 0x2000022, 0x0) 01:51:02 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6c00000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x18000000) [ 649.768236][T25574] binder: 25573:25574 got transaction with invalid parent offset or type [ 649.779403][T25574] binder: 25573:25574 transaction failed 29201/-22, size 64-16 line 3389 [ 649.781138][T20780] binder: undelivered TRANSACTION_ERROR: 29201 [ 649.834679][T20780] binder: undelivered TRANSACTION_ERROR: 29201 [ 649.843340][T25579] binder: BINDER_SET_CONTEXT_MGR already set [ 649.849391][T25579] binder: 25573:25579 ioctl 40046207 0 returned -16 [ 649.849526][T25582] binder: 25573:25582 got transaction with invalid parent offset or type 01:51:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x100000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 649.861001][ T26] audit: type=1804 audit(1556243462.527:208): pid=25580 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/852/file0" dev="sda1" ino=16948 res=1 01:51:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7400000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 649.966482][T25591] binder: 25589:25591 got transaction with too large buffer [ 649.984336][T25591] binder: 25589:25591 transaction failed 29201/-22, size 64-16 line 3357 [ 649.984390][T25582] binder: 25573:25582 transaction failed 29201/-22, size 64-16 line 3389 [ 650.014153][T20780] binder: undelivered TRANSACTION_ERROR: 29201 01:51:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7a00000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x200000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 650.046488][T25580] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 650.074496][ T8032] binder: undelivered TRANSACTION_ERROR: 29201 01:51:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 650.091135][T25586] EXT4-fs (sda1): re-mounted. Opts: 01:51:02 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x300000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x19000080) [ 650.230781][T25599] binder: 25598:25599 got transaction with invalid parent offset or type [ 650.241794][T25586] EXT4-fs (sda1): re-mounted. Opts: [ 650.268453][ T26] audit: type=1804 audit(1556243462.937:209): pid=25603 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/853/file0" dev="sda1" ino=16941 res=1 01:51:03 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x7400, 0x0, 0x0, 0x2000022, 0x0) 01:51:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a627300000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x400000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a627700000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 650.322246][T25610] binder: 25598:25610 got transaction with invalid parent offset or type 01:51:03 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2800, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 650.421083][T25616] binder: 25615:25616 got transaction with too large buffer 01:51:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a646600000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x500000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 650.495072][ T26] audit: type=1804 audit(1556243463.157:210): pid=25621 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/854/file0" dev="sda1" ino=17377 res=1 [ 650.561363][T25627] binder: 25623:25627 got transaction with invalid parent offset or type 01:51:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1a000080) [ 650.605732][T25632] binder: 25623:25632 got transaction with invalid parent offset or type [ 650.622991][T25634] binder: 25633:25634 got transaction with too large buffer 01:51:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x600000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a687300000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x7a00, 0x0, 0x0, 0x2000022, 0x0) 01:51:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3800, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 650.787815][T25641] binder: 25639:25641 got transaction with too large buffer 01:51:03 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}, @rights={0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a687700000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x700000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [r0, r0]}], 0x18}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 650.950831][T25648] binder: 25643:25648 got transaction with invalid parent offset or type [ 650.993987][T25654] binder: 25653:25654 got transaction with too large buffer 01:51:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a747000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2000000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1d000080) 01:51:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x8561646600000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3f00000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x40000, 0x0, 0x0, 0x2000022, 0x0) 01:51:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [r0, r0]}], 0x18}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xfdfdffff00000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4800000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x20000000) 01:51:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x630b, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4c00000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 