b061388fad7245381f4f421315598113dbeceeb1edfa12ed9568fb8fa6768f2f6f9715c841407dee8f131645ca5aed57d9785803953da06dbd740a228916f300bfa8b3bc02f0ec109e91305c933ba9936365e44bf1f3852c9b4e47481b81a74fbb3eaf7f94c79455453e8cce3f7bb77f06092b078bb2dfedc2ae0aa18902aa66ca256a4a47042438b1b6d221e2622493040b37f19e9a5ebea131e7419ef6279b7dcbf2800dc5c9d680b70564516c5b3cf8ae44f82dd3072e046a3e1e9d001c90cab2fc840ac7aacd72bad4219a376db8ba4e37b9734f684912ab0f2b9efa8f3a3c6773786cd8fe148b5c330a599aea6c9f6e8acceb6d4f6d45355d30eefcf84935b15e96c2c99bca7776267abe6032085fc4b4bff5e729afc3928126c98d0ce539b008089a60f45e548300e19b57fef59bf7dca76485d0d7d17b7633dac005c72d942a6017db061690b7a8be4195fbcb4fa4faf87d3a5962d9b3e18f404eda8109056853071b1c73f1f92141a0d24bf81063067c340daec12e99172d94c8080375bb8e9afca4f0bcf9a32cc6991f5222a92c44560973b7f883a3f1ce92d2bd43d074e27451854d660096e66d9d5f436a188e87c7542ac03cac64a6f26e119b4c4dc6b91680d8204408f92e58e0bfc42802b9ab5af6ef57d44cee254f5542d27ef68a0bdb36bf9ea782a26f0f576e346b9fe6f364660412fe877204c76d30434a5fa3c48493b1e49e00d120dc35ca4db009b85e54b8f640fbdd272d3193a482bcc951867f3d293b55d74a47a9b4d8fcda5ffecbe16661fbcca9978445773db429921db4de8e39bd041d14627eac9625ae2fa3a6b2b52f17c032c16ecab63aebac2d8834a76ac37378b11bc6f7e8c261b56ef8b7564d1909b2dbec89c8b83001ba8f252b47bcb1fb3dd445dfe188811fe27ccebf23d79c11ae3004c5b6dc8c2011ca5de84647f683568ab4ff850a3b6620a9b4bfd468d7b2e9b547df02ef44afffa9c80d1b8ee97f067a3933e66e2590a25679cd45c860c6e2f2129ab75a8b258e4d6c03f35f1b27098a1e1007b17ad5d68a2e7ca976947d3fd869e30e057e09b2369167012a2fdb92b58cd75633c96d3cf8a49cf1589adfe9083ff0bedd525b1863053d691c63c3b3b5b149c768005c3c0a000af9cfa5734d01e676e5a343123842d37637ba64758729dca2dee061a954981deaa04bdda7023a7b44507aa5e05a5f8e3a687c51f98f37583b2c2ae9424a70e147298f9472370a33429085f4a89a65760051b642775d36dccd251fb6259db16ccd90cd8d88ccb84b79b9a18e484d76a62ed7ffdeb3a265d8c2064cd85870b6c4556681a0585c096b4340d3e4bd70261108c6f0844aa3e3d78880d43a3dbf62b04441293caaae9f9167c7af7729065ee413cae9b91cbf861fd833d7adadcebb91c30d661714abac7ceda2da6fbea64b6da3cd2fc3fb7ed6bfd7816e49e92240bd58bc2bea6b87f75c7f4567cf16ba02b2bb1cca78dfe7e23697d07da17a5dd10e603459743810a1db019f093a7f53c615db41b96d4cf5f070f6ce53d8aeb21f3537dc3bcc62fcfa2da4100e24ab09f75ca27d512f7ba8d45b577a1bc755ea13bee2f25ebd4dd7b76489cfd1aca50c9cf6618453caea498252dcf66881ce0899315867b3b10e21f5bb224462d4dfb8ba664a5bca8a91a6e01bc92550c73c77f11c58e407179fe563d4a37841388485f8eb6cc029f5180a78d0632c03349a2b68dd6755e0f937268f6c9f41b0d6f5cde58ef701f324797ff37e72ef49ce59a5d41d08eb67fb674cc34cd5b5c0f8bf772ca4d80a03ea6d9e60ab02f8dd408f675b0a420ba5e1adb1c6b5c1c6c51d4993ea4dd9e6a5aaf0e6c12a42ee6bf8726c34d0f7847c905bd1f97ceef15ca230c7c9d401bf50807dc32fb2e3b319de110a8243bf51d537ac245fd47efc4d5d8ae5438636610c175f1889d183d8da7b60a4ad944dfa18301884e7c41934cc76dfb8ef5127ff5622700289012cf1d02ee8af0ca6f0302ac618eb30f8387f3a7bba11db0f6813cb283937fe989903a50c2877d5a5079639718dcc21256c43cb31219c052b84d53600a6d73d9f01cd628483f5674014fb549c2c233dba60e821accf00a2692f1d9758576e035c91bff7d573a739b31ec48e7bf132ca6c38147e911ccf4b03f408c91a9ecd258653228e1968753c810a5aab5b47770aa4ecd5dc9bb1b67963d13390f08490884f35950003ddab432f8f022250588f7728f2f16594fed051489ae13d9850e2f0d2b0c69f0971eb598de268d6642c293f1c54bd22d7845d782511ee15d1b582e43655ec46367fcba29c43624c779f57740917eba7f136625668b01873f817fbbb7e9596d647d3b0c74f8681738e3312de8aa0352c4f82afc5e7e7a99e76bb085c27c78c58e92dd94613eca4e02e253365a2a8a827511520d4772358c6b51a622778a0870b211b355be81ee39283d85d3bc66fd37a07901febc8c567c63ee6af7519b1c86af0b46831fbd0e2cfa67a4c2925a1f493d78e2e0d840fe94f1f21d24d939289dbbb090deca4e8fb1f68ff02a2c8fe945a129e6160a8413450c366bf476ed0ef0a77c61993e0b8b22dc81614fd2890e56cf6d0c3", 0x1000, 0x60}, {&(0x7f0000001240)="0eea173cc0bf3ad3ee593301dda5e5132ec68871be5e819d903298e55244038dd5421532feb23fdf67bb30b6d0c2827c38a5fc1b0a8fca6a197b82e80c3c5d6082b7f882e4195e6b324eec2d", 0x4c}]) lseek(r0, 0x0, 0x7) perf_event_open(&(0x7f00000000c0)={0x8, 0x70, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x8, 0x0, 0x2, 0x0, 0x20, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xffffffffffffffff, @perf_bp={&(0x7f0000000040), 0x5}, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0xfffffffffffffffd}, r1, 0x0, 0xffffffffffffffff, 0x0) 07:38:04 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80800) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:04 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x5b}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000300)={0x0}, &(0x7f0000000340)=0xc) r3 = getpgid(0x0) tgkill(r2, r3, 0x3a) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) r6 = getpid() sched_setattr(r6, &(0x7f0000000640)={0x51adfb423372797d, 0x2, 0x0, 0x0, 0x3, 0x9, 0x0, 0xee1}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) ioctl$TUNGETVNETHDRSZ(r7, 0x800454d7, &(0x7f0000000380)) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r5, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) getsockopt$inet_pktinfo(r7, 0x0, 0x8, &(0x7f0000000440)={0x0, @broadcast, @multicast1}, &(0x7f0000000480)=0xc) ioctl$KVM_SET_DEBUGREGS(r7, 0x4080aea2, &(0x7f00000003c0)={[0xd000, 0xd000, 0x100000, 0x5000], 0x1000, 0x20, 0x6db9b65e}) socket$packet(0x11, 0x3, 0x300) lseek(r4, 0x0, 0x3) close(r0) close(r1) setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000680)=ANY=[@ANYBLOB="00000000000000000a004e210100000000000000000000000000ffffe0000001020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000050000000a004e2072868f5fff020000000000000000000000000001ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e240700000000000000000000000000ffff7f00000109000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2200000000fe80000000000000000000000000000303000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e22440e000000000000000000000000000000000000310300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006ece4930d0c685000000000000000000000000000000000000000000000000000000000000000000000000000a004e220800000000000000000000000000000000000001ff03000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x310) getsockopt$inet_opts(r7, 0x0, 0x0, &(0x7f0000000100)=""/82, &(0x7f0000000280)=0x52) 07:38:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x40406300, &(0x7f0000000400)}) [ 634.516842] binder: 9743:9744 unknown command 0 [ 634.521891] QAT: Invalid ioctl [ 634.525579] QAT: Invalid ioctl [ 634.534044] binder: 9743:9744 ioctl c0306201 20000080 returned -22 [ 634.541023] binder: BINDER_SET_CONTEXT_MGR already set [ 634.547656] binder: 9743:9744 ioctl 40046207 0 returned -16 [ 634.559571] binder: 9743:9760 unknown command 0 07:38:04 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x9, &(0x7f0000000000)="025cc83d6d345f8f762070") socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r1, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f00000002c0), 0x78, &(0x7f0000000300)}}, {{0x0, 0x0, &(0x7f0000000680), 0x59, &(0x7f00000006c0), 0x30020}}], 0x2b9, 0x0) 07:38:04 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x200000002, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r4, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @multicast2=0xe0000002}, 0x4}}, 0x2e) dup3(r1, r1, 0x80000) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x3, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x3a) close(r1) 07:38:04 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x18000040}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xbc, r1, 0x400, 0x70bd28, 0x25dfdbfe, {0x2}, [@IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x20}}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8001}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xb02}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x100}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x120}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xaf60}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xfcd6}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x10}, 0x10) r2 = gettid() socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f) fcntl$setsig(r3, 0xa, 0x12) fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2}) recvmmsg(r4, &(0x7f0000002680)=[{{&(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000002500), 0x0, &(0x7f0000002580)=""/220, 0xdc}}], 0x1, 0x0, &(0x7f00000026c0)={0x77359400}) dup2(r3, r4) r5 = gettid() recvfrom$unix(r3, &(0x7f00000000c0)=""/226, 0xe2, 0x0, 0x0, 0x0) clone(0x0, &(0x7f0000623000), &(0x7f00002cfffc), &(0x7f0000907000), &(0x7f0000553000)) getsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000000), &(0x7f00000001c0)=0x4) tkill(r5, 0x1000000000016) [ 634.560710] binder: 9743:9744 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 634.573453] Dev loop7: unable to read RDB block 8 [ 634.578405] loop7: unable to read partition table [ 634.583732] loop7: partition table beyond EOD, truncated [ 634.589227] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 634.611140] binder: 9743:9760 ioctl c0306201 20000080 returned -22 07:38:04 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000100)='tls\x00', 0x4) 07:38:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xf630c4000000000, &(0x7f0000000400)}) 07:38:04 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0xfffffffffffffffd, 0x0) keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe004, 0x1, &(0x7f0000000380)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200027000f801", 0x17}], 0x0, &(0x7f0000000340)=ANY=[]) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) getdents64(r1, &(0x7f0000000080)=""/59, 0x3b) getsockopt$llc_int(r1, 0x10c, 0xf, &(0x7f0000000140), &(0x7f0000000200)=0x4) getsockopt$llc_int(r0, 0x10c, 0x6, &(0x7f0000000480), &(0x7f00000004c0)=0x4) [ 634.642204] QAT: Invalid ioctl [ 634.646338] QAT: Invalid ioctl 07:38:04 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) keyctl$set_reqkey_keyring(0xe, 0x4) setresuid(r1, 0x0, 0x0) request_key(&(0x7f0000000440)="646e735f7265736f6c76657200501e29636aaabf09baf765b2f675534d2d6872617234c790be4a29cddeb1930c717c6dbe6147c0a82dbfd494ce1953db90c6b73b227b5d27238712f3f18514ad23e3f07a8ad63cec2a98a46e7ae9174b684157f0fd6c96dcf551ae1d9b04ea876f3e77035e73d35b1b36fcb1ccf65f40a02cd77f4ef0c387758c940e0506c3e8dd7d36f61e43f91a33dde762c71a386a39c4acac3cace8774917528c5030bc773bea869aaa4a7ea28c9e48dc1bd1548408f208bf0715479cf7b4583d911ee3bb283ef228d1a35aa679", &(0x7f0000000100)={0x73, 0x79, 0x2e}, &(0x7f00000001c0)="bc00", 0x0) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x280301, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x0, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3, 0x6f8}}, 0x10) 07:38:04 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x600001, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f0000000080)={{0x68, 0x5}, 'port0\x00', 0x2, 0x40000, 0x0, 0xbaa, 0xfff, 0xda3, 0x8, 0x0, 0x2, 0x4}) r2 = dup(r0) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x22, &(0x7f0000000040)=0x2, 0x4) [ 634.699413] binder: 9788:9789 unknown command 0 [ 634.710456] binder: 9788:9789 ioctl c0306201 20000080 returned -22 [ 634.717626] binder: BINDER_SET_CONTEXT_MGR already set 07:38:04 executing program 7: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x5, 0x200, 0x0, 0x0, 0xffffffffffffffff, 0x1d}, 0xffffffffffffff36) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="b4000000eb2f36ed25000000000000000fa000000000000000000000000000009500000000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0xfdbb, &(0x7f000000cf3d)=""/195}, 0x48) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_nanosleep(0x0, 0x1, &(0x7f0000000080)={r0, r1+10000000}, &(0x7f00000000c0)) [ 634.742926] binder: 9788:9789 ioctl 40046207 0 returned -16 [ 634.770879] binder: 9788:9794 unknown command 0 [ 634.776316] binder: 9788:9789 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 634.783406] binder: 9788:9794 ioctl c0306201 20000080 returned -22 [ 635.495544] FAULT_FLAG_ALLOW_RETRY missing 30 [ 635.500137] CPU: 0 PID: 9747 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 635.508528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 635.517875] Call Trace: [ 635.520454] dump_stack+0x1c9/0x2b4 [ 635.524064] ? dump_stack_print_info.cold.2+0x52/0x52 [ 635.529243] ? rb_erase+0x3550/0x3550 [ 635.533048] handle_userfault.cold.33+0x47/0x62 [ 635.537726] ? plist_check_list+0x7e/0xa0 [ 635.541886] ? plist_check_list+0xa0/0xa0 [ 635.546040] ? lock_acquire+0x1e4/0x540 [ 635.550016] ? userfaultfd_ioctl+0x5430/0x5430 [ 635.554597] ? trace_hardirqs_on+0x10/0x10 [ 635.558846] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 635.564199] ? plist_del+0x4a1/0x9d0 [ 635.567903] ? perf_event_update_userpage+0xd30/0xd30 [ 635.573105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 635.578628] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 635.583802] ? cgroup_rstat_updated+0xe6/0x470 [ 635.588370] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 635.592763] ? update_curr+0x200/0xc00 [ 635.596632] ? reweight_entity+0x1100/0x1100 [ 635.601027] ? trace_hardirqs_on+0x10/0x10 [ 635.605250] ? kasan_check_read+0x11/0x20 [ 635.609382] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 635.613949] ? compat_start_thread+0x80/0x80 [ 635.618343] ? lock_acquire+0x1e4/0x540 [ 635.622308] ? __handle_mm_fault+0x3a38/0x44a0 [ 635.626872] ? lock_downgrade+0x8f0/0x8f0 [ 635.631006] ? kasan_check_read+0x11/0x20 [ 635.635136] ? do_raw_spin_unlock+0xa7/0x2f0 [ 635.639528] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 635.644093] ? kasan_check_write+0x14/0x20 [ 635.648311] ? do_raw_spin_lock+0xc1/0x200 [ 635.652532] __handle_mm_fault+0x3a45/0x44a0 [ 635.656939] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 635.661765] ? __sched_text_start+0x8/0x8 [ 635.665896] ? kasan_check_read+0x11/0x20 [ 635.670029] ? lock_acquire+0x1e4/0x540 [ 635.673996] ? handle_mm_fault+0x417/0xc80 [ 635.678212] ? lock_downgrade+0x8f0/0x8f0 [ 635.682354] ? lock_release+0xa30/0xa30 [ 635.686310] ? retint_kernel+0x10/0x10 [ 635.690180] ? mem_cgroup_from_task+0xcb/0x1f0 [ 635.694741] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 635.700711] handle_mm_fault+0x53e/0xc80 [ 635.704757] ? __handle_mm_fault+0x44a0/0x44a0 [ 635.709322] ? find_vma+0x34/0x190 [ 635.712847] __do_page_fault+0x620/0xe50 [ 635.716894] ? mm_fault_error+0x380/0x380 [ 635.721031] do_page_fault+0xf6/0x8c0 [ 635.724817] ? vmalloc_sync_all+0x30/0x30 [ 635.728954] ? schedule+0xfb/0x450 [ 635.732484] ? lock_acquire+0x1e4/0x540 [ 635.736443] ? __might_fault+0x12b/0x1e0 [ 635.740493] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 635.745320] page_fault+0x1e/0x30 [ 635.748757] RIP: 0010:__get_user_4+0x21/0x30 [ 635.753139] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 635.772326] RSP: 0018:ffff8801c69bf538 EFLAGS: 00010202 [ 635.777682] RAX: 0000000020013e98 RBX: 1ffff10038d37eae RCX: ffffc90005630000 [ 635.784932] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 635.792183] RBP: ffff8801c69bfcb8 R08: 1ffff10038d37e84 R09: 0000000000000000 [ 635.799433] R10: ffffed00390145d1 R11: ffff8801c80a2e8b R12: ffff8801c80a2e00 [ 635.806683] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 635.813946] ? __might_fault+0x1a3/0x1e0 [ 635.817994] ? sctp_setsockopt+0x1e13/0x6db0 [ 635.822391] ? get_futex_value_locked+0xcb/0xf0 [ 635.827047] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 635.832741] ? trace_hardirqs_on+0x10/0x10 [ 635.836956] ? futex_wake+0x760/0x760 [ 635.840745] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 635.845919] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 635.851436] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 635.856520] ? futex_wait+0x5d2/0xa20 [ 635.860306] ? futex_wait_setup+0x410/0x410 [ 635.864612] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 635.869783] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 635.875300] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 635.880381] ? futex_wake+0x304/0x760 [ 635.884174] ? lock_acquire+0x1e4/0x540 [ 635.888130] ? percpu_ref_put_many+0x119/0x240 [ 635.892695] ? lock_downgrade+0x8f0/0x8f0 [ 635.896826] ? lock_acquire+0x1e4/0x540 [ 635.900792] ? __fget+0x4ac/0x740 [ 635.904247] ? lock_downgrade+0x8f0/0x8f0 [ 635.908378] ? lock_release+0xa30/0xa30 [ 635.912348] ? lockdep_init_map+0x9/0x10 [ 635.916391] ? exit_robust_list+0x290/0x290 [ 635.920698] ? __mutex_init+0x1f7/0x290 [ 635.924665] ? __ia32_sys_membarrier+0x150/0x150 [ 635.929404] ? kasan_unpoison_shadow+0x35/0x50 [ 635.933968] ? __fget+0x4d5/0x740 [ 635.937414] ? ksys_dup3+0x690/0x690 [ 635.941123] ? lock_acquire+0x1e4/0x540 [ 635.945078] ? __fd_install+0x2b2/0x880 [ 635.949035] ? lock_downgrade+0x8f0/0x8f0 [ 635.953168] ? select_collect+0x610/0x610 [ 635.957302] ? lock_release+0xa30/0xa30 [ 635.961264] ? __fget_light+0x2f7/0x440 [ 635.965221] ? fget_raw+0x20/0x20 [ 635.968656] ? get_unused_fd_flags+0x1a0/0x1a0 [ 635.973221] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 635.978739] ? alloc_file_pseudo+0x281/0x3f0 [ 635.983130] ? alloc_file+0x430/0x430 [ 635.986921] sock_common_setsockopt+0x9a/0xe0 [ 635.991403] __sys_setsockopt+0x1c5/0x3b0 [ 635.995533] ? kernel_accept+0x310/0x310 [ 635.999578] ? do_futex+0x27d0/0x27d0 [ 636.003361] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 636.008884] ? fput+0x130/0x1a0 [ 636.012152] __x64_sys_setsockopt+0xbe/0x150 [ 636.016549] do_syscall_64+0x1b9/0x820 [ 636.020421] ? finish_task_switch+0x1d3/0x870 [ 636.024900] ? syscall_return_slowpath+0x5e0/0x5e0 [ 636.029831] ? syscall_return_slowpath+0x31d/0x5e0 [ 636.034753] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 636.039763] ? prepare_exit_to_usermode+0x291/0x3b0 [ 636.044772] ? perf_trace_sys_enter+0xb10/0xb10 [ 636.049422] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 636.054250] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 636.059431] RIP: 0033:0x455ab9 [ 636.062600] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 636.081763] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 636.089451] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 07:38:05 executing program 3: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vhost-vsock\x00', 0x2, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x1c3, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r1, 0x5380) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x8008af00, &(0x7f0000000040)) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x1}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000006c0)={r2, 0x1000, "f46eedbf641daf516be07f25a6c4f31d413df4981cecea54ffa8ee4e9fec633741795c9ca940d5c326bdc6735041d06a586ec05eca5ab967dc18497106cbaec974f79597378b249429deb3e2545e1c7076bd01f48538e2b92e2ae6179ddc7a48036b19e96d73c84ce9743bb69c10a049713978c75f45692d45e6bf48376e9587a26cdf3be4c8a57f049fdcdb30503115db81324698c41df98cd0626f9f94d87fce711d8484c840d0d945e26d03ea1f03e66d7d19835aa75c1228378b110935d43c1ed710f5d34deceba0066bdb9b79192c6bf19fc8efda6083798beaa93f251c45252e7ff131f3067c150d056e56f0faaa3dced69007dc33cab8aa0c4f779878e0e0cb6055d16e75afb2964e042b1233e0b32756e40442e384de3865b410efe8191629b8e82b1e11eab48d7494c08aa9118d7b09020073e1f5f37b89e90110d8d2b15618bb4aa962bf37c90c217ab0b2d09a8bb43d9063bfff9d8d0670fcc3551ad3b524e1b434de79ca571f987ce45c00480f989ea450d83ccbfb6405efefd78d405812f638e427b133c612ed8861fdd301a68f118e97376719635a6b6986540d4a08694b175ef084cf4f2375effa5d2f2bbc8a4c8fc0769a61969a227e03d5df092ecb4b53ca69dcd07f65b4b6132f5ac44e3cad6f5bf986d32e984b36b846c24e3fff64adb65bd92544c56561df06070148a2d496e384a3cec462c32243a48b90098d9ebed26d91ab83165e9347bc6b68272a2d07e0672069bfa87e4410f2cbea4dfce3b700bb904b778e2cccbc1e046d47754a2fae383a3e2afefb1536ed3b61ecffc25492fadb07ca00ec773601f91590284c3bd14e2abb0f67be76d3a420be5aefd2ece2cea07fc333ca641904930f6bd211cb0833866719f70bfbb326d65ce4b9d873677796033f4ca5d55947464e9f226db0a0c03ffaa5cddd9b51d5f56899dd1a3523c0151afcb7b988dafd110f3f8ea22ed18d1b6be7ed00f038fdc849152afd15dba9ebd51733abc3c8740e58d18d10b4800f4f9c18b6d34a3db69b3aff320553ef609863af5fe97d4b94c7f494d8c382a6432b3c95e3593de1ae772586cc6b1467bdca853cc74de3262a1108a98de7461be595c837951f936883db43791dfd7af4cc0727d49b43f85e3c5ebc8916ecbe1884351b3620cd51e8014333ec39a73e352b4e47439955eb10e02b0a377c069e875cb28613197884f016e2c475e5f9bbb08101c10a1492d1a9b45848143ef414cf66add8e57743b94c321bbcc754fd2fddf3e814dcaeb896a5c5b45165e7ba4b545d6b128d284db6ae2cf99c675a6d161260f80807c6478d4d2170801dd66e7ef5235ea3206db47cddf4d0c7342042d60c4a57738a8069e54d3846d8e2b3ce4eed1874e6391d229b9b55b5666bc8c6f5db314216ae063e354811b841c911c19c8a567afcbe1ac96fd159decf5de0ef22732b137b600ad3549a10d934afd35c2b8b011f61205f4651b8063440d3f5e0b2aff8b5142dec4b33c2c3472a80278d59737a9f36c020d2fc3e208a9dbceec3a319f2a979e09b82ad57f0038bd6c1cf8bc2d8fa12aa07bb99909b713498d63bd90b1808369c71adbf415b7f09eea2edd922d1eac1698959a3c3759ea645f8f6f4cf60b12567124300d851a062321183ab6817321313d7c3ee83e127a050273b4c453064351379a084b8a74189c4b3963f653c1c0870c63c1b326ee0cb70efc3504d96a322d7ead2ce8171033c9945ec4b0a92b2716b967c1c0c23952a91ba2636c6841bb433dff37ce3e1a45489d87867b61b2ce7e38ca1900b3d7a511fe447e55da07076b477a3a36ce3681e5e000ec0af8e96fa6860fa0b52635aef5fade838d576d73794cb220ec5c75e06cde4aa60c1ff94cecb013689ea5efd475c857a7db90cdd4e95a99e1d9005151f76807069e7452e3f5d3ad8635bcf158a5842d636488c5d36d9f8eae2c3a1a31bc2801c56bfa0e040ccbc0416431d9ff927ec1ce1a52af8bf5dad81b7df213227bc32b60f78057be74635632c011b858d9cda50b8d7b65f75ac68c2d3cfafeb5f1d57c6c2a9f8b6774f8bfd909b9a6cb66ebd6f47c066fd261c0398e6cf8bb6f509640493b7fa6e89991ba41f019c2ecb909674c93ef3a78e1f242c21e2c174fa124b067a943197a8dd8196a1a8dc7d0baff6ef8bc7ae2334ad2b1aefb27bbd97288d623d09bc4491e468f380973daa9c3ea0d61a0b0702217ad1464843983b3ca22efcd6504a5d1154b767bd647b2ec9ce94d98692041543d40a367e9aa29fc7591e2205d433089b695e196f776ed573ff66a2e495fac08e49308f73743503c55db46d613868ee7e952049a3e8f8e17710a232cb4e74b40e2c17f0c6d98b471f20b445905c4561b9df2fa9c0d869bfee167fd5d001227e5b83c8e2bb1d05a65b4e6b651290d1c90a7d6701536e40e383355831d1dbb12e53e9fd4b3fec1aa35b585c979118ab2867af75a65b5b6d31fced0058d4f36820d69bdd1b7d70a1ff60dd1341dde17006ba65e213b0030962c5224e974baaf967aa217d054e49e96541be453654c8e3b794fbea464c5d92462e87ecdeafd3adde1b7cb63774f29b7943e22bece1adbd786eb7f6ee536bd8c3cdf6c864c25b6cfe90f147344a9e08cfb7a246fb8fa1bfecf8cf769a41bc14f4beaba0047fa545a9bc130c028653df8c34730d2652722cf528ef443be1d6ce24627345ed43d80f9f824ab82e0f6a47feaf5bbb03f4cae3437f0f62a1da25d7d2a4a49a31fe9d3a93f6627d4d39c6ee88366e87e9bc153061db965b2c3e8b338ffe9d24a2ae9fee08a3026849c5f4115ba50351aff072bbf1fa0fed148e5c8b13cb48753d3cbc116a8514312d857d8d95ed2ea40fd1d96f50660bff0a1d98f62e9b3a2dcb189441e6b22228b6e25fee687f1de91040446171b7351f0ea0e8b69fd4ff2d8cf6bbc50ad39793d015d8148750938c8095aa4236783720d53811206609d957f52bd5544c9792e318d114e0d3d518fd43f9f4f214db1187e9dc261c137eae91d2c33ec5f49a24ea654cbd7aac1d4c0ddd0d3cead68d25068d99c3fd7ccbd54a283259754d6ffa368c7e7a110bc690701c3e8d3520f43ab175928a9810cc44354295f8e027178a46e13b7dc49e2cc2c7a00631a5d6fd557bedc4a89c61889c106b7eb6d6bfab0b25cea0738ef9edb30b86da168d6c9ec34b0b32bdd6886c48361dfe6527c91d12ffb4ed19a4aa347f8d0699811dca4ab4bdf106ef3c7bac6c037411f358cad32eeebb28223e517d07a0405bea5d4b631a247b242343729ed84ebaebf272b45ab4815efabb8c11f83096bfa5a2e32db9493def2b830a107450ec6174feca18d256529d46da1080441d1b34d79bdb0fb17aa6941cda76a5f623b048eef25c9d365916d532c58b5dd2c4e5e59aa7f559ef846a36c3de04a8340a2abcb1ba1a0552445d7b7f353d415ef7c12bd5f0d2e30466e889f7563ddf028ff53377aa8cc6113b6efb139b5a50b31340c5e355e4d9f78e24889d50728349ccc746464bdb62e909580240a435d0d496c363deaaacffaeef4607a56f98f16c32a14f5ee9b610b656f15a7579bb86e4284b2ae8e1a8a7d980b4dad9c5ec484fceb18ca3d315142dc801f7b7f47872e93355c08a415534612f5a2c465bb13defa2a94edf4af2004ecb64e970367fe976f0873f2da7e46dc447c80fbb86ce57596e6ed27cb70d6841eb77c26cb818f83f195fbd3be34e3024d26070363c09acbb71e834c818828e32d93089f30a43f6c2df34f18c506313d35567b7bee965605d0051dba160b1c9f082547f0fd866553bc18bbf66f3f1923c7319968c9f9c471bb5ecec002a3c6a76e87fb99dd72a13f7ffd3ef2869bf67d798254b212faed8ff44e50303a9497efde1f3704617fd8fd057aad48330216988ef97f2c63e2001a51ebef5bd53f71bf9e47cc581b67a5e82dc4fdfdc940aaa4b67cb84e50e8a87ca196ae122c909c0311f62ef579e63180b166fb7bd49a9126aa9b5c6a05355000efa9ed4776000003f87fdfba0d4549ef1fb2883656db690c499d796a746bfec31ac0d85a454710280c3fcb6285f3102d7e77408549981571dffdc7db2a934c464428d70b193ae215e128d8892758e86b35bb2441f2664e6a8565555ac377de2ce119a20e4ff04bdc854b462724afa5e90f3c0f67e848d6b122e71800319e9daa52822ffbd310cc4e88f115f709d20e06437eac388dc39ede41c7c9b94137d2037a847c2e18407f5c1ee6e5811ad8d819ce42a7faaf90338036718b74f4ac0319afa145c8f9d3573ade66b1627037f7ff8664a94e68f37fc82e16e741cbf967cee7810c689685a1ce6ba62df1f3f5e3d9b0bde4e3607a2004e55a80040c922ade5d25db50399ac931cc2abf66ad5242a96d25d7c7e235fafef868ea26a38c6c1d1924a876d1b7e6ce7b6f44c1062cda3147dd6f6674dfb4a83349dd67b14a780d1897318db69aeae201ef794722a1b1df8ba0318b206c70f50b93fd3e444b37d285caa928f1127b2b20d40c58b2c20f3d25651c7c7c86dc90591636fe841a254ccffc63cad8bedce568af1de391b1128f305e55de30c61309649ff479b7a4adc524d6cb3dc0a6a6bc715a570a6d80940ff6c99d4124598da4b29a62c41760dea82edc0cbdf5cc2f3bb58e7278fb59ffcf225ba7b4f803072e7c67cf8b6c34a9a34e4534abf22faade4029b0b4c46d38d7cc267383049d032b50c05840fce185e82800ee2f880869fe142c6ee173d59f20590a6e0e524023482b3b471348ad6c94855c71ad0763f59946c4c1059e597489e2072271b78c6c9d3b23ada5a9aea98bd7f5ff9bf700e2c6ae524f574df2cb39740403161857c1858d5e597e7c82b2a18978f7a78b20607974eb5dfa738e3a47951e00fff45a2eb4c89a3e70c4b18529fdfdcf61b38caee8c02488ccf1a43793c41071ad62fe20ace3307a3876de0766b817696f0922ec04323d292bd2901fd3804928bd940f113c21d6a52a823bad8529a8c7dd41702612eff8c18773cd59ede42e43e506cc7d5222dd8ea4179904524142578ac5b451902f826ed96d6a4afd21fa8db27f910dfca619e2f1fc9660b36c48449bd373e9220236416329d50b442acffb9dbfbb88907f9fa1639d86ef3ed19ec367e1b98af1aeecadc74b30acf3092eaadaa0873c23a02e068d0ef6286c1aee7fb8f7694ad8436925a19b9d785a39ccd960161705d8212e565be978d1285f5f543ca0d1898db03cc4f6c0bf2c1fc76130e9ed862f68e25f11f186efab537c4d84e2b7eb189a241d6b34adaef2dd076d6434316834d232ad8c4a0779b1502af59e38484de0329c5c77acda38bd8316e99289cb8a27f7982f6b6d670a7295ae296219d01f3a32002e2f67ec9168c2ea361544641e008f3926f74591a90a19ea47f92c93d3b1e60130b120653a1844a097209840d8cdb620240c267e0b3f6fd3ed284e69164d8f470d24407290a6677cf98978e551189bbc750a58d4088d2a20278df169eee74e1ef2189ccd8d46119a7943bb7ae8d807697e6809fbf4e3fb383dda9d0a5b558c4d50d2caea37dde4828e6174560a849ba89baa22931175a05b27ec516870152a04801fda2178992a22cd6da68cc429b4b8f7400da43d53a17c490e485dd31f662da364a05afb798d5a9ebf4c6f247853cdc1b304e3472acac2f7095b45243ee32471f4da3cd2a325643e0ba68009d36d90e5caf42f9cda36fc1e912dba3bf39cd2e629eefb914217b3bf296663fed3f2cc3eaef41971b"}, &(0x7f0000000100)=0x1008) 07:38:05 executing program 0: r0 = getpgrp(0x0) r1 = gettid() perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0xb, &(0x7f0000000040)) rt_sigtimedwait(&(0x7f0000001ff8)={0x3ffff}, &(0x7f0000f0aff0), &(0x7f0000fbcff0)={0xffffd, 0x989680}, 0x8) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x200000, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000200)={0x0, 0x5b, "dcf4240ca6e202977a720227094ef001add1a45fca614787a4dc57c19ad7c524ec8fad8eb5ca69fa5b5da405cd0219f990c426d121f6414bc78f6477cda21b433dc5f45b843142fc7ebc63148595e9fce7120a91de3fda2387e51f"}, &(0x7f0000000280)=0x63) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f00000002c0)=ANY=[@ANYRES32=r3, @ANYBLOB="ffff0900ac00040002000206ff0309000600feff1807"], 0x1a) 07:38:05 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f000088cff6)='/dev/ptmx\x00', 0x1000000000001, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b3fdc)) write(r1, &(0x7f000054bfba)="4f7ad0c9edb302486f1748144523c0c253773e00d49ba39063e2432e8de58f5930fd07000000dcf50bbc54b70c0ea17b4728dde5f9eedfc811ff1f75642558334444c9fe3d13", 0x46) r2 = syz_open_pts(r1, 0x2) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000180)="10", 0xffffff71}], 0x1) r3 = gettid() ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) ioctl$KDGKBLED(r1, 0x4b64, &(0x7f0000000000)) tkill(r3, 0x1000000000016) ioctl$TCSETS(r2, 0x5402, &(0x7f00000000c0)) 07:38:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xb90b0000, &(0x7f0000000400)}) 07:38:05 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000100)={0x800000000000000, r2}) ioctl$FICLONE(r2, 0x40049409, r2) ioctl$KVM_SET_TSS_ADDR(r2, 0xae47, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000080)={0x3, 0xffffffffffffffff, 0x1}) [ 636.096700] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 636.103949] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 636.111211] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 636.118470] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:06 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000002c0)={0x3, &(0x7f0000000280)=[{0xfffffffffffffffc, 0x800, 0x3, 0x673}, {0x379b4532, 0xcf, 0x80000001, 0x17a6}, {0x81, 0x2, 0x7, 0x6}]}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) ioctl$KVM_S390_INTERRUPT_CPU(r7, 0x4010ae94, &(0x7f0000000140)={0x7ff, 0x6, 0x3c6}) 07:38:06 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) sendto$inet(r0, &(0x7f0000000140)="a5bf55c1ac480a5168b6937fe7ca0d06c1a0639bb3cdd0fe3494fdec68ddebfb90c9acc5d7a427f55fc27a68c2015c01044d6cae91b7408947dfc8e162de67158741c94cde7410a2bada62035c1ef8763e1f4097fcc790789d847c57446f205e5c5e04a2e08480ba62052df515afb3a2cc72a44e83f2c96d1e9fed3f79e65a07056c5ac0cf11084b9a5e3ad5110b76ac8e6354f5017c5d8a156ce9b4e41305cd01723becf89f6cf94242063a67357847bca57b6a5aa0cbbcce3734ea25b9164979c671f725b0c50018acdee431dfb0284b87abc881997839a55dc9ba34baca1983cf", 0xe2, 0x4000, &(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x8}, 0x10) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000015000)=0x4, 0x4) bind$inet(r2, &(0x7f0000011ff0)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) 07:38:06 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000100)="025cc83d6d345f8f762070") r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) bind$bt_rfcomm(r2, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x3}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x2, 0x18, 0xfa00, {0x1000000000000000, &(0x7f0000000200), 0x3}}, 0x20) 07:38:06 executing program 7: r0 = socket$inet6(0xa, 0x80000, 0x2) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f00000013c0)='ramfs\x00', 0x0, &(0x7f00000002c0)) chroot(&(0x7f00000000c0)='./file0\x00') umount2(&(0x7f0000000040)='./file0\x00', 0x2) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x4000, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', r1}) chroot(&(0x7f0000000000)='./file0\x00') 07:38:06 executing program 0: syz_open_dev$evdev(&(0x7f0000dfdfee)='/dev/input/event#\x00', 0x0, 0x0) [ 636.302591] binder: 9831:9833 unknown command 0 [ 636.313799] binder: 9831:9833 ioctl c0306201 20000080 returned -22 [ 636.320514] binder: BINDER_SET_CONTEXT_MGR already set [ 636.325891] binder: 9831:9833 ioctl 40046207 0 returned -16 [ 636.340603] binder: 9831:9859 unknown command 0 [ 636.349253] binder: 9831:9833 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 07:38:06 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) ioctl$TCSETSW(r5, 0x5403, &(0x7f0000000100)={0x5bd, 0x100000001, 0xffffffffffff2ef0, 0x1, 0xfffffffffffffff8, 0x100, 0x7, 0x4, 0x0, 0x7, 0x6ba3, 0x8}) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:06 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x00') ioctl$fiemap(r0, 0xc020660b, &(0x7f0000000000)={0x7ff, 0x0, 0x0, 0x4}) 07:38:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x4800, &(0x7f0000000400)}) 07:38:06 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000003fe8)={0xaa}) r1 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000000)={0x0, 0x0, 0x0, @mcast2}, &(0x7f0000000040)=0x1c) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e22, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x2}}, [0x7, 0x8, 0xfffffffffffffffe, 0x0, 0x7363378d, 0x81, 0x8000, 0x3, 0xfffffffffffffe75, 0x4, 0xff, 0xfff, 0x1, 0x8662, 0x294]}, &(0x7f0000000200)=0x100) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000240)={r2, @in6={{0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0xfffffffffffffffd}}, 0x2, 0x4, 0x7, 0xc61, 0x10}, 0x98) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x3, 0x84) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sequencer\x00', 0x151881, 0x0) mkdirat(r4, &(0x7f0000000340)='./file0\x00', 0x10) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0xc) openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dsp\x00', 0x50502, 0x0) mmap(&(0x7f0000014000/0x4000)=nil, 0x4000, 0x8002, 0x10010, r0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/autofs\x00', 0x400000, 0x0) close(r0) 07:38:06 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="5f3c00456d345f8f762070") unshare(0x20000) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00') exit(0x0) close(r1) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x9, 0x10, r1, 0x29) [ 636.375510] binder: 9831:9859 ioctl c0306201 20000080 returned -22 07:38:06 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000040)="295ee1311f16f477671070") munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r1, &(0x7f00000009c0)=ANY=[], 0xfffffe51) setsockopt$sock_int(r2, 0x1, 0x200000010, &(0x7f0000000040)=0x1, 0x4) recvfrom(r2, &(0x7f00000001c0)=""/196, 0x484, 0x2, &(0x7f0000000080)=@un=@abs, 0x707000) 07:38:06 executing program 6: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='syzkaller1\x00', 0x10) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x80) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x4e22, 0x100000000, @remote={0xfe, 0x80, [], 0xbb}, 0x1}, @in6={0xa, 0x4e20, 0xd3, @dev={0xfe, 0x80, [], 0x19}, 0x8}, @in={0x2, 0x4e23}, @in6={0xa, 0x4e23, 0x240000000, @mcast2={0xff, 0x2, [], 0x1}, 0x1}], 0x64) lookup_dcookie(0x1, &(0x7f0000000000)=""/26, 0x1a) [ 636.435011] binder: 9882:9883 unknown command 0 [ 636.439879] binder: 9882:9883 ioctl c0306201 20000080 returned -22 [ 636.449915] binder: BINDER_SET_CONTEXT_MGR already set [ 636.460307] binder: 9882:9883 ioctl 40046207 0 returned -16 [ 636.477304] binder: 9882:9884 unknown command 0 07:38:06 executing program 0: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vcs\x00', 0x8002, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f0000000340)=""/75) syslog(0x5, 0x0, 0x0) fcntl$getown(r0, 0x9) r2 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x80, 0x444c00) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x1000, 0x2000) sendfile(r0, r0, &(0x7f00000003c0), 0xa824) ioctl$VHOST_GET_VRING_ENDIAN(r3, 0x4008af14, &(0x7f0000000180)={0x1000000000000000, 0x5}) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='(wlan1eth0\x00', 0xffffffffffffff9c}, 0x10) ioctl$PIO_FONT(r4, 0x4b61, &(0x7f0000000280)="7c2ce9a98092e19ec58401869f40ca37e3278e1d069632e517bf22f3dd1a701fd640bfe865ebb2d2ea07d75e22d83a4b8b4633862ead77601796d837e6e2a9ca838455598cb1204cf1e75d395a9ad2b6b32436f65516f405e087fa278729d410d59a7edca5082aa6da81785d85d6ef26353dcdcdc8593a62d89e73ed3f80e08da477fc179f03d6659c8f9fbb6fc59b83a897828de4732eca1325") ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000080)={0xefff}) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r2, &(0x7f0000000040)={0x80000000}) [ 636.489361] binder: 9882:9884 ioctl c0306201 20000080 returned -22 07:38:07 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x3cb2) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(r3, 0xae64, &(0x7f0000000080)={0x0, 0x0, @ioapic}) 07:38:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xe838030000000000, &(0x7f0000000400)}) 07:38:07 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000008e00)=[{{0x0, 0x0, &(0x7f0000008a40), 0x0, &(0x7f000000a080)=ANY=[@ANYBLOB="1010000000000000000000002b0000006177837777942420c141f5b7fa5c058de246790c859b09b7990425b21514e4a26b1fc6d6c7a047dbf22876c54a8c1cefa90eac4c2fe8a4a456853eeb86f1756c6980944715df78c8d5c68312edd129b709508f4083b7170de95d273f988370cea7f092203bf490e9417c7642fa16c9bc0f649f5edbcd5c134445577e475e329bc256c126e1ff247cbb698098d9b83c46751ead228d889ef32584a999f0a22ecd4baf92267ad35c31a40134f6bea0dddc36bf720def413ed3c62119e565c0a807fab92ed946d99cad7199bb0a98fc1a286999c6639b53d75dfefede50a15d3517ab492d2b95d853135d1c8015e8ea3bb4cacbbb5eb869d3d82d972c8a3285e2bba0836f6a8fcd80b64a7a176e80521df09f6c62060d17bd635e2e347f2a"], 0x12d}}], 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="025cc83d6d345f81762070") mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0xa000003fe, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00008deff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f000000a000)) listxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=""/204, 0xcc) clock_getres(0x7, &(0x7f00000001c0)) [ 637.132287] binder: 9909:9910 unknown command 0 [ 637.141403] xprt_adjust_timeout: rq_timeout = 0! [ 637.144084] binder: 9909:9910 ioctl c0306201 20000080 returned -22 [ 637.153332] binder: BINDER_SET_CONTEXT_MGR already set [ 637.158859] binder: 9909:9910 ioctl 40046207 0 returned -16 [ 637.194497] binder: 9909:9910 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 637.194504] binder: 9909:9917 unknown command 0 [ 637.194521] binder: 9909:9917 ioctl c0306201 20000080 returned -22 [ 637.398992] FAULT_FLAG_ALLOW_RETRY missing 30 [ 637.403573] CPU: 0 PID: 9872 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 637.411957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 637.421298] Call Trace: [ 637.423877] dump_stack+0x1c9/0x2b4 [ 637.427506] ? dump_stack_print_info.cold.2+0x52/0x52 [ 637.432684] ? rb_erase+0x3550/0x3550 [ 637.436476] handle_userfault.cold.33+0x47/0x62 [ 637.441165] ? plist_check_list+0x7e/0xa0 [ 637.445309] ? plist_check_list+0xa0/0xa0 [ 637.449447] ? lock_acquire+0x1e4/0x540 [ 637.453406] ? userfaultfd_ioctl+0x5430/0x5430 [ 637.457974] ? trace_hardirqs_on+0x10/0x10 [ 637.462196] ? plist_del+0x4a1/0x9d0 [ 637.465895] ? plist_add+0x790/0x790 [ 637.469610] ? lock_release+0xa30/0xa30 [ 637.473565] ? cpuacct_charge+0x30a/0x5d0 [ 637.477705] ? cgroup_rstat_updated+0xe6/0x470 [ 637.482284] ? trace_hardirqs_on_caller+0x540/0x5c0 [ 637.487286] ? update_curr+0x200/0xc00 [ 637.491161] ? trace_hardirqs_on+0x10/0x10 [ 637.495400] ? trace_hardirqs_on+0x10/0x10 [ 637.499618] ? kasan_check_read+0x11/0x20 [ 637.503746] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 637.508316] ? compat_start_thread+0x80/0x80 [ 637.512704] ? lock_acquire+0x1e4/0x540 [ 637.516664] ? __handle_mm_fault+0x3a38/0x44a0 [ 637.521233] ? lock_downgrade+0x8f0/0x8f0 [ 637.525376] ? kasan_check_read+0x11/0x20 [ 637.529506] ? do_raw_spin_unlock+0xa7/0x2f0 [ 637.533892] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 637.538457] ? kasan_check_write+0x14/0x20 [ 637.542679] ? do_raw_spin_lock+0xc1/0x200 [ 637.546908] __handle_mm_fault+0x3a45/0x44a0 [ 637.551300] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 637.556139] ? __sched_text_start+0x8/0x8 [ 637.560300] ? reweight_entity+0x7ed/0x1100 [ 637.564603] ? lock_release+0xa30/0xa30 [ 637.568561] ? lock_acquire+0x1e4/0x540 [ 637.572515] ? handle_mm_fault+0x417/0xc80 [ 637.576733] ? lock_downgrade+0x8f0/0x8f0 [ 637.580869] ? lock_release+0xa30/0xa30 [ 637.584824] ? mem_cgroup_from_task+0xcb/0x1f0 [ 637.589387] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 637.594135] handle_mm_fault+0x53e/0xc80 [ 637.598186] ? __handle_mm_fault+0x44a0/0x44a0 [ 637.602750] ? find_vma+0x34/0x190 [ 637.606276] __do_page_fault+0x620/0xe50 [ 637.610325] ? mm_fault_error+0x380/0x380 [ 637.614463] do_page_fault+0xf6/0x8c0 [ 637.618262] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 637.623704] ? vmalloc_sync_all+0x30/0x30 [ 637.627850] ? lock_acquire+0x1e4/0x540 [ 637.631803] ? __might_fault+0x12b/0x1e0 [ 637.635855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 637.640689] page_fault+0x1e/0x30 [ 637.644142] RIP: 0010:__get_user_4+0x21/0x30 [ 637.648527] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 637.667660] RSP: 0018:ffff8801900b7538 EFLAGS: 00010202 [ 637.673018] RAX: 0000000020013e98 RBX: 1ffff10032016eae RCX: ffffc90005630000 [ 637.680270] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 637.687520] RBP: ffff8801900b7cb8 R08: 1ffff10032016e84 R09: 0000000000000000 [ 637.694771] R10: ffffed0038d4cec9 R11: ffff8801c6a6764b R12: ffff8801c6a675c0 [ 637.702021] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 637.709292] ? __might_fault+0x1a3/0x1e0 [ 637.713347] ? sctp_setsockopt+0x1e13/0x6db0 [ 637.717740] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 637.723432] ? migrate_swap_stop+0x850/0x850 [ 637.727825] ? kasan_check_write+0x14/0x20 [ 637.732043] ? trace_hardirqs_on+0x10/0x10 [ 637.736265] ? __account_cfs_rq_runtime+0x770/0x770 [ 637.741266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 637.746787] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 637.752147] ? update_load_avg+0x27d0/0x27d0 [ 637.756552] ? perf_event_update_userpage+0xd30/0xd30 [ 637.761725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 637.767246] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 637.772416] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 637.776809] ? alloc_empty_file+0x72/0x170 [ 637.781028] ? run_rebalance_domains+0x4c0/0x4c0 [ 637.785777] ? finish_task_switch+0x1d3/0x870 [ 637.790272] ? lock_downgrade+0x8f0/0x8f0 [ 637.794400] ? finish_task_switch+0x18a/0x870 [ 637.798876] ? lock_acquire+0x1e4/0x540 [ 637.802831] ? __fget+0x4ac/0x740 [ 637.806266] ? lock_downgrade+0x8f0/0x8f0 [ 637.810405] ? lock_release+0xa30/0xa30 [ 637.814381] ? trace_hardirqs_on+0xd/0x10 [ 637.818518] ? _raw_spin_unlock_irq+0x27/0x70 [ 637.822997] ? finish_task_switch+0x18a/0x870 [ 637.827476] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 637.832909] ? __fget+0x4d5/0x740 [ 637.836354] ? ksys_dup3+0x690/0x690 [ 637.840060] ? __schedule+0x884/0x1ea0 [ 637.843938] ? __fget_light+0x2f7/0x440 [ 637.847905] ? fget_raw+0x20/0x20 [ 637.851341] ? get_unused_fd_flags+0x1a0/0x1a0 [ 637.855904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 637.861423] ? schedule+0xfb/0x450 [ 637.864954] ? alloc_file+0x430/0x430 [ 637.868757] sock_common_setsockopt+0x9a/0xe0 [ 637.873237] __sys_setsockopt+0x1c5/0x3b0 [ 637.877367] ? kernel_accept+0x310/0x310 [ 637.881412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 637.886934] ? syscall_slow_exit_work+0x500/0x500 [ 637.891769] __x64_sys_setsockopt+0xbe/0x150 [ 637.896166] do_syscall_64+0x1b9/0x820 [ 637.900040] ? finish_task_switch+0x1d3/0x870 [ 637.904517] ? syscall_return_slowpath+0x5e0/0x5e0 [ 637.909438] ? syscall_return_slowpath+0x31d/0x5e0 [ 637.914355] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 637.919367] ? prepare_exit_to_usermode+0x291/0x3b0 [ 637.924374] ? perf_trace_sys_enter+0xb10/0xb10 [ 637.929025] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 637.933864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 637.939035] RIP: 0033:0x455ab9 [ 637.942200] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 637.961342] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 637.969030] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 637.976278] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 637.983534] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 637.990802] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 637.998050] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:08 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = getpid() sched_setattr(r3, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000280)={0x28, 0x0, 0x2710, @my=0x0}, 0x10, 0x80000) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r5, 0x28, 0x6, &(0x7f0000000480)={r6, r7/1000+10000}, 0x10) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000340), &(0x7f0000000380)=0x4) r8 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10}, 0xc, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000041600011026bd00000000001000000000490dc49f6e120d47f4be0ed987966526fe35837254351e1c71767574648f6a0f383e8ad702877876ce02f6a535f38e429e60445e25cee9"], 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x4814) write$sndseq(r8, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r9 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000180)=""/239, 0xef) getdents64(r9, &(0x7f0000000000)=""/188, 0xbc) write(0xffffffffffffffff, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x1) syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x3f, 0x0) bind$rds(r2, &(0x7f00000000c0)={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000000)=ANY=[@ANYBLOB="3bf72022f7683bb012f5a0322a17"]) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000180)={0x4, 0x7, 0x7, 0x4, 0x6}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:38:08 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) nanosleep(&(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) fcntl$setpipe(r1, 0x407, 0x3f) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x4, 0x10000000000003e, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) 07:38:08 executing program 6: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='+9'], 0x2) 07:38:08 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$int_out(r1, 0x81204101, &(0x7f0000000040)) r2 = fcntl$getown(r1, 0x9) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x30, 0x8, 0x2, 0xff, 0x0, 0x7, 0x10, 0x4, 0x0, 0x400, 0x1, 0x1, 0xffffffffffff0001, 0x101, 0x0, 0xffffffff, 0xd753, 0x44b60000000, 0x80000000, 0x2, 0x5450, 0x80000000, 0xfffffffffffffffb, 0x80000000, 0x4, 0x7, 0x3f, 0xcceb, 0x5, 0xf8c, 0xfff, 0x1, 0x3, 0xacc, 0x5, 0x4, 0x0, 0x811c, 0x4, @perf_bp={&(0x7f0000000080), 0x2}, 0x810, 0x5, 0x7ff, 0x5, 0x7, 0x1, 