651.574463][T25694] binder: 25693:25694 ERROR: BC_REGISTER_LOOPER called without request [ 651.619322][T25694] binder: 25693:25694 unknown command 0 [ 651.655891][T25694] binder: 25693:25694 ioctl c0306201 20000780 returned -22 01:51:04 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [r0, r0]}], 0x18}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6000000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x630c, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 651.700488][T25705] binder: BINDER_SET_CONTEXT_MGR already set [ 651.726509][T25705] binder: 25698:25705 ioctl 40046207 0 returned -16 [ 651.782923][T25711] binder: 25709:25711 got transaction with too large buffer [ 651.852421][T25716] binder: 25715:25716 unknown command 0 [ 651.858136][T25716] binder: 25715:25716 ioctl c0306201 20000780 returned -22 01:51:04 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x80000, 0x0, 0x0, 0x2000022, 0x0) 01:51:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x5000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x30000000) 01:51:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6800000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x630d, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 651.997503][T25718] binder: 25717:25718 unknown command 0 [ 652.041697][T25718] binder: 25717:25718 ioctl c0306201 20000780 returned -22 01:51:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40046302, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6c00000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x3f000000) [ 652.256447][T25742] binder: BC_ACQUIRE_RESULT not supported [ 652.286895][T25742] binder: 25739:25742 ioctl c0306201 20000780 returned -22 01:51:05 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x100000, 0x0, 0x0, 0x2000022, 0x0) 01:51:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7400000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) 01:51:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40046304, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 652.437389][T25757] binder_alloc: 25750: binder_alloc_buf, no vma [ 652.437442][T25751] binder: BINDER_SET_CONTEXT_MGR already set [ 652.465257][T25751] binder: 25750:25751 ioctl 40046207 0 returned -16 [ 652.472991][T25762] binder: 25753:25762 IncRefs 0 refcount change on invalid ref 0 ret -22 01:51:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 652.508918][T25762] binder: 25753:25762 unknown command 0 [ 652.515165][T25762] binder: 25753:25762 ioctl c0306201 20000780 returned -22 01:51:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7a00000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40046307, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 652.673594][T25774] binder: 25771:25774 got transaction with too large buffer [ 652.690759][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 652.690774][ T26] audit: type=1804 audit(1556243465.357:218): pid=25773 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/862/file0" dev="sda1" ino=17585 res=1 01:51:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x40000000) [ 652.740011][T25777] binder: 25772:25777 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 652.758193][T25774] binder: transaction release 4548 bad handle 1, ret = -22 [ 652.781237][T25777] binder: 25772:25777 unknown command 0 01:51:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xfdfdffff00000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 652.808316][T25777] binder: 25772:25777 ioctl c0306201 20000780 returned -22 01:51:05 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x3ff7f8, 0x0, 0x0, 0x2000022, 0x0) 01:51:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40086303, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 653.032170][T25793] binder: 25791:25793 BC_FREE_BUFFER u0000000000000000 no match 01:51:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 653.075441][ T26] audit: type=1804 audit(1556243465.747:219): pid=25790 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/863/file0" dev="sda1" ino=17537 res=1 [ 653.111747][T25793] binder: 25791:25793 unknown command 0 [ 653.117666][T25793] binder: 25791:25793 ioctl c0306201 20000780 returned -22 01:51:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000017000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000017000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x40000001) [ 653.126194][T25794] binder: BINDER_SET_CONTEXT_MGR already set [ 653.159736][T25794] binder: 25792:25794 ioctl 40046207 0 returned -16 01:51:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x0, 0x3}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x4008630a, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 653.188212][ T26] audit: type=1804 audit(1556243465.857:220): pid=25804 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/864/file0" dev="sda1" ino=16928 res=1 [ 653.251772][T25800] EXT4-fs: 11 callbacks suppressed [ 653.251839][T25800] EXT4-fs (sda1): re-mounted. Opts: 01:51:05 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 653.297727][T25810] ------------[ cut here ]------------ [ 653.303240][T25810] kernel BUG at drivers/android/binder_alloc.c:1139! 