0x2}, r2, 0xd, r0, 0x2) 07:38:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xd63000000000000, &(0x7f0000000400)}) 07:38:08 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) close(r2) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:08 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x5, 0x10000) name_to_handle_at(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x73, 0x5, "69e3064c559cd8262ab9b223e9880502be6a65e20105c462628323d5a4e45ec5185cfb2e11e0412c961090d88ed991464d33f6bf3776675469063fcd58e1b936e0cb5a0e293682e3bc5078721f45c2cfc8580b49ffd0d30a5718b5e5e4dfba4472efb0d7d5fdb524695983"}, &(0x7f0000000100), 0x400) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000004c0)}, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:08 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x40000, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000100)="a81292b1a096f66f87a58f0c2f62109d", 0x10) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xaa8}) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)='2', 0x1}], 0x1) r1 = gettid() r2 = syz_open_procfs(r1, &(0x7f0000000040)="636c6561725f7265667304") writev(r2, &(0x7f0000000040), 0x0) 07:38:08 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f0000000240)={0x0, 0x1000, "7fe264e27b7050f1fd3cb1183b8fc6816569da075da618d464a4eb785964783515fa2a06b5c42af47987db6cbd4fdf019929db7728c0152d6177b7be5766426954c854bd9048038da9c3432bec0fc4f17b2196394964939bf05658252b6c362e2844add4cbc81e4851f90a4a83a360c5d2b7404454191189403e929ea8330ce822c7d7f941fd724a839cb8d05bf4f367e9e5da6d7e996965b1274abc92697b605092a7f1a1c37f7ff1f097e23532109b977f6722d330208d1547e93b5887c6bb7d97b2504d2f5c5eb1a23dad56ff6d6f3701e66e891be5d8bb1fa8cfa686362726bd4fdee505f6dd733a7f9898d7e2a47461150b61d10a36df49c56b2a3308ab3fa3bb66683e261bf53db74449f38697a853d18cc88d0629f34566dddf0df230a3584273eed9e59132f4dab69d8f35bc6f76d25af25de294e06ec2f44ac2df9339e6fc118ced68a71659cef360277cefa1cae877cdfc3c7f93d563a99d4c1ea83ec0954dae99b64b4734cadf0419d37038d3bdef101863a8be1469e50ec6c131b4faa85a068af350baab861b82d51e4b7c73200d3f767fd726f9ee5f457fd76ae34c4b0e0c98a6e64ba57a89caa236982358078e12ab02194258155ec26680bf9b325788f88a0fa0c0179e6631286f4cfd571ace5f0a616fcdf9eb2740496b996c68df02da638442da803eb449f6c5fcb7f21f54685ef5c23b9708c818c02ff92d8bfbe71859fe61ccc39c3de3113f19ab4e0515a881cf84371489d2712711f41ab1d0fccc4c5ea6a23a282b455640aebbef2e30fbc367f4157a3390e921a8e6658e55f0b2529b39c38eeba0052234d7d274d15dda6624e8c7acbeee654bdffcd205ad63e71dee39bb45ed9e3863cd841218c7f3f4c66e1bf032ad24437c4fe96b62da73b43b0cdc3099802634edc85a5b8f72d11a1cb754c87169dd81c53e7213d031b1564204289a6925da6e0971528c79869473a034963da4caa5f600d15fdcd02cd35731f453124ca39902232b5377db77aba20a1350de52b6469a3d119114d4505cccd154e50b85c9471b33b0557e46d65e9b43c83669253cd11dc457168e5ee3c018e8dde7b2d27a3efa295cc67895aece1739e613a9b5fff5c4a9cdbdb15d9e524404df802675c1dfd2de9648f500205917b1241ac64b0acfb17b7d676b0ace1336f1a1da2f9413cc67ccc61d487b99b6c1bc887b8288f915d40dcd747b8eda3a9b00821a257ff107e1ebe2884fa39275f1ee47e17f2222cdac2b9471dc548cb5cdd957a00fcbe84ab47939be5f3dbdcdd097d0ed4af28ecbe91480024157a1febe82c4cead9765ca05feb4e03dfb48fead92c298fdfd13c2268db2af1222c7352d29eb7bca0883cebfc97109339abf3debbad9b2677c31b160c355e04d1f357e35955bcefb656e391cb8898d0535e18fd24ba97adef9e40ec6f29e94a1ca55e2f7412a14dbe3af0673545d7a6e96edf66c1a011f3fc8313da47ae8f7f9cf1da65927d9a62b471c311d33f6ca14cb2cfe5da574ac7a119c02283e7703b1d502fabc9cf3ff9a04ff53c5777734598a5f37722cb4dd72375c2c8c96c5f4a84362b20fbf1e543f1fc6dc27142678c380a383bb6a84ba2eaf52622ff2dffd3a209f5ec24f95ea1ca74d6723edd94f610b85877934cd6d1b425bd26c5c5f9f4db42d6f1f6cd0937b359394ed1eec537612b47b65e26a8b7a6c85cb15e4fa87e6ea5f301c9bcb7eddeb9c4b26f412c4c7da15bbfb9c44dbae772cc74b0fb3dd6c0e0d7479f897094ce8a3669f291eb06fc0f1509aede923406443effe5b2b9d5e36e638d2d67344e403d4531838452b0e285ec8822bd767b9a689a50744b43a4a9b694428606e146ce3623360d0ce5fd3707bc0b16d77b8f9e28eb66f2ec50a9e6527f9d0b18b7f324358b736d993f64a87339e3d85d25c24d6d51d181c8d06933d4b771f4f1367b0ec755655e95d3e8957117aebf6d3c70a3e158a86f4d1d7d662d3e7879bebab2ff08e2540c53bd5fd5a7ab70fe66a5b352676fee3a154445a2f1fbb791a0ffc012f0ec39e3379a71ae76bef2ca8e8531c744b67a1bb9268e1514d507ce7fd900b6c7367b6f86d4a2a7860501e637d4aa0ffb84877ba66ef19538fe294533c53a696c2e14085ce121a29dbde0b49e5e1fcdbb48c7a202b5f0811beafd25ebb97bba62e48eeb33b6899a63494ca956e7142f7c6fbe1cae7584dd65d8cf26ea7a26f3c75486f794de7d40ad855ff0113d6909e95c3f7b5b11c7f09eeb1560c3b731d681baa6ef8bcca3f80f4f944792c6a7917521faad46e35c09f692adf689aae40d4dd48717597fb9d8034b792216e532fe1291ad13ee0570ea7fd6ba1c59dff0f266f33be7dbfe6a30360308dfb4865bcccf3b763b7c9ecabff54365303e6045f35793b755bd5adcfba6691e72ef881345e5b9b5a642822eb7d997aaf4afd2773e251737bc83455e884d409bb01a22b3f5dcea25996f5a86acad722a0b34e99f1ed66dc355009c7fa9edb081762c0589602682f3ea0241bc74799fb4adcdc6117906fa2ab6773a272bd8c23923de936034171442de83a2153f8d6503096134b5dde43ecf0f48faf32629159283649551a9c03c0582256b9f5e17f514e970b5fbf340434ec166620dc7059899e40307cd861581a059a951a0126b8c7d0b7bd106e4e6b6a57f0ff7d5e1f68ec56b7cf5354ca7ae48c26afe29607c55c170135da3692158aeb9f9db4c88967afd8197d96e19ddcde6184885d4bcafc30e2187b7aa915842991f6ae1373de9e92bc26600bdb35529158036269eb1a3286e0fa95a86daab5b184b8a2b179fcf8857183120766886dd8684da00bb7bc6c5ca4a6acd11cce830e68946cf303e482e7090a0f84bf68ec497d8a9564f61a595523265fc287a4c50762b7473f023237c5a43330f8d563f7115d3dcf54f4c00d080b8fcdf5a277a8283d9b32659ab449f5b4ade0b44b1527baa756e3a802c14526ad658af0ecdc7e4446263570e3d1c08b9a3379083b73c07f5518766f329a1f2be75ad7eb2206aa46ce41032ec135ba825d3f29ff0834494c353f484d53bcab5a5bfe593f8fc912e95dda0d83ed6f5cc55e2ad7c678cb550d409cbb1cbdb73abdbb138c9bfffd484bd71e4fc8de40c441a90e82f592fc352ffe002c6eb3dd097dfb56d5a0dfb87dc407f0feffe91fd2c4a74f4dc58a97c586ef650fb05977679a4a0e82212ed5bb2b552733430f18edf958ed0c689e0f86e6c6318117f3581bd5eaef0f6eb939a362a55338651e5dab40831ca79421e240206b8ada33bd9cade610a15aa3da27d673da9293b8d9c9c9c809adbb0d52701a01be32449d3072d6eaa80347d2a2b2f25d0bb11dde47deca5d896dbd20f3550bbce46a41fdb87ccc0b6777959098aa156be6c8bbe92cbfbdb268d190db2c934bd72e096356279786eb18718b86de4b213941c4ee7bb0e415d491a55373dc938a6b0cb39303656cc0aa5c6a8a96fa7d004224a6bd978c1740d8fdeb8f64fd57184ee66c3950ee960894f8671ef043fd668c1ffe7d8a8e1bca6035cba9296b599d0aeab6d29506af7ceac5dd2a8457a021b0268c19d83ac12640b3c8a564be0bb41db0dd857f0e0c48cf12d467b67e223917dd7545f4f691ebd8fc4afbeba40ccbfc6507bc238050e38c3b18c4153ed693c4d80d3c5330b5211e6a23a9c02b48ff3ec07a9d4a7445256d6fb67ed7dbd57f82962a254781b259e0f5b787063a8efb6fe7a01513f8a033ee84e83044c5b85c6e732caa442fef42703e97706af490bb73a9b61db0a93ac7c84136c63352d4bc8872616ffd0a718d3a98f925d69c0506c88f246df13df60bc2391b9540505ad8d091412477d525f75bded572c509bbfc555a9a16ef31ac432733d5d6b26ba79de78fe99bfa86a91965d3216727258d4a9ccb684bd0463976255e8e0a39f37e43fbe4f83ac0046374da159da4a34fadae614de1a9d78f757fe1534064a46207578c3c00a563c0d24df2dd95c9f9b2b351371709e3f8d2ff0fe62ed1ebdba422d0d2ec6406a64352158bdb89dd4fad045c8229e8be95cb974f6c2cec44d796e7735566f4bead63623e7e5a7c1f1de761bc46b41842189f9d8844cf05264140def0a1c21f063471a3e1b70a2c7d512705d8c7f94e5f67e1ddd65312993a4b92ca0395053c6ef6797203d175fd4319a36cd67abbb6fe9f70e15b363de0ccc7888e63117aac02b4cf07539430f73c88955b16bd3bd33edcf4a1315fd373660b701f27e31e168442aeef5eacf9c3b00346b77eccf0f340c3920c9432d75ea7457247c68b60bae3fbb55c0e07cab102e7cc7ee94faf78fc9f2cc50dd1449f339e204fefd2080b7936efd04e7dcde3a461fb7b553df9755194fac8664659fc860df719407136949471149c5f44b1d8fb5635412cbb89bff90c55bf3cdb69060d35f0cfb5820f43c0f856f1d80334d15103e34b042433eb74ccb9ab315152c2329d3f217999bbf90c38a98b75848ecbf0cb4d0bdb55a87e438685552f1dcfcf41bc27bbcab1d535a18f1d02fc4076bb5a66939209c410a387e33c9fe07388f4d41fef23ef6da5e0fe8051c9c151eec5e6075684fd4bb28fc0fa5403f6d77d613c0241f1ca8aeae5176ecc36126ff643de5a9b2b92d1993cc62d7d76b8a0e2bff603d8023ff12d5ff14a3420472d2cfc35444b790f56afceab21f2c01e48235ff25241a54f7a90d3efd1c52421eca7b7653d5a1da44a6d1efbabe232f88152a39610089862e5269470d73e132e3a67c123ab9a41b50cd98265daab8bc1bed2bc11efd4783d11b4c37ffe6fca9952780da95ce29e310264b91b506ed5d32b439876b30a3ad74124d94f349e079d0fe61cbce451915990a39ff2df38b971a35679a694ed1edec8baae2586d99ae10ba6ad1eefc0843ef49993ca6c276d6e282dbb93f04d07e870b8ce51ea457b1d3befa711bc81ab69a485e8f99e1dd90d9156140627e64625bf6ab8c4329e36ba0003fab363071ab9c3d84a4df84ba38a2408318e71259fc1980e08333fa081482d9d26d99a70ae7dfaa82cfe612c9056840df8c4bdd2af8a8903b2827b2945544f3f60e887ae58628a4dcfb0e373f783f4600ec2d65d8201c360f161aa9a41def14403a7dcc7876452d8665803e3d24605990f0696f260cc16c6bd7e1a36b9928b6fd5a3de6dbdc7ec8ab163acc47d9cdef2acaccaacd270390edeef0a20bc52a00fe8fa712e6077d0b6766d4afc054df70c6c2ab3fd91028f253711077b98fd237c51d0dbd61ada6788b3bb7b4516764a12b3e30ebe75074d375a8c215e0070a3fa7ebe773c522b1b5c2d9b0a9677cc70fe214451ddfa45249e9220a329925d9c5c47df5432c19ccd3eae3f4987ce538acf45b7da1ed2cb8ef87ada6afb47e401e0629721032f63d13c96eb6fdf81f4d0227245c8bd601c22dba7ad502bede2444af4ff1a42cffa3d19c3add77e1f1dd2b07b622a7878e24c70653d7d1a86667a383e685e01ef539aff271fdf2052e2c1b13b067fde077992b2cab18d232b007202ce53520f02b77be471de70da5502b6eb6227e483bc3858bf798329d0e56a449657e907e8511cdd580989d23c193da544a6f8030a91469e65274dab5e2a3fb5b83017c4f4b39ddb118a12bc923d56d0df8d40a454132b8e2a07b22b46df68ee57bc10c6acef786c0753aafaf7312bb33c7132c8b1149450f4ab613a113487b28dba0695e2368be9c39071595c9b36b41603dccd72118a577c643418e468daf937ed35775f5dc66422c3e702"}, &(0x7f0000000040)=0x1008) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000080)={r2, 0xfff}, 0x8) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x10) syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0) 07:38:08 executing program 7: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x81, 0x4, 0x104, 0x0, 0xffffffffffffffff, 0x0, [0xd]}, 0x2c) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x20) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0xafb2, @remote={0xfe, 0x80, [], 0xbb}, 0x800}, 0x1c) [ 638.241717] binder: 9946:9948 unknown command 0 [ 638.258072] binder: 9946:9948 ioctl c0306201 20000080 returned -22 [ 638.273782] binder: BINDER_SET_CONTEXT_MGR already set [ 638.285715] binder: 9946:9948 ioctl 40046207 0 returned -16 07:38:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x7d, &(0x7f0000000140), 0x0) ioctl$fiemap(0xffffffffffffffff, 0xc020660b, &(0x7f0000000240)=ANY=[@ANYRES64=r1, @ANYRES64=r1, @ANYRESHEX=r1, @ANYRES16=r2, @ANYBLOB="2d3e6a9c44bb613cca01994cb2aab1285ad5a3d01deb225227eae20fcf27e09d00a9489514d56c9185556208be73def1102eddf6825938cec9b48ced9d047929d5bfc431a0c493cd9a62fcdf3c31702b79a9004990c89c4b63fe897775f801329488e6b0ee758a0ebc22ab10c57b67c161671f5f7758887c2e8715e067218a6347cc4a9124e0e773c4", @ANYRES64=r0, @ANYRESDEC=r1]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:38:08 executing program 6: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = gettid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000280)={{0x4, 0x6, 0x0, 0x0, '\x00', 0x80000000}, 0x3, 0x23, 0x3, r1, 0x2, 0x7, 'syz0\x00', &(0x7f0000000000)=['cpuset\x00', '/dev/snd/pcmC#D#c\x00'], 0x19, [], [0x0, 0xba, 0x101, 0x2]}) ioctl(r0, 0x40044102, &(0x7f0000000000)) bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e24}, 0x6e) 07:38:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xb630000, &(0x7f0000000400)}) [ 638.312141] binder: 9946:9966 unknown command 0 [ 638.321332] binder: 9946:9966 ioctl c0306201 20000080 returned -22 07:38:08 executing program 0: r0 = socket$inet6(0xa, 0x800, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x2003, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000080)={0x7, 0xde1, 0xe99e, 0x4, 0x10000, 0x97}) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") syz_mount_image$gfs2(&(0x7f00000010c0)='gfs2\x00', &(0x7f0000001100)='./file0\x00', 0x0, 0x0, &(0x7f0000001500), 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="737461a666735f7175616e74756d3d307833303030303030303030303010dc30302c00"]) syz_read_part_table(0x4, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000200)="26ff2102e0dbfcf1f27268827534f4890a26c94dbabec124d333606fd178ec1ac095a180747c8efa75348d0796738394694eaaa8adfcd5601e7f889e39e48563db6a33ac88c2f77fbfea9af53930d77413a3843d83996a4a4dce129f54ac94aea278da1f8d59fbcb7b5bac", 0x6b, 0x9}, {&(0x7f0000000280)="15f6fe401a4bbffa8c90b2bbc520f08f9a77240a1f524bf2c1e45c8cada1f009e7fac74e0b7a317bbc1527434a1f6975e731fe4a03bad912487ea279e1d4fdc87c5a0c3ac3b99df4b2c1651ec854b8e125b8dc68e5276176a1e98fe72717c372f273f1e96b39499d57ea07484cb3fa6a39ad348a", 0x74, 0x8}, {&(0x7f0000000300)="50737465ff1dc90e4add42eef73891a9b8c2df4f4c4e2ca2b99596580e3e0e7ac35b923f8938ef585c65b87a70de31f2490f19abf1a1a929a0b2564e61df42f9fcf279106ea8a508d04a87a24b70c573bdceb9139d242e2c25edd695c50c8a40178d022cc8fb5d7eefc7b60e47bc8024027a457de5d978fe01daed14294120b8a7184c7ef6eabccb", 0x88, 0x489f2d09}, {&(0x7f00000003c0)="51a337513a889cb26c95f18c43109bec811ead1ad578aaa63c95f85b6a6ce7a56183db755cbfbca1b60a363aa09ea0b4359e0b7acccc098a8476e798f347c0b30684b0f461213fc28883f057d9eded3a16b2989e699f1d186275d215b854f8944fafd8412c94fca024fb3c2daf00b9f9c8181a9988e5eb6a6175a68d5b2886fde21fdac3f81eba445843c39f2d909bccbbd80f1979c29dd91faed72093aa1794ea7e034eb377acffd61eeb783cafbb78b32a58edb4e621b5a4a0da4e5effba3dbba18466fe7d69374898acca54777d729c2b99", 0xd3, 0x5}]) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000180)={r2, 0x101}, 0x8) 07:38:08 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000010000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000080)="0f01cf48b803000000000000000f23d80f21f835000000b00f23f8c4437d399e00900000ec66b860008ee0b9720500000f32b9800000c00f3235002000000f30c4a1785be88f6978c1fd650f0138b988090000b800100000ba000000000f30", 0x5f}], 0x1, 0x40, &(0x7f00000001c0), 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000e00)=[@textreal={0x8, &(0x7f0000000100)="66b8000000800f23d80f21f86635400000d00f23f80f20d86635080000000f22d83e0f01c8d20d66b9910900000f320f35baf80c66b82a5d888766efbafc0cb816afef0fae830d5c0f060fc71e643d", 0x4f}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) getpeername$inet(r3, &(0x7f00000001c0), &(0x7f0000000200)=0x10) [ 638.394525] binder: 9991:9992 unknown command 0 [ 638.412391] binder: 9991:9992 ioctl c0306201 20000080 returned -22 [ 638.431863] binder: BINDER_SET_CONTEXT_MGR already set [ 638.437310] binder: 9991:9992 ioctl 40046207 0 returned -16 [ 638.445590] binder: 9991:10000 unknown command 0 [ 638.445598] binder: 9991:9992 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 638.448499] gfs2: invalid mount option: sta¦fs_quantum=0x300000000000Ü00 [ 638.455423] binder: 9991:10000 ioctl c0306201 20000080 returned -22 [ 638.457327] gfs2: can't parse mount arguments [ 638.487740] loop0: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 [ 638.497344] loop0: p1 start 2626173521 is beyond EOD, truncated [ 638.503469] loop0: p2 start 3682820517 is beyond EOD, truncated [ 638.509616] loop0: p3 start 3225940888 is beyond EOD, truncated [ 638.515676] loop0: p4 start 3530908184 is beyond EOD, truncated [ 638.521734] loop0: p5 start 3957688473 is beyond EOD, truncated [ 638.527795] loop0: p6 start 265862092 is beyond EOD, truncated [ 638.533774] loop0: p7 start 3148823672 is beyond EOD, truncated [ 638.539848] loop0: p8 start 2895661111 is beyond EOD, truncated [ 638.569494] gfs2: invalid mount option: sta¦fs_quantum=0x300000000000Ü00 [ 638.576488] gfs2: can't parse mount arguments [ 638.597502] loop0: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 [ 638.602979] loop0: p1 start 2626173521 is beyond EOD, truncated [ 638.609172] loop0: p2 start 3682820517 is beyond EOD, truncated [ 638.615241] loop0: p3 start 3225940888 is beyond EOD, truncated [ 638.621301] loop0: p4 start 3530908184 is beyond EOD, truncated [ 638.627375] loop0: p5 start 3957688473 is beyond EOD, truncated [ 638.633436] loop0: p6 start 265862092 is beyond EOD, truncated [ 638.639423] loop0: p7 start 3148823672 is beyond EOD, truncated [ 638.645485] loop0: p8 start 2895661111 is beyond EOD, truncated [ 639.283622] FAULT_FLAG_ALLOW_RETRY missing 30 [ 639.288208] CPU: 1 PID: 9965 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 639.296592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 639.305928] Call Trace: [ 639.308499] dump_stack+0x1c9/0x2b4 [ 639.312124] ? dump_stack_print_info.cold.2+0x52/0x52 [ 639.317300] ? rb_erase+0x3550/0x3550 [ 639.321090] handle_userfault.cold.33+0x47/0x62 [ 639.325746] ? plist_check_list+0x7e/0xa0 [ 639.329891] ? plist_check_list+0xa0/0xa0 [ 639.334021] ? lock_acquire+0x1e4/0x540 [ 639.337976] ? userfaultfd_ioctl+0x5430/0x5430 [ 639.342545] ? trace_hardirqs_on+0x10/0x10 [ 639.346773] ? plist_del+0x4a1/0x9d0 [ 639.350478] ? plist_add+0x790/0x790 [ 639.354186] ? lock_release+0xa30/0xa30 [ 639.358157] ? cpuacct_charge+0x30a/0x5d0 [ 639.362302] ? cgroup_rstat_updated+0xe6/0x470 [ 639.366869] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 639.372392] ? update_curr+0x200/0xc00 [ 639.376273] ? reweight_entity+0x1100/0x1100 [ 639.380668] ? trace_hardirqs_on+0x10/0x10 [ 639.384901] ? kasan_check_read+0x11/0x20 [ 639.389033] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 639.393602] ? compat_start_thread+0x80/0x80 [ 639.398001] ? lock_acquire+0x1e4/0x540 [ 639.401965] ? __handle_mm_fault+0x3a38/0x44a0 [ 639.406532] ? lock_downgrade+0x8f0/0x8f0 [ 639.410670] ? kasan_check_read+0x11/0x20 [ 639.414805] ? do_raw_spin_unlock+0xa7/0x2f0 [ 639.419204] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 639.423770] ? kasan_check_write+0x14/0x20 [ 639.427984] ? do_raw_spin_lock+0xc1/0x200 [ 639.432207] __handle_mm_fault+0x3a45/0x44a0 [ 639.436618] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 639.441447] ? __sched_text_start+0x8/0x8 [ 639.445594] ? kasan_check_read+0x11/0x20 [ 639.449727] ? lock_acquire+0x1e4/0x540 [ 639.453685] ? handle_mm_fault+0x417/0xc80 [ 639.457913] ? lock_downgrade+0x8f0/0x8f0 [ 639.462055] ? lock_release+0xa30/0xa30 [ 639.466016] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 639.471448] ? mem_cgroup_from_task+0xcb/0x1f0 [ 639.476010] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 639.480750] handle_mm_fault+0x53e/0xc80 [ 639.484793] ? __handle_mm_fault+0x44a0/0x44a0 [ 639.489356] ? find_vma+0x34/0x190 [ 639.492882] __do_page_fault+0x620/0xe50 [ 639.496924] ? mm_fault_error+0x380/0x380 [ 639.501056] do_page_fault+0xf6/0x8c0 [ 639.504835] ? vmalloc_sync_all+0x30/0x30 [ 639.508964] ? schedule+0xfb/0x450 [ 639.512485] ? lock_acquire+0x1e4/0x540 [ 639.516437] ? __might_fault+0x12b/0x1e0 [ 639.520485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 639.525317] page_fault+0x1e/0x30 [ 639.528755] RIP: 0010:__get_user_4+0x21/0x30 [ 639.533134] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 639.552282] RSP: 0018:ffff8801afd47538 EFLAGS: 00010202 [ 639.557625] RAX: 0000000020013e98 RBX: 1ffff10035fa8eae RCX: ffffc90005630000 [ 639.564884] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 639.572144] RBP: ffff8801afd47cb8 R08: 1ffff10035fa8e84 R09: 0000000000000000 [ 639.579399] R10: ffffed0032812089 R11: ffff88019409044b R12: ffff8801940903c0 [ 639.587516] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 639.594777] ? __might_fault+0x1a3/0x1e0 [ 639.598832] ? sctp_setsockopt+0x1e13/0x6db0 [ 639.603224] ? get_futex_value_locked+0xcb/0xf0 [ 639.607888] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 639.613588] ? trace_hardirqs_on+0x10/0x10 [ 639.617800] ? futex_wake+0x760/0x760 [ 639.621586] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 639.626758] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 639.632277] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 639.637359] ? futex_wait+0x5d2/0xa20 [ 639.641152] ? futex_wait_setup+0x410/0x410 [ 639.645465] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 639.650637] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 639.656156] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 639.661245] ? futex_wake+0x304/0x760 [ 639.665047] ? lock_acquire+0x1e4/0x540 [ 639.669002] ? percpu_ref_put_many+0x119/0x240 [ 639.673576] ? lock_downgrade+0x8f0/0x8f0 [ 639.677733] ? lock_acquire+0x1e4/0x540 [ 639.681694] ? __fget+0x4ac/0x740 [ 639.685127] ? lock_downgrade+0x8f0/0x8f0 [ 639.689257] ? lock_release+0xa30/0xa30 [ 639.693216] ? lockdep_init_map+0x9/0x10 [ 639.697266] ? exit_robust_list+0x290/0x290 [ 639.701583] ? __mutex_init+0x1f7/0x290 [ 639.705543] ? __ia32_sys_membarrier+0x150/0x150 [ 639.710278] ? kasan_unpoison_shadow+0x35/0x50 [ 639.714844] ? __fget+0x4d5/0x740 [ 639.718280] ? ksys_dup3+0x690/0x690 [ 639.721976] ? lock_acquire+0x1e4/0x540 [ 639.725931] ? __fd_install+0x2b2/0x880 [ 639.729888] ? lock_downgrade+0x8f0/0x8f0 [ 639.734016] ? select_collect+0x610/0x610 [ 639.738160] ? lock_release+0xa30/0xa30 [ 639.742130] ? __fget_light+0x2f7/0x440 [ 639.746086] ? fget_raw+0x20/0x20 [ 639.749519] ? get_unused_fd_flags+0x1a0/0x1a0 [ 639.754086] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 639.759604] ? alloc_file_pseudo+0x281/0x3f0 [ 639.764006] ? alloc_file+0x430/0x430 [ 639.767811] sock_common_setsockopt+0x9a/0xe0 [ 639.772289] __sys_setsockopt+0x1c5/0x3b0 [ 639.776416] ? kernel_accept+0x310/0x310 [ 639.780470] ? do_futex+0x27d0/0x27d0 [ 639.784252] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 639.789767] ? fput+0x130/0x1a0 [ 639.793030] __x64_sys_setsockopt+0xbe/0x150 [ 639.797431] do_syscall_64+0x1b9/0x820 [ 639.801302] ? finish_task_switch+0x1d3/0x870 [ 639.805776] ? syscall_return_slowpath+0x5e0/0x5e0 [ 639.810687] ? syscall_return_slowpath+0x31d/0x5e0 [ 639.815598] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 639.820593] ? prepare_exit_to_usermode+0x291/0x3b0 [ 639.825590] ? perf_trace_sys_enter+0xb10/0xb10 [ 639.830239] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 639.835068] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 639.840237] RIP: 0033:0x455ab9 [ 639.843404] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 639.862550] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 639.870255] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 639.877503] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 639.884752] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 639.892004] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 639.899257] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 [ 640.041423] FAULT_FLAG_ALLOW_RETRY missing 30 [ 640.041439] FAULT_FLAG_ALLOW_RETRY missing 30 [ 640.045996] CPU: 0 PID: 10028 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 640.046009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.068290] Call Trace: [ 640.070873] dump_stack+0x1c9/0x2b4 [ 640.074491] ? dump_stack_print_info.cold.2+0x52/0x52 [ 640.079686] ? kasan_check_write+0x14/0x20 [ 640.083907] ? do_raw_spin_lock+0xc1/0x200 [ 640.088135] handle_userfault.cold.33+0x47/0x62 [ 640.092800] ? userfaultfd_ioctl+0x5430/0x5430 [ 640.097377] ? trace_hardirqs_on+0x10/0x10 [ 640.101598] ? lock_acquire+0x1e4/0x540 [ 640.105560] ? cgroup_get_e_css+0x1bf/0xb30 [ 640.109868] ? lock_downgrade+0x8f0/0x8f0 [ 640.114006] ? lock_release+0xa30/0xa30 [ 640.117970] ? cgroup_css.part.17+0x12c/0x200 [ 640.122455] ? userfaultfd_ctx_put+0x810/0x810 [ 640.127024] ? cgroup_get_e_css+0x140/0xb30 [ 640.131340] ? lock_acquire+0x1e4/0x540 [ 640.135301] ? wb_get_create+0x35e/0x1f10 [ 640.139435] ? lock_downgrade+0x8f0/0x8f0 [ 640.143575] ? trace_hardirqs_on+0x10/0x10 [ 640.147802] ? lock_acquire+0x1e4/0x540 [ 640.151765] ? __handle_mm_fault+0x3a38/0x44a0 [ 640.156335] ? lock_downgrade+0x8f0/0x8f0 [ 640.160473] ? kasan_check_read+0x11/0x20 [ 640.164609] ? do_raw_spin_unlock+0xa7/0x2f0 [ 640.169006] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 640.173580] ? kasan_check_write+0x14/0x20 [ 640.177801] ? do_raw_spin_lock+0xc1/0x200 [ 640.182029] __handle_mm_fault+0x3a45/0x44a0 [ 640.186428] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 640.191259] ? debug_check_no_obj_freed+0x30b/0x595 [ 640.196262] ? __wake_up_common_lock+0x1d0/0x330 [ 640.201009] ? lock_acquire+0x1e4/0x540 [ 640.204979] ? handle_mm_fault+0x417/0xc80 [ 640.209200] ? lock_downgrade+0x8f0/0x8f0 [ 640.213338] ? lock_release+0xa30/0xa30 [ 640.217299] ? rcu_note_context_switch+0x730/0x730 [ 640.222218] ? mem_cgroup_from_task+0xcb/0x1f0 [ 640.226785] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 640.231531] handle_mm_fault+0x53e/0xc80 [ 640.235582] ? __handle_mm_fault+0x44a0/0x44a0 [ 640.240151] ? find_vma+0x34/0x190 [ 640.243682] __do_page_fault+0x620/0xe50 [ 640.247730] ? mm_fault_error+0x380/0x380 [ 640.251867] do_page_fault+0xf6/0x8c0 [ 640.255652] ? vmalloc_sync_all+0x30/0x30 [ 640.259785] ? do_raw_spin_lock+0xc1/0x200 [ 640.264010] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 640.269539] ? __mark_inode_dirty+0x495/0x1550 [ 640.274109] ? __inode_attach_wb+0x13e0/0x13e0 [ 640.278680] ? ext4_xattr_inode_set_class+0x60/0x60 [ 640.283680] ? get_futex_value_locked+0xcb/0xf0 [ 640.288339] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 640.293171] page_fault+0x1e/0x30 [ 640.296615] RIP: 0010:iov_iter_fault_in_readable+0x1bf/0x460 [ 640.302390] Code: ff ff ff 76 17 eb 3f e8 bf f8 1a fe 49 81 c4 00 10 00 00 4c 39 a5 30 ff ff ff 72 32 e8 aa f8 1a fe 0f 1f 00 0f ae e8 45 31 ed <41> 8a 14 24 0f 1f 00 31 ff 44 89 ee 88 95 58 ff ff ff e8 9a f9 1a [ 640.321595] RSP: 0018:ffff88019082f688 EFLAGS: 00010246 [ 640.326950] RAX: 0000000000040000 RBX: 1ffff10032105ed3 RCX: ffffc90007841000 [ 640.334207] RDX: 00000000000002b6 RSI: ffffffff8361ae16 RDI: 0000000000000005 [ 640.341461] RBP: ffff88019082f760 R08: ffff8801909702c0 R09: ffffed003b17c643 [ 640.348718] R10: ffffed003b17c643 R11: ffff8801d8be321b R12: 0000000020011fd2 [ 640.355970] R13: 0000000000000000 R14: 0000000000000030 R15: ffff88019082fbc8 [ 640.363235] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 640.368414] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 640.373588] ? copy_page_from_iter+0x890/0x890 [ 640.378162] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 640.383168] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 640.388358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 640.393883] ? timespec64_trunc+0xea/0x180 [ 640.398103] ? inode_init_owner+0x340/0x340 [ 640.402414] generic_perform_write+0x21b/0x6c0 [ 640.406987] ? generic_update_time+0x26a/0x450 [ 640.411587] ? add_page_wait_queue+0x2c0/0x2c0 [ 640.416156] ? file_update_time+0xe4/0x640 [ 640.420394] ? current_time+0x1b0/0x1b0 [ 640.424369] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 640.429375] ? generic_write_checks+0x385/0x5d0 [ 640.434032] ? page_endio+0x630/0x630 [ 640.437821] ? ext4_file_write_iter+0x2a1/0x1450 [ 640.442565] __generic_file_write_iter+0x26e/0x630 [ 640.447493] ext4_file_write_iter+0x390/0x1450 [ 640.452065] ? __fget+0x4d5/0x740 [ 640.455509] ? ext4_file_mmap+0x410/0x410 [ 640.459652] ? __fget+0x4d5/0x740 [ 640.463092] ? ksys_dup3+0x690/0x690 [ 640.466796] ? save_stack+0xa9/0xd0 [ 640.470408] ? save_stack+0x43/0xd0 [ 640.474020] ? __kasan_slab_free+0x11a/0x170 [ 640.478414] ? kasan_slab_free+0xe/0x10 [ 640.482374] ? kmem_cache_free+0x86/0x2d0 [ 640.486509] ? putname+0xf2/0x130 [ 640.489945] ? do_sys_open+0x569/0x720 [ 640.493821] ? do_syscall_64+0x1b9/0x820 [ 640.497874] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 640.503227] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 640.508756] ? iov_iter_init+0xc9/0x1f0 [ 640.512715] __vfs_write+0x6af/0x9d0 [ 640.516418] ? kernel_read+0x120/0x120 [ 640.520294] ? lock_release+0xa30/0xa30 [ 640.524254] ? check_same_owner+0x340/0x340 [ 640.528569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 640.534090] ? __sb_start_write+0x17f/0x300 [ 640.538400] vfs_write+0x1fc/0x560 [ 640.541929] ksys_write+0x101/0x260 [ 640.545543] ? __ia32_sys_read+0xb0/0xb0 [ 640.549589] ? filp_open+0x80/0x80 [ 640.553115] ? ksys_ioctl+0x81/0xd0 [ 640.556729] __x64_sys_write+0x73/0xb0 [ 640.560601] do_syscall_64+0x1b9/0x820 [ 640.564478] ? syscall_return_slowpath+0x5e0/0x5e0 [ 640.569394] ? syscall_return_slowpath+0x31d/0x5e0 [ 640.574311] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 640.579319] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 640.584152] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 640.589659] RIP: 0033:0x455ab9 [ 640.592831] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 640.612137] RSP: 002b:00007f9d30fa1c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 640.619834] RAX: ffffffffffffffda RBX: 00007f9d30fa26d4 RCX: 0000000000455ab9 [ 640.627090] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000017 [ 640.634355] RBP: 000000000072c098 R08: 0000000000000000 R09: 0000000000000000 [ 640.641608] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 640.648859] R13: 00000000004c2d5c R14: 00000000004d4da0 R15: 0000000000000003 [ 640.656130] CPU: 1 PID: 10024 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 640.664619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.673948] Call Trace: [ 640.676519] dump_stack+0x1c9/0x2b4 [ 640.680127] ? dump_stack_print_info.cold.2+0x52/0x52 [ 640.685316] ? kasan_check_write+0x14/0x20 [ 640.689539] ? do_raw_spin_lock+0xc1/0x200 [ 640.693764] handle_userfault.cold.33+0x47/0x62 [ 640.698415] ? userfaultfd_ioctl+0x5430/0x5430 [ 640.702982] ? trace_hardirqs_on+0x10/0x10 [ 640.707200] ? lock_release+0xa30/0xa30 [ 640.711158] ? cpuacct_charge+0x30a/0x5d0 [ 640.715299] ? userfaultfd_ctx_put+0x810/0x810 [ 640.719881] ? __account_cfs_rq_runtime+0x770/0x770 [ 640.724877] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 640.730395] ? trace_hardirqs_on+0x10/0x10 [ 640.734619] ? reweight_entity+0x1100/0x1100 [ 640.739006] ? __kasan_slab_free+0x11a/0x170 [ 640.743398] ? trace_hardirqs_on+0x10/0x10 [ 640.747623] ? lock_release+0xa30/0xa30 [ 640.751579] ? lock_acquire+0x1e4/0x540 [ 640.755538] ? __handle_mm_fault+0x3a38/0x44a0 [ 640.760098] ? lock_downgrade+0x8f0/0x8f0 [ 640.764229] ? kasan_check_read+0x11/0x20 [ 640.768372] ? do_raw_spin_unlock+0xa7/0x2f0 [ 640.772761] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 640.777334] ? kasan_check_write+0x14/0x20 [ 640.781548] ? do_raw_spin_lock+0xc1/0x200 [ 640.785775] __handle_mm_fault+0x3a45/0x44a0 [ 640.790177] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 640.795012] ? kasan_check_read+0x11/0x20 [ 640.799140] ? lock_acquire+0x1e4/0x540 [ 640.803102] ? handle_mm_fault+0x417/0xc80 [ 640.807318] ? lock_downgrade+0x8f0/0x8f0 [ 640.811463] ? lock_release+0xa30/0xa30 [ 640.815420] ? rcu_note_context_switch+0x730/0x730 [ 640.820328] ? mem_cgroup_from_task+0xcb/0x1f0 [ 640.824893] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 640.829639] handle_mm_fault+0x53e/0xc80 [ 640.833681] ? __handle_mm_fault+0x44a0/0x44a0 [ 640.838243] ? find_vma+0x34/0x190 [ 640.841765] __do_page_fault+0x620/0xe50 [ 640.845807] ? mm_fault_error+0x380/0x380 [ 640.849937] do_page_fault+0xf6/0x8c0 [ 640.853720] ? vmalloc_sync_all+0x30/0x30 [ 640.857850] ? schedule+0xfb/0x450 [ 640.861370] ? lock_acquire+0x1e4/0x540 [ 640.865326] ? __might_fault+0x12b/0x1e0 [ 640.869367] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 640.874196] page_fault+0x1e/0x30 [ 640.877631] RIP: 0010:__get_user_4+0x21/0x30 [ 640.882013] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 640.901153] RSP: 0018:ffff8801afa97538 EFLAGS: 00010202 [ 640.906507] RAX: 0000000020013e98 RBX: 1ffff10035f52eae RCX: ffffc90005831000 [ 640.913756] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 640.921005] RBP: ffff8801afa97cb8 R08: 1ffff10035f52e84 R09: 0000000000000000 [ 640.928254] R10: ffffed0032812089 R11: ffff88019409044b R12: ffff8801940903c0 [ 640.935505] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 640.942781] ? __might_fault+0x1a3/0x1e0 [ 640.946844] ? sctp_setsockopt+0x1e13/0x6db0 [ 640.951244] ? get_futex_value_locked+0xcb/0xf0 [ 640.955912] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 640.961607] ? trace_hardirqs_on+0x10/0x10 [ 640.965833] ? futex_wake+0x760/0x760 [ 640.969632] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 640.974822] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 640.980349] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 640.985432] ? futex_wait+0x5d2/0xa20 [ 640.989221] ? futex_wait_setup+0x410/0x410 [ 640.993528] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 640.998709] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 641.004226] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 641.009308] ? futex_wake+0x304/0x760 [ 641.013105] ? finish_task_switch+0x1d3/0x870 [ 641.017580] ? lock_downgrade+0x8f0/0x8f0 [ 641.021716] ? finish_task_switch+0x18a/0x870 [ 641.026201] ? lock_acquire+0x1e4/0x540 [ 641.030161] ? __fget+0x4ac/0x740 [ 641.033601] ? lock_downgrade+0x8f0/0x8f0 [ 641.037730] ? lock_release+0xa30/0xa30 [ 641.041696] ? exit_robust_list+0x290/0x290 [ 641.045998] ? __fget+0x4d5/0x740 [ 641.049433] ? ksys_dup3+0x690/0x690 [ 641.053132] ? __schedule+0x884/0x1ea0 [ 641.057011] ? __fget+0x4d5/0x740 [ 641.060456] ? ksys_dup3+0x690/0x690 [ 641.064156] ? errseq_sample+0xe5/0x130 [ 641.068128] ? __fget_light+0x2f7/0x440 [ 641.072083] ? fget_raw+0x20/0x20 [ 641.075520] ? userfaultfd_read+0x2c0/0x2c0 [ 641.079828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 641.085344] ? do_vfs_ioctl+0x201/0x1720 [ 641.089386] ? ioctl_preallocate+0x300/0x300 [ 641.093776] sock_common_setsockopt+0x9a/0xe0 [ 641.098255] __sys_setsockopt+0x1c5/0x3b0 [ 641.102381] ? kernel_accept+0x310/0x310 [ 641.106435] ? do_futex+0x27d0/0x27d0 [ 641.110235] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 641.115763] ? fput+0x130/0x1a0 [ 641.119023] __x64_sys_setsockopt+0xbe/0x150 [ 641.123414] do_syscall_64+0x1b9/0x820 [ 641.127283] ? syscall_return_slowpath+0x5e0/0x5e0 [ 641.132195] ? syscall_return_slowpath+0x31d/0x5e0 [ 641.137121] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 641.142120] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 641.146948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 641.152117] RIP: 0033:0x455ab9 [ 641.155294] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 641.174435] RSP: 002b:00007f9d30fe3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 641.182138] RAX: ffffffffffffffda RBX: 00007f9d30fe46d4 RCX: 0000000000455ab9 [ 641.189395] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 07:38:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xe630c4000000000, &(0x7f0000000400)}) 07:38:11 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x0, 0x7f, 0x0, 0x37, 0x0, 0x0, 0x0, {0x0, @in={{0x2, 0x0, @broadcast=0xffffffff}}}}, &(0x7f0000000000)=0xb0) r1 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r1, &(0x7f0000000080)={0x10}, 0xc) sendmsg$nl_generic(r1, &(0x7f0000005000)={&(0x7f0000000040)={0x10, 0xf0ffffff00000f00}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000015000702000000009aa5d2abe2cf85eef5a7b3f065000000", @ANYRES32], 0x24c}, 0x1}, 0x0) 07:38:11 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)=0x0) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x2, 0xfffffffffffffffe, 0x0, 0x0, r1}) 07:38:11 executing program 0: r0 = syz_open_dev$ndb(&(0x7f00000001c0)='/dev/nbd#\x00', 0x0, 0x424c00) r1 = socket$inet6(0xa, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f00000000c0)={0x0, 0xae}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={r2, 0x140}, &(0x7f0000000180)=0x8) r3 = dup2(r0, r1) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240)='/dev/uinput\x00', 0xc00, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000280)={r2, 0x7}, &(0x7f00000002c0)=0x8) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000200)='bic\x00', 0x4) r5 = socket$inet6_sctp(0xa, 0x200000000000005, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000300)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0xd, &(0x7f0000ad2000), &(0x7f0000000080)=0x4) 07:38:11 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x10) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="8416f201a5dacc56c5cc995e01b984ecc3db05f680336897992df6242becba1169fa3cc63a3bcf94238e228281a2dffc859cca6e5560bef530860f434349ed27e32c831f8361bae11419194291b9f29914d389d82d8acc126cdf1f7c19e528620c5cdf7940b07fb06b205d312f7962d81d25fd948775cb5a854b09ff1b93d79c3f8a619f6465447b702017ec", 0x8c) sendmmsg(r1, &(0x7f0000006a40)=[{{&(0x7f00000030c0)=@nfc={0x27}, 0x80, &(0x7f00000031c0)=[{&(0x7f0000001a40)="1f", 0x1}], 0x1, &(0x7f0000003200)}}], 0x1, 0x0) 07:38:11 executing program 4: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80, 0x0, 0x3}, 0xe1) recvfrom$unix(r0, &(0x7f0000000000)=""/1, 0x1, 0x0, &(0x7f00000000c0)=@abs, 0x6e) ioctl$sock_proto_private(r0, 0x89ee, &(0x7f0000000600)="ae37f1b80f0ecbd7e1d3e154637f8ebe4dd8a49d5d0f4e7158a9595944154d81f5343b47bb127c963e774e3322f02aab79d9db28ec2fe97d4cc284c74ef5a4be797c1b2260cf7557e8a03a5f2de3780e9db00ed6907fbcf53a28e31ce535f6f8cc04aa097eb226f95f250d147cfcdb61c3aa2c255e373a250828c3c459ca4236358dbf46e4f1a70bfe1851dd31ed24d45dd3d12ec79d84f1f25205747c13f9d4956e0fd730271254fc382dbcfdd9ff8e04a704125f") r1 = socket(0x1e, 0x4, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000500)=[@in={0x2, 0x4e21}, @in={0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}, @in={0x2, 0x4e24, @multicast1=0xe0000001}, @in6={0xa, 0x4e24, 0x3a04, @dev={0xfe, 0x80, [], 0x1b}, 0x50bb}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x14}}], 0x5c) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/zero\x00', 0x10200, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000180)={{0x1800000000, 0x8216}, {0x8, 0x1b}, 0x6, 0x3, 0xffffffff00000000}) fcntl$notify(r1, 0x402, 0x24) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000080)=@req={0x80, 0x0, 0x3}, 0x10) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000200)=0x100000000) sendto$inet6(r1, &(0x7f0000000480), 0x37, 0x0, 0x0, 0x2a6) close(r1) r3 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, &(0x7f00000001c0)={{}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x100000001}) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000700)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000090000000300000018030000e8000000e8000000e8000000e800000000000000480200004802000048020000480200004802000003000000", @ANYPTR=&(0x7f0000000a80)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000009f01ddaa63dde388f72fa074a19700000000000000c85a61562ce0c21411c799612d4130f976d8a088cbf8fe65fb1dca18c15c9b38f01b33f11e2a0c8e5b9e12832b52e2f5db99d296a21ed8a6f0d39bb4e9a111b52d212eb42bfe3589f985c63f2c73f881225f16061a1ea273525b8623ccfcb490020e9f50248b56f165ab127b0cda481bb96ca2456910fa854124e42a50650d6030116bebee1376e5abaaaac016eb1f06ffe70b03d64705de2a5f7f299ab70de2606a498aa68078b77b4851d060113cbdcd471e9422445282b4c5e9cf111bf6279612c5292070317774b5e0227dec788f5e99132dce1cf08d586bee8124388151e8ce4893287df5fbd0140fa999434fbcb43d0e02258fe3477dd5b7f1f2d0fc6851609cf0043525b5f44e0d738f0b00871e5305df5118b8cbacc1716f90933302d2b2"], @ANYBLOB="fe8000000000000000000000000000bbff010000000000000000000000000001000000ffffffffff00000000ffffffffffffffffffffff00ea0a90cdffffffff76657468315f746f5f626f6e64000000766c616e300000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000ff00050141000000000000000000000000000000c800e80000000000000000000000000000000000000000000000000020004e4f545241434b000000000000000000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bbffffffffff000000ffffffffff000000ffffff00ff000000000000ffffffffff7465616d5f736c6176655f310000000076657468305f746f5f62726964676500000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000003a0007010a0000000000000000000000000000004001600100000000000000000000000000000000000000000000000050007365740000000000000000000000000000000000000000000000000000040800080900000000ff0700000000000006000000000000000800000000000000010000000000000000000000000000002800697076366865616465720000000000000000000000000000000000000000241300000000000020004e4f545241434b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x378) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000009f7c)=""/132, 0x84}, {&(0x7f0000012000)=""/252, 0xfc}, {&(0x7f0000012000)=""/155, 0x400000}, {&(0x7f0000009000)=""/11, 0xb}, {&(0x7f0000000000)=""/102, 0x66}], 0x5, 0x0) ioctl(r3, 0xc2604110, &(0x7f0000000000)) setxattr(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)=@known='security.evm\x00', &(0x7f0000000580)='\x00', 0x1, 0x2) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in={0x2, 0x4e22, @loopback=0x7f000001}, @in={0x2, 0x4e22, @broadcast=0xffffffff}], 0x20) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000400)=0x8e) sendto$packet(r2, &(0x7f0000000240)="c14c224fecdff0337ee1aa1963d277c13765aaf20027a93ea637adab2c82c9145b5ef3bed099531ca0e820f198138cb9ab7fa8f4c4db0bba967837f5bad7312c7a9b199420da3d4e99d3dece238c242cbde268edeef7d068773f77f09b871f706a60e52887fca18470510beeb7a9188e849e7597107ad92af0b6d8d75b07197d6147eafc1944781422ddba187f24a53532add41f494c11636d39f04159d30186ec293e0796f9527664", 0xa9, 0x0, &(0x7f0000000440)={0x11, 0x11, r4, 0x1, 0x7fff, 0x6}, 0x14) 07:38:11 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)=ANY=[@ANYBLOB="06ebc200", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000280)=0x20) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:11 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x40000, 0x0) getsockopt$inet_opts(r2, 0x0, 0x9, &(0x7f0000000280)=""/229, &(0x7f0000000140)=0xe5) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) close(r3) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) [ 641.196642] RBP: 000000000072bf48 R08: 0000000000000004 R09: 0000000000000000 [ 641.203890] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 641.211138] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000001 07:38:11 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000007c0)=@nat={'nat\x00', 0x19, 0x4, 0x588, [0x20000200, 0x0, 0x0, 0x20000230, 0x200003b0], 0x0, &(0x7f00000001c0), &(0x7f0000000e80)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000086dd7465616d5f736c6176655f3100000000626f6e645f736c617665c9c6a5836cae625f3100000000626f6e645f736c6176655f3000000000626f6e645f736c6176655f3000000000ffffffffffff0000000000000000000000000000000000000000e800000018010000500100006970360000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000001ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000018080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff02000000090000000000000000006e7230000000000000000000000000000000000000000000000000000000000076657468305f746f5f626f6e64000000766c616e3000000000000000000000000000000000000000000000000180c2000000000000000000000000010000380100006801000064657667726f7570000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000068656c7065720000000000000000000000000000000000000000000000000000280000000000000000000000482e32343500000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000900000000000000000067726574617030000000000000000000766c616e300000000000000000000000626f6e645f736c6176655f31000000006970365f767469300000000000000000ffffffffffff0000000000000180c20000000000000000000000b0000000b0000000e800000074696d65000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000fcffffff010000000300000000000000000000000000000000000000000000000000697036746e6c30000000000000000000697036746e6c30000000000000000000677265300000000000000000000000000180c2000000000000000000015948c39ee6000000000000000070000000f000000028010000736e6174000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a31000000000000000000000000000000000000000000000000000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c200000000000000000000000000833efe3c0fc03536702859d104a68bd243e8b3be6094c4f78ea14541553aa2f22d5292d74b7eddc96c0156caffbdfa036be1cef6fbd7a67edb3e6c26d30056bd79fe614f1f32b7ea65ec787c86ce1208bbb72f37dc8413a4ee99d477f6dcbcbdaf6b61c7040196e9b64b4e5c7f1732a71811d60d"]}, 0x67b) write$binfmt_aout(r0, &(0x7f00000002c0)={{0x1cf, 0x80, 0x400, 0x9, 0x2d8, 0x0, 0x300, 0xf46}, "fa750c5268434ca30e33a684d50a943becde5c0616603255b233474e0be6f45bfbdc9cfb9e5b0274e2f81d7200c3421662002629119f5d7d355178c08c42fd38b2d621f5c7b9dbec89b20e372a904938164a205143368660cd8374274ca546f5cdba9de443938bdb"}, 0x88) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000140)={'raw\x00'}, &(0x7f0000000200)=0x54) r1 = syz_open_dev$dmmidi(&(0x7f0000000240)='/dev/dmmidi#\x00', 0x8, 0x8081) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000280)=0x2, 0x8) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000400)) getsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000380), &(0x7f00000003c0)=0x4) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0x14e) sched_setparam(r2, &(0x7f0000000080)=0x1) setsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f00000000c0)="f65d405e2c931eb76e0427e5c6b021d497edf159bfb205e6deb2e74c78120b38df792f5ab2ecad1bfcf3ed66abfdbeafe54502480e6b907aeb90385407fc493c9717a9b66dba05bd850cc1b94ba2342b786f5d87d5db8038a44fa7fe35ce133527", 0x61) [ 641.251077] binder: 10045:10047 unknown command 0 [ 641.267910] binder: 10045:10047 ioctl c0306201 20000080 returned -22 [ 641.283454] binder: BINDER_SET_CONTEXT_MGR already set [ 641.296345] binder: 10045:10069 unknown command 0 07:38:11 executing program 3: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x20, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x5, 0x480000) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000005c0)={{0x5, 0x1}, 'port1\x00', 0x5, 0x10000, 0x8, 0xebf, 0x81, 0x6, 0x8, 0x0, 0x4, 0x1}) ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, &(0x7f0000000180)={'sit0\x00', {0x2, 0x0, @dev={0xac, 0x14, 