01:51:06 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 653.343587][T25816] binder: BC_ATTEMPT_ACQUIRE not supported [ 653.368484][T25816] binder: 25811:25816 ioctl c0306201 20000780 returned -22 [ 653.376969][T25800] EXT4-fs (sda1): re-mounted. Opts: [ 653.395834][T25810] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 653.401952][T25810] CPU: 0 PID: 25810 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #85 [ 653.409945][T25810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 653.420021][T25810] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 653.426528][T25810] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5d 23 fc 4c 89 e6 4c 89 ef e8 e4 5e 23 fc 4d 39 e5 76 07 e8 ba 5d 23 fc <0f> 0b e8 b3 5d 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 653.446135][T25810] RSP: 0018:ffff888085c6f4e0 EFLAGS: 00010216 [ 653.452208][T25810] RAX: 0000000000040000 RBX: 0000000020001000 RCX: ffffc9000a21d000 [ 653.460196][T25810] RDX: 00000000000004e2 RSI: ffffffff854d2f36 RDI: 0000000000000006 [ 653.468344][T25810] RBP: ffff888085c6f560 R08: ffff88809f66a280 R09: 0000000000000008 [ 653.476321][T25810] R10: ffffed1010b8df15 R11: ffff888085c6f8af R12: 0000000000000048 [ 653.484388][T25810] R13: 0000000000000008 R14: 0000000000000058 R15: 0000000000000000 [ 653.492365][T25810] FS: 00007ff4c9f79700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 653.501471][T25810] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 653.508056][T25810] CR2: 0000001b31a23000 CR3: 000000009e3ec000 CR4: 00000000001426f0 [ 653.516038][T25810] Call Trace: [ 653.519331][T25810] ? find_held_lock+0x35/0x130 [ 653.524097][T25810] binder_alloc_copy_from_buffer+0x37/0x42 [ 653.529899][T25810] binder_validate_ptr+0xcc/0x1d0 [ 653.534919][T25810] ? binder_get_object+0x210/0x210 [ 653.540025][T25810] ? binder_alloc_copy_user_to_buffer+0x312/0x480 [ 653.546437][T25810] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 653.552158][T25810] binder_transaction+0x3e02/0x65c0 [ 653.557386][T25810] ? binder_thread_read+0x3d30/0x3d30 [ 653.562753][T25810] ? __lock_acquire+0x548/0x3fb0 [ 653.567778][T25810] ? __might_fault+0x12b/0x1e0 [ 653.572553][T25810] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 653.578788][T25810] ? _copy_from_user+0xdd/0x150 [ 653.583641][T25810] binder_thread_write+0x87e/0x2820 [ 653.588848][T25810] ? binder_transaction+0x65c0/0x65c0 [ 653.594220][T25810] ? __might_fault+0x12b/0x1e0 [ 653.598987][T25810] ? lock_downgrade+0x880/0x880 [ 653.603840][T25810] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 653.610071][T25810] ? _copy_from_user+0xdd/0x150 [ 653.614919][T25810] binder_ioctl+0x1033/0x183b [ 653.619595][T25810] ? binder_thread_write+0x2820/0x2820 [ 653.625046][T25810] ? tomoyo_path_number_perm+0x263/0x520 [ 653.630673][T25810] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 653.636469][T25810] ? smack_log+0x415/0x540 [ 653.640894][T25810] ? binder_thread_write+0x2820/0x2820 [ 653.646353][T25810] do_vfs_ioctl+0xd6e/0x1390 [ 653.650942][T25810] ? ioctl_preallocate+0x210/0x210 [ 653.656045][T25810] ? smack_file_ioctl+0x196/0x310 [ 653.661062][T25810] ? smack_inode_rename+0x2d0/0x2d0 [ 653.666343][T25810] ? nsecs_to_jiffies+0x30/0x30 [ 653.671200][T25810] ? tomoyo_file_ioctl+0x23/0x30 [ 653.676134][T25810] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 653.682389][T25810] ? security_file_ioctl+0x93/0xc0 [ 653.687502][T25810] ksys_ioctl+0xab/0xd0 [ 653.691667][T25810] __x64_sys_ioctl+0x73/0xb0 [ 653.696270][T25810] do_syscall_64+0x103/0x610 [ 653.700867][T25810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 653.706755][T25810] RIP: 0033:0x458da9 [ 653.710655][T25810] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 653.730264][T25810] RSP: 002b:00007ff4c9f78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 653.738684][T25810] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9 [ 653.746673][T25810] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000003 [ 653.754642][T25810] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 653.762612][T25810] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff4c9f796d4 [ 653.770582][T25810] R13: 00000000004c010e R14: 00000000004d2468 R15: 00000000ffffffff [ 653.778553][T25810] Modules linked in: [ 653.786277][ T3876] kobject: 'loop4' (000000009b2e2909): fill_kobj_path: path = '/devices/virtual/block/loop4' 01:51:06 executing program 3: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0x10000) open(0x0, 0x40, 0x1) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) connect$rxrpc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x3ff800, 0x0, 0x0, 0x2000022, 0x0) [ 653.799010][ T26] audit: type=1804 audit(1556243466.467:221): pid=25819 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/865/file0" dev="sda1" ino=17554 res=1 [ 653.804654][ T3876] kobject: 'loop5' (00000000abac5ce1): kobject_uevent_env [ 653.839976][T25819] kobject: 'loop4' (000000009b2e2909): kobject_uevent_env 01:51:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40086310, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:06 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 653.843343][ T3876] kobject: 'loop5' (00000000abac5ce1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 653.853982][T25819] kobject: 'loop4' (000000009b2e2909): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 653.865582][ T3876] kobject: 'loop3' (00000000e799530e): kobject_uevent_env [ 653.875906][T25810] ---[ end trace 8bc9e09ea70bca1d ]--- [ 653.877756][ T3876] kobject: 'loop3' (00000000e799530e): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 