0x14}}}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r1) rmdir(&(0x7f0000000240)='./file0//ile0\x00') syz_genetlink_get_family_id$team(&(0x7f0000000440)='team\x00') mkdir(&(0x7f0000000140)='./file0//ile0\x00', 0x0) 07:38:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x363084000000000, &(0x7f0000000400)}) [ 641.297281] binder: 10045:10047 ioctl 40046207 0 returned -16 [ 641.306091] binder: 10045:10069 ioctl c0306201 20000080 returned -22 [ 641.308982] sctp: [Deprecated]: syz-executor0 (pid 10051) Use of int in maxseg socket option. [ 641.308982] Use struct sctp_assoc_value instead [ 641.339587] kernel msg: ebtables bug: please report to author: Wrong len argument 07:38:11 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345e8f762070") r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'syz_tun\x00'}) sendmsg$nl_route(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001400090100000000000000000a000000", @ANYBLOB="1400020000bf7d1100000000007a20ca6900000014000100fe8000000010000000000000000004aa"], 0x2}, 0x1}, 0x0) r3 = dup2(r0, r2) setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, &(0x7f00000000c0)={0x7ff, 0xae3, 0x80000001, 0x7fff, 0xfff, 0x4, 0x7}, 0xc) 07:38:11 executing program 0: r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x1, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000080)) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x400, 0x4) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x1000000008012, r0, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f00000000c0)=0x9, 0x4) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4004, 0x0, 0x12051, r0, 0x0) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000140)={0x6, &(0x7f0000000100)=[{0x7fffffff, 0x0, 0x5, 0xffffffffffffff09}, {0x80000000, 0x3ff, 0x100, 0xb2}, {0xef, 0x3, 0x2, 0x7}, {0x101, 0xfffffffffffffffc, 0x80000000, 0x7fffffff}, {0x6, 0x9, 0x6, 0xeb}, {0x9, 0x6, 0x4a, 0x8}]}, 0x10) [ 641.352932] binder: 10079:10082 unknown command 0 [ 641.372334] binder: 10079:10082 ioctl c0306201 20000080 returned -22 [ 641.396602] binder: BINDER_SET_CONTEXT_MGR already set 07:38:11 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgid(0x0) process_vm_writev(r0, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000000000)=""/118, 0x76}, {&(0x7f0000000100)=""/1, 0x1}, {&(0x7f0000001200)=""/85, 0x55}], 0x4, &(0x7f0000001a80)=[{&(0x7f0000001280)=""/214, 0xd6}, {&(0x7f0000001380)=""/203, 0xcb}, {&(0x7f0000001480)=""/157, 0x9d}, {&(0x7f0000001540)=""/140, 0x8c}, {&(0x7f0000001600)=""/184, 0xb8}, {&(0x7f00000016c0)=""/216, 0xd8}, {&(0x7f00000017c0)=""/138, 0x8a}, {&(0x7f0000001880)=""/161, 0xa1}, {&(0x7f0000001940)=""/129, 0x81}, {&(0x7f0000001a00)=""/90, 0x5a}], 0xa, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000000080), 0x45, 0x2) 07:38:11 executing program 3: r0 = socket(0x1e, 0x80001, 0x0) io_setup(0x6, &(0x7f0000000300)=0x0) io_submit(r1, 0x343, &(0x7f0000000080)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000080), 0x121}]) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000000c0)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@dev}}, &(0x7f0000000040)=0xe8) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@newtfilter={0x24, 0x2c, 0x400, 0x70bd2c, 0x25dfdbfe, {0x0, r2, {0x4, 0xf}, {0xfff2}, {0x9, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4040080) 07:38:11 executing program 7: r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x9, 0x40001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_TSS_ADDR(r2, 0xae71, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@ipv4={[], [], @remote}, @in6=@remote}}, {{@in=@rand_addr}, 0x0, @in=@rand_addr}}, &(0x7f0000000200)=0xe8) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000240)="086a88670f01cfbaf80c66b80afa668b66efbafc0cb80000ef2e6583f6686766de15e692ecfe66b9800000c00f326635008000000f3066b8020000000f23d00f21f86635200000080f23f866b8010000000f01d90f8b0500b8d8000f00d0", 0x5e}], 0x1, 0x8, &(0x7f00000002c0)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x7, 0x0, 0x1000, 0x0, 0x97}, @efer={0x2, 0x5000}], 0x2) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000180)) 07:38:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x400c630e, &(0x7f0000000400)}) [ 641.403452] binder: 10079:10082 ioctl 40046207 0 returned -16 [ 641.424295] binder: 10079:10088 unknown command 0 [ 641.424311] binder: 10079:10088 ioctl c0306201 20000080 returned -22 07:38:11 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x800) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)={0xaa}) getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040), &(0x7f0000000080)=0x10) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqsrc(r3, 0x0, 0x2000000000000004, &(0x7f0000013ff4)={@local={0xac, 0x14, 0x14, 0xaa}, @rand_addr}, 0xc) setsockopt$inet_tcp_int(r3, 0x6, 0x12, &(0x7f0000000000), 0x4) close(r3) dup3(r1, r2, 0x0) 07:38:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="a6bd19ca420f485ad5"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000000040)=""/195, 0x40f00, 0x1, [], 0x0, 0x4}, 0x48) prctl$void(0x1f) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0xb, 0x15, 0x0, 0x2}, [@ldst={0x7, 0x0, 0x1b2ae9, 0x0, 0x0, 0x0, 0xffffffe4}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) 07:38:11 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) r1 = dup3(r0, r0, 0x80000) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f00000001c0), &(0x7f0000000200)=0x18) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r2 = accept$alg(r0, 0x0, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) write$FUSE_STATFS(r3, &(0x7f0000000140)={0x60, 0x0, 0x7, {{0xa5, 0x8, 0x9c, 0xfffffffffffff800, 0x9, 0x4, 0x5, 0x1ff}}}, 0x60) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[@ANYRESOCT, @ANYRESHEX], 0x29) recvmmsg(r2, &(0x7f00000040c0)=[{{&(0x7f00000012c0)=@vsock={0x0, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000280)}}, {{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000001680)=""/5, 0x5}, {&(0x7f0000001700)=""/195, 0xc3}], 0x2, &(0x7f00000018c0)=""/185, 0xb9}}], 0x2, 0x0, &(0x7f0000004280)={0x77359400}) [ 641.509518] binder: 10104:10105 unknown command 0 [ 641.521594] binder: 10104:10105 ioctl c0306201 20000080 returned -22 07:38:11 executing program 7: perf_event_open(&(0x7f0000007000)={0x0, 0x70, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x2000, 0x0) ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000100)) ioctl(r0, 0x2285, &(0x7f0000000040)="dd1f3764f4dc956e1ed690d0568479b3c2c7d28a6e6fca2319beccd9ddddbaf644a66254b98fa6a6863997b163681ded63653e60a8dd08a835574e1ba781ffc72723548427ec2807f0afb6fc08cebd70b952e3a43e556b5a5ab2551cd82dcc4261e03f4d20e266dde97ff5f3aa1a1403f5c8") [ 641.554991] binder: BINDER_SET_CONTEXT_MGR already set [ 641.560597] binder: 10104:10105 ioctl 40046207 0 returned -16 [ 641.575276] binder: 10104:10115 unknown command 0 [ 641.584234] binder: 10104:10115 ioctl c0306201 20000080 returned -22 07:38:12 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000880)="02dcc83d6d3496005163d0ce4304010000e9944cc747000000e744") r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000588ff1)='/dev/vhost-net\x00', 0x2, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x1, 0x7fffd) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000640)=0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000680)=0x0) kcmp(r3, r4, 0x6, r0, r1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @loopback=0x7f000001}, @in={0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e24, 0x3, @remote={0xfe, 0x80, [], 0xbb}, 0x4}, @in6={0xa, 0x4e24, 0x20, @mcast1={0xff, 0x1, [], 0x1}, 0x400}, @in6={0xa, 0x4e22, 0x8, @remote={0xfe, 0x80, [], 0xbb}, 0x3}, @in6={0xa, 0x4e22, 0x7fffffff, @remote={0xfe, 0x80, [], 0xbb}, 0x9}, @in={0x2, 0x4e20, @multicast1=0xe0000001}], 0xa0) getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000140), &(0x7f00000004c0)=0x4) ioctl$int_in(r1, 0xaf01, &(0x7f00001e3000)) r5 = eventfd(0x0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000440), &(0x7f0000000480)=0x4) r6 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0xb, 0x8000) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000080), &(0x7f0000000500)=0x4) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000040)={0x0, r5}) ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0x6) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f00000002c0)={0x0, 0xa400000000000000}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={r7, @in6={{0xa, 0x4e22, 0x1cb, @local={0xfe, 0x80, [], 0xaa}, 0xc8}}, 0xfffffffffffffffa, 0x20, 0x4a, 0x3f, 0x40}, &(0x7f0000000400)=0x98) ioctl$SG_GET_LOW_DMA(r2, 0x227a, &(0x7f00000005c0)) r8 = request_key(&(0x7f00000006c0)='user\x00', &(0x7f0000000700)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000740)="0e2800", 0x0) r9 = add_key$keyring(&(0x7f0000000780)='keyring\x00', &(0x7f00000007c0)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$link(0x8, r8, r9) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000000)={0x0, r5}) fremovexattr(r2, &(0x7f0000000600)=@random={'os2.', '/\x00'}) getsockopt$llc_int(r6, 0x10c, 0x2, &(0x7f0000000540), &(0x7f0000000580)=0x4) setsockopt$sock_int(r6, 0x1, 0x12, &(0x7f0000000280)=0x3, 0x4) [ 642.320004] FAULT_FLAG_ALLOW_RETRY missing 30 [ 642.324598] CPU: 1 PID: 10066 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 642.333071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.342418] Call Trace: [ 642.344993] dump_stack+0x1c9/0x2b4 [ 642.348608] ? dump_stack_print_info.cold.2+0x52/0x52 [ 642.353790] ? kasan_check_write+0x14/0x20 [ 642.358014] ? do_raw_spin_lock+0xc1/0x200 [ 642.362245] handle_userfault.cold.33+0x47/0x62 [ 642.366922] ? userfaultfd_ioctl+0x5430/0x5430 [ 642.371502] ? trace_hardirqs_on+0x10/0x10 [ 642.375731] ? trace_hardirqs_on+0x10/0x10 [ 642.379951] ? update_load_avg+0x389/0x27d0 [ 642.384257] ? trace_hardirqs_on+0x10/0x10 [ 642.388490] ? userfaultfd_ctx_put+0x810/0x810 [ 642.393076] ? rb_erase_cached+0xc82/0x32c0 [ 642.397381] ? trace_hardirqs_on+0x10/0x10 [ 642.401600] ? trace_hardirqs_on_caller+0x540/0x5c0 [ 642.406611] ? rb_next+0x140/0x140 [ 642.410139] ? rb_erase+0x3550/0x3550 [ 642.413940] ? trace_hardirqs_on+0x10/0x10 [ 642.418169] ? trace_hardirqs_on+0x10/0x10 [ 642.422396] ? cpuacct_charge+0x2eb/0x5d0 [ 642.426541] ? lock_acquire+0x1e4/0x540 [ 642.430514] ? __handle_mm_fault+0x3a38/0x44a0 [ 642.435422] ? lock_downgrade+0x8f0/0x8f0 [ 642.439565] ? kasan_check_read+0x11/0x20 [ 642.443693] ? do_raw_spin_unlock+0xa7/0x2f0 [ 642.448080] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 642.452657] ? kasan_check_write+0x14/0x20 [ 642.456883] ? do_raw_spin_lock+0xc1/0x200 [ 642.461114] __handle_mm_fault+0x3a45/0x44a0 [ 642.465509] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 642.470345] ? reweight_entity+0x7ed/0x1100 [ 642.474649] ? lock_release+0xa30/0xa30 [ 642.478621] ? lock_acquire+0x1e4/0x540 [ 642.482588] ? handle_mm_fault+0x417/0xc80 [ 642.486817] ? lock_downgrade+0x8f0/0x8f0 [ 642.490953] ? lock_release+0xa30/0xa30 [ 642.494912] ? rcu_note_context_switch+0x730/0x730 [ 642.499823] ? mem_cgroup_from_task+0xcb/0x1f0 [ 642.504384] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 642.509120] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 642.513871] handle_mm_fault+0x53e/0xc80 [ 642.517921] ? __handle_mm_fault+0x44a0/0x44a0 [ 642.522485] ? find_vma+0x34/0x190 [ 642.526016] __do_page_fault+0x620/0xe50 [ 642.530060] ? mm_fault_error+0x380/0x380 [ 642.534194] do_page_fault+0xf6/0x8c0 [ 642.537975] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 642.543406] ? vmalloc_sync_all+0x30/0x30 [ 642.547543] ? lock_acquire+0x1e4/0x540 [ 642.551500] ? __might_fault+0x12b/0x1e0 [ 642.555547] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 642.560378] page_fault+0x1e/0x30 [ 642.563814] RIP: 0010:__get_user_4+0x21/0x30 [ 642.568196] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 642.587324] RSP: 0018:ffff8801937d7538 EFLAGS: 00010202 [ 642.592678] RAX: 0000000020013e98 RBX: 1ffff100326faeae RCX: ffffc90005630000 [ 642.599932] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 642.607185] RBP: ffff8801937d7cb8 R08: 1ffff100326fae84 R09: 0000000000000000 [ 642.614437] R10: ffffed0039c0a581 R11: ffff8801ce052c0b R12: ffff8801ce052b80 [ 642.621687] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 642.628948] ? __might_fault+0x1a3/0x1e0 [ 642.633009] ? sctp_setsockopt+0x1e13/0x6db0 [ 642.637404] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 642.643098] ? migrate_swap_stop+0x850/0x850 [ 642.647491] ? kasan_check_write+0x14/0x20 [ 642.651707] ? trace_hardirqs_on+0x10/0x10 [ 642.655923] ? __account_cfs_rq_runtime+0x770/0x770 [ 642.660922] ? set_next_entity+0x2dd/0xb00 [ 642.665135] ? trace_hardirqs_on+0x10/0x10 [ 642.669353] ? update_load_avg+0x27d0/0x27d0 [ 642.673750] ? __enqueue_entity+0x10d/0x1f0 [ 642.678060] ? __unqueue_futex+0x2e0/0x2e0 [ 642.682279] ? pick_next_task_fair+0x999/0x16e0 [ 642.686930] ? kasan_kmalloc+0xc4/0xe0 [ 642.690798] ? alloc_empty_file+0x72/0x170 [ 642.695028] ? run_rebalance_domains+0x4c0/0x4c0 [ 642.699767] ? finish_task_switch+0x1d3/0x870 [ 642.704250] ? lock_downgrade+0x8f0/0x8f0 [ 642.708392] ? finish_task_switch+0x18a/0x870 [ 642.712867] ? lock_acquire+0x1e4/0x540 [ 642.716820] ? __fget+0x4ac/0x740 [ 642.720266] ? lock_downgrade+0x8f0/0x8f0 [ 642.724395] ? lock_release+0xa30/0xa30 [ 642.728350] ? trace_hardirqs_on+0xd/0x10 [ 642.732480] ? _raw_spin_unlock_irq+0x27/0x70 [ 642.736953] ? finish_task_switch+0x18a/0x870 [ 642.741439] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 642.746880] ? __fget+0x4d5/0x740 [ 642.750325] ? ksys_dup3+0x690/0x690 [ 642.754019] ? __schedule+0x884/0x1ea0 [ 642.757903] ? __fget_light+0x2f7/0x440 [ 642.761856] ? fget_raw+0x20/0x20 [ 642.765307] ? get_unused_fd_flags+0x1a0/0x1a0 [ 642.769873] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 642.775401] ? schedule+0xfb/0x450 [ 642.778920] ? alloc_file+0x430/0x430 [ 642.782703] sock_common_setsockopt+0x9a/0xe0 [ 642.787185] __sys_setsockopt+0x1c5/0x3b0 [ 642.791319] ? kernel_accept+0x310/0x310 [ 642.795364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.800886] ? syscall_slow_exit_work+0x500/0x500 [ 642.805709] __x64_sys_setsockopt+0xbe/0x150 [ 642.810108] do_syscall_64+0x1b9/0x820 [ 642.813997] ? finish_task_switch+0x1d3/0x870 [ 642.818475] ? syscall_return_slowpath+0x5e0/0x5e0 [ 642.823384] ? syscall_return_slowpath+0x31d/0x5e0 [ 642.828299] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 642.833300] ? prepare_exit_to_usermode+0x291/0x3b0 [ 642.838312] ? perf_trace_sys_enter+0xb10/0xb10 [ 642.842970] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 642.847798] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.852965] RIP: 0033:0x455ab9 [ 642.856143] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 642.875295] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 642.882985] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 642.890235] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 642.897485] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 642.904745] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 642.911995] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:13 executing program 1: r0 = socket$packet(0x11, 0x6, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:13 