653.881516][T25810] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 653.898601][T25819] EXT4-fs (sda1): re-mounted. Opts: init_itable, [ 653.905196][T25810] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 cf 5d 23 fc 4c 89 e6 4c 89 ef e8 e4 5e 23 fc 4d 39 e5 76 07 e8 ba 5d 23 fc <0f> 0b e8 b3 5d 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 c1 [ 653.931476][ T8027] kobject: 'loop3' (00000000e799530e): kobject_uevent_env [ 653.938665][ T8027] kobject: 'loop3' (00000000e799530e): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 653.950773][ T3876] kobject: 'loop1' (00000000a916303a): kobject_uevent_env [ 653.966581][ T3876] kobject: 'loop1' (00000000a916303a): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 653.966786][T25810] RSP: 0018:ffff888085c6f4e0 EFLAGS: 00010216 [ 653.977858][ T3876] kobject: 'loop5' (00000000abac5ce1): kobject_uevent_env [ 653.983058][T25827] binder: 25825:25827 BC_DEAD_BINDER_DONE 0000000000000000 not found [ 653.992745][ T3876] kobject: 'loop5' (00000000abac5ce1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 654.001891][T25830] binder_fixup_parent: 21 callbacks suppressed [ 654.001899][T25830] binder: 25826:25830 got transaction with invalid parent offset or type [ 654.023090][T25810] RAX: 0000000000040000 RBX: 0000000020001000 RCX: ffffc9000a21d000 [ 654.031156][T25827] binder: 25825:25827 unknown command 0 [ 654.033939][T25819] kobject: 'loop4' (000000009b2e2909): kobject_uevent_env [ 654.036846][T25830] binder_transaction: 45 callbacks suppressed [ 654.036860][T25830] binder: 25826:25830 transaction failed 29201/-22, size 64-16 line 3389 [ 654.051054][T25819] kobject: 'loop4' (000000009b2e2909): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 654.060226][T25810] RDX: 00000000000004e2 RSI: ffffffff854d2f36 RDI: 0000000000000006 [ 654.076975][T25827] binder: 25825:25827 ioctl c0306201 20000780 returned -22 [ 654.085204][T25810] RBP: ffff888085c6f560 R08: ffff88809f66a280 R09: 0000000000000008 [ 654.099423][ T5] binder_release_work: 45 callbacks suppressed [ 654.099431][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 654.113483][T25830] binder: BINDER_SET_CONTEXT_MGR already set [ 654.129118][ T3876] kobject: 'loop4' (000000009b2e2909): kobject_uevent_env [ 654.131735][T25834] binder_alloc: 25826: binder_alloc_buf, no vma 01:51:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x400c630e, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 01:51:06 executing program 4: creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x101005, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) setpriority(0x0, r1, 0x10000) r2 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) sendmsg$unix(r2, &(0x7f0000000140)={&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x30}, 0x0) clone(0x2102001dfd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@init_itable='init_itable'}]}) [ 654.144015][ T3876] kobject: 'loop4' (000000009b2e2909): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 654.146431][T25810] R10: ffffed1010b8df15 R11: ffff888085c6f8af R12: 0000000000000048 [ 654.159823][ T3876] kobject: 'loop3' (00000000e799530e): kobject_uevent_env [ 654.173850][T25830] binder: 25826:25830 ioctl 40046207 0 returned -16 [ 654.179879][ T3876] kobject: 'loop3' (00000000e799530e): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 654.196090][ T3876] kobject: 'loop1' (00000000a916303a): kobject_uevent_env [ 654.198715][T25836] kobject: 'loop3' (00000000e799530e): kobject_uevent_env [ 654.203826][T25842] binder: 25837:25842 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 654.210717][T25834] binder: 25826:25834 transaction failed 29189/-3, size 64-16 line 3148 [ 654.222318][ T3876] kobject: 'loop1' (00000000a916303a): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 654.226948][T25810] R13: 0000000000000008 R14: 0000000000000058 R15: 0000000000000000 [ 654.240270][ T3876] kobject: 'loop4' (000000009b2e2909): kobject_uevent_env [ 654.245341][T25836] kobject: 'loop3' (00000000e799530e): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 654.263062][ T26] audit: type=1804 audit(1556243466.927:222): pid=25839 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir423095972/syzkaller.W25z6n/866/file0" dev="sda1" ino=17585 res=1 [ 654.263933][T25842] binder: 25837:25842 unknown command 0 [ 654.287282][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 654.295501][ T3876] kobject: 'loop4' (000000009b2e2909): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 654.301803][T25810] FS: 00007ff4c9f79700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 654.332930][T25842] binder: 25837:25842 ioctl c0306201 20000780 returned -22 [ 654.344378][T25810] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 01:51:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0add1f033c273f319bd070") r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 654.351084][T25836] EXT4-fs (sda1): re-mounted. Opts: [ 654.359157][ T3876] kobject: 'loop5' (00000000abac5ce1): kobject_uevent_env [ 654.364720][T25810] CR2: 0000000000000000 CR3: 000000009e3ec000 CR4: 00000000001406f0 [ 654.369340][ T3876] kobject: 'loop5' (00000000abac5ce1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 654.381018][T25810] Kernel panic - not syncing: Fatal exception [ 654.391806][T25810] Kernel Offset: disabled [ 654.396149][T25810] Rebooting in 86400 seconds..