executing program 6: r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x886b, 0x2000) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)={0x1, 0x1, [@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}]}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000018ff4)={0x10}, 0xc, &(0x7f0000013ff1)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000280007000000000000000000010000007b6c6e6601000020"], 0x1c}, 0x1}, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000100)={'filter\x00', 0x0, 0x4, 0x1000, [], 0x1, &(0x7f00000000c0)=[{}], &(0x7f00000001c0)=""/4096}, &(0x7f00000011c0)=0x78) 07:38:13 executing program 0: r0 = userfaultfd(0x807ff) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x40}) r1 = getpid() sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) read(r0, &(0x7f0000000000)=""/128, 0x80) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f000018f000/0x3000)=nil, 0x3000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1e, 0x8031, 0xffffffffffffffff, 0x0) 07:38:13 executing program 4: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000001d00)={&(0x7f0000001840)=@updsa={0x13c, 0x1a, 0x1, 0x0, 0x0, {{@in, @in=@loopback=0x7f000001}, {@in6=@mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x6c}, @in6, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'morus640-generic\x00'}}}]}, 0x13c}, 0x1}, 0x0) 07:38:13 executing program 3: pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) r1 = inotify_add_watch(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x20000008) inotify_rm_watch(r0, r1) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="b7859cb8eec705f2288a933d66593ae164c990a0028e6640c522b60bdfedb810dcfa16bf33733b7a8961f9ec26a783f8", 0x30) r4 = accept$alg(r3, 0x0, 0x0) read(r4, &(0x7f0000000bc0)=""/93, 0x5d) recvmsg(r4, &(0x7f0000d43000)={&(0x7f000076c000)=@hci, 0x0, &(0x7f0000ae0fc0)=[{&(0x7f0000b9ff8b)=""/117, 0xa5}], 0x1, &(0x7f0000837f57)=""/169, 0xa9}, 0x0) 07:38:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x863104000000000, &(0x7f0000000400)}) 07:38:13 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) setsockopt$netlink_NETLINK_NO_ENOBUFS(r5, 0x10e, 0x5, &(0x7f0000000100)=0x6, 0x4) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000000300)=0x8, 0xffffffffffffff86) close(r1) 07:38:13 executing program 7: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x410000, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1, 0x9, 0x7, 0x2a, 0x44}, &(0x7f0000000340)=0x98) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000380)={r1, @in={{0x2, 0x4e24, @rand_addr=0x7}}}, 0x84) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="540100001000130700000000000000000000000000000000000000000000000000000000000000000000ffffac14ffaa00000000000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000033000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000001c001700000014000000000000000000000000000000000008040000480001006d64350000000000000000000000000000000000000000000000000000000000000000000000000000000000000000806b645be79e1c8e00000000000000000000000000715c7d1d551de7b6c479df289e5220d47f58401ac65c072866b02e4345af6f039f234c3cedd9ce0154d7fd29f03465c0e769258f8a6e6a3aed85b02b36261b50ab94da70d7d687bb0cec192c2900d15cbf4ce403b72617f4acf9d0567414b5b474f8d549905b8408e12a9cd809604334f01fc3c8"], 0x3}, 0x1}, 0x0) 07:38:13 executing program 4: rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='./file0\x00') mkdir(&(0x7f0000000340)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, &(0x7f0000000100)="c2") [ 643.251801] binder: 10159:10163 unknown command 0 07:38:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x10000000000000da, 0x0, [{0xaf5, 0x0, 0xfffffffffffffffc}, {0x79, 0x0, 0x1}]}) 07:38:13 executing program 6: r0 = socket$inet(0x2, 0x0, 0x2) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x101}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000380)={r1, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}}, &(0x7f0000000180)=0x84) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f00000001c0)=0x3, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21}, 0x10) getitimer(0x0, &(0x7f0000000040)) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000200)=""/239, 0xef}, 0x0) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f00000000c0)=0x200, 0x4) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 07:38:13 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket(0x5, 0x6, 0x80000000) bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14) syz_emit_ethernet(0xe, &(0x7f0000000300)={@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}}, &(0x7f0000000040)) ioctl$sock_bt(r1, 0x8906, &(0x7f0000000000)) recvfrom$packet(r1, &(0x7f0000000080)=""/233, 0xe9, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}}, 0x701000) [ 643.285736] binder: 10159:10163 ioctl c0306201 20000080 returned -22 [ 643.315253] devpts: called with bogus options 07:38:13 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x41) connect$unix(r1, &(0x7f00000bc000)=@abs, 0x8) sendmmsg$unix(r2, &(0x7f00000bd000), 0x80, 0x0) io_setup(0x6, &(0x7f00000012c0)=0x0) io_getevents(r3, 0x2, 0x8f, &(0x7f0000d83f60)=[{}, {}], &(0x7f00005cfff0)={0x4000000000001, 0x7}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x50, &(0x7f0000000140)={0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000001c0)=r4, 0x4) r5 = memfd_create(&(0x7f0000000000)=':+lo#\x00', 0x0) io_submit(r3, 0x1, &(0x7f0000001280)=[&(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000100)}]) [ 643.338892] binder: BINDER_SET_CONTEXT_MGR already set [ 643.345101] devpts: called with bogus options [ 643.359601] binder: 10159:10163 ioctl 40046207 0 returned -16 07:38:13 executing program 4: r0 = socket$inet6(0xa, 0x20000000084, 0x3ff) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x4, &(0x7f0000000040)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}, &(0x7f0000000080)=0x10) 07:38:13 executing program 7: r0 = fcntl$getown(0xffffffffffffff9c, 0x9) r1 = syz_open_procfs(r0, &(0x7f0000000380)='net/ip_vs_stats\x00') r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f0000000300)=0x3, 0x4) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000140)={0xffffffffffffffff}, 0x117, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r2, &(0x7f00000001c0)={0x9, 0x108, 0xfa00, {r3, 0x20, "9e164b", "f127f52ad04b548ac9b2beebb3836ec64eb8b236891d09583b65b0b5fee6e33459f86c5df22c087fd97b893c2447981c105ec8f6d836d180afda1ef2f968090bbdd9aa53e3ceecbabf701c88c9b55b01fe54b7a5a5fcf4508211d198f0d3e84beb067dd1a32ca3b89ddd8f231b1a54cffd3805294e188127e53628cb428189ac77d1f8f88274b3d39786a1b51bbf717ca3168dcc9e0a3c5eb37939b79ef1cc6e2a537aecd316433a410171c3016cf14f24ecef826beb448624148fe53dfeaff6bb94bcb4839d4425945604841df54f4a2c4ddcbec485fd15a111346a284416e3d9f9e70d68be652aba336487c4bbdb6f96f03ecc6dac628d812942f79cfcf95a"}}, 0x110) write(r2, &(0x7f0000000040)="e8b90ea7f8bfa8d8805083a5e5a3bbd4830192c9fc5af075465cee82b59d60c1914d87bc0cc40cc2c758eb044d7965aa12be7430c640b88acd2c67cf08fa5e5d80d7746daa541a68b8c5fcf73f48cea345b3dcfb3b355e007fa53966f34fddd25f5711eaf39a9304524900304782de274241b8e7ab56311848f980502e5af34bff45a0aac4e3fac3e5d90cbdb42cb3c89c6c508fac14dfdf34517aa3d81604ecf60c83cd0da5c6fe2c", 0xa9) [ 643.390965] binder: 10159:10190 unknown command 0 [ 643.410257] binder: 10159:10190 ioctl c0306201 20000080 returned -22 07:38:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xba0b0000, &(0x7f0000000400)}) [ 643.528781] binder: 10213:10215 unknown command 0 [ 643.543645] binder: 10213:10215 ioctl c0306201 20000080 returned -22 [ 643.550829] binder: BINDER_SET_CONTEXT_MGR already set [ 643.557558] binder: 10213:10215 ioctl 40046207 0 returned -16 [ 643.566103] binder: 10213:10216 unknown command 0 [ 643.571071] binder: 10213:10216 ioctl c0306201 20000080 returned -22 07:38:14 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, 0x12, 0x12, 0x70bd2b, 0x25dfdbfc, {0x14}, [@typed={0x4, 0x93}, @typed={0x14, 0x31, @ipv6=@ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4000) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control\x00', 0x8) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000140)={0xffffffff, 0x1, 0x80, 0x9899, 0x7}, 0xc) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f00000004c0)=0x3, 0x4) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000004}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="58000000200004002bbd7000fddbdf250a341400080000000600000002000000080017004e224e2014000100fe8000000000000000000000000000aa080018224e214e241400010000000000000000000000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x24000800}, 0x8001) close(r0) close(r1) 07:38:14 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="025cc83d6d345f8f762070") r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000000180)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) sendto$inet(r1, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f0000033ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) shutdown(r1, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x2000000002}, 0x8) sync_file_range(r0, 0x3, 0x100, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000c60000)={0x3}, 0x10) write(r0, &(0x7f00000001c0)="92a84535cd498c1a203531e6346c3f1d76fccba505f504586bc7518f36782b658ab1d39b7845b60f739ec039730800892be0e27e91d6ab6f2830043e4ad89289680e07c3bff608c1a08b123b039f6c0306e405c0d46888b1fac34884ed8f5c6a343548e680bb83140e8a7765a24699671c0b948837bf275a56cd1e2596cc0b741e007d6ca86bd22a7d64a995443ecd44e6530969290db4f64960d0798f9c49b8db39be3c0ea161087648169fd17047b78ed9a4fdbab31ac2a8c83ae6b4580f3750acd875cb3bc5860360c726308f5b8c8316db83327d278bdd9367d2f1b71f5feb9c747afb9a927c402859d88abea1b206f2b0ba8ffb7f9ee6a2c83a8055070afbe3033f4efbaa88c1d61d919231ad170182da570cbbd1973bafe6bffc629158a0c8a4d7323cc118f42c765831c4f030b32c121d6a08c113adad669c7f63bd157104f3d9cc51acdbe55a5426670121ca1e7f8544dccd606a9d1bde4db770ccb6e44e568f1324dc733e91e991be6720be60dd76153f9bc8ad5ad812293ddc2021a48ac86e3017bf97b9ba18fc9643ab", 0x18f) 07:38:14 executing program 4: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x3, 0x50000) r3 = geteuid() r4 = getgid() mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x2009000, &(0x7f0000000180)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x3000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x88cc}, 0x2c}, {@default_permissions='default_permissions', 0x2c}, {@max_read={'max_read', 0x3d, 0x4}, 0x2c}, {@max_read={'max_read', 0x3d, 0x9}, 0x2c}, {@allow_other='allow_other', 0x2c}]}}) close(r1) syz_open_dev$sndtimer(&(0x7f00000002c0)='/dev/snd/timer\x00', 0x0, 0x400000000000000) mount$9p_fd(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000780)='9p\x00', 0x0, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 07:38:14 executing program 6: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigprocmask(0x0, &(0x7f0000834000)={0x7fffffff}, &(0x7f00000c1000), 0x8) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6(0xa, 0x1, 0x0) ioctl(r4, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") dup2(r4, r0) writev(r3, &(0x7f000000b000)=[{&(0x7f0000066000)=',', 0x1}], 0x1) r5 = msgget$private(0x0, 0xe0) msgctl$IPC_RMID(r5, 0x0) tee(r2, r1, 0x5, 0x0) 07:38:14 executing program 0: syz_open_dev$loop(&(0x7f000091dff5)='/dev/loop#\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0xe}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000000d000)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) madvise(&(0x7f00001a2000/0xc00000)=nil, 0xc00000, 0x4000000000000008) clone(0x0, &(0x7f0000000240), &(0x7f0000001ffc), &(0x7f00000001c0), &(0x7f0000000040)) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) socket$inet_udp(0x2, 0x2, 0x0) 07:38:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xb63000000000000, &(0x7f0000000400)}) 07:38:14 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x157) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) modify_ldt$write(0x1, &(0x7f0000000140)={0x6, 0x20101800, 0xffffffffffffffff, 0x3, 0xb65f, 0x2, 0x6, 0x6, 0x2, 0x7}, 0x10) close(r0) close(r1) recvfrom$inet6(r2, &(0x7f0000000280)=""/155, 0x9b, 0x2000, &(0x7f0000000100)={0xa, 0x4e22, 0x2, @dev={0xfe, 0x80, [], 0xf}, 0x80000000}, 0x1c) 07:38:14 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc882345f7c76ff70") r1 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000100)="aa2e4ac2c371032413b2c73900882aed5203155505cf2b971e88bb51b6d835096511f94d97f723c736b92fac9e65022938b4eee6d40b6592bcd5af767493ed8858de26c5f6ea4a90d8d2c558fd6673fca8a19c51b23f1d38bb6f15c3896da0d5eb7f7b54154fcc077ea0d2de53f229236c4967694918747c44b4cc288b355e5421239f7e1803c2af067ce167d055664a56f2c66c0683e6ef1fb48d16bdb3ae9992e33530c9d1e714cd45c1511e0b5f3b1c3448402f7311a860b4", 0xba}, {&(0x7f0000000040)="bcac17dc8cd5897f6af291371c5d88bd2d48c83e0ee138f874f5bfbe596888875ef0d5003e7b5f1e4d381a15ae", 0x2d}], 0x2, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setfsuid(r3) fcntl$setlease(r1, 0x400, 0x0) [ 644.299815] binder: 10234:10236 unknown command 0 [ 644.316592] binder: 10234:10236 ioctl c0306201 20000080 returned -22 [ 644.323706] binder: BINDER_SET_CONTEXT_MGR already set [ 644.330411] binder: 10234:10236 ioctl 40046207 0 returned -16 [ 644.340546] binder: 10234:10236 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 07:38:14 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000000001e91e00fb034d564b000000000124c0244369a870f8089b7cce1c7116127cea89369dfe24fbc8979121e736b0d003a0a5483ab1c0582ebf3fe0b743a5c69bccb89ee1e457f379847bfb2561cd5aec3f21395fa410e3186e7baf4f3f20dbcd4db0701f5b3eb20b7bf5b23be7121cdee50b852e8a46e6bc6432571fcd01b2498beb69ebbe8cde4dfdf9752639b52b80bd3766d819262a1499f1f7a8b9fab388bdbc32f47c7bb362cf8bcd1bd411e4dd7d943720d8e03745a0d8572390b3fff4cb759f4a655be4db33126702"]) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae93, &(0x7f00000001c0)) 07:38:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x3909000000000000, &(0x7f0000000400)}) 07:38:14 executing program 3: syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070") ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x82307202, &(0x7f0000000000)={0x0, 0x0, 0x0, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 'veth1_to_bridge\x00'}) [ 644.340552] binder: 10234:10246 unknown command 0 [ 644.340566] binder: 10234:10246 ioctl c0306201 20000080 returned -22 07:38:14 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0xa0, &(0x7f0000000100)=[@in6={0xa, 0x4e22, 0x3, @remote={0xfe, 0x80, [], 0xbb}, 0xffffffffffffff01}, @in={0x2, 0x4e21, @broadcast=0xffffffff}, @in={0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e23, 0xef5, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, 0x7ff}, @in6={0xa, 0x4e24, 0x7, @loopback={0x0, 0x1}, 0x81}, @in6={0xa, 0x4e24, 0x3f, @ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, 0x70}, @in={0x2, 0x4e20, @multicast1=0xe0000001}]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000001c0)={r1, 0x3}, 0xc) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x0, 0x1) write$RDMA_USER_CM_CMD_NOTIFY(r2, &(0x7f00000000c0)={0xfffffff2, 0x8, 0xfa00}, 0x10) [ 644.398581] binder: 10256:10257 unknown command 0 [ 644.405698] binder: 10256:10257 ioctl c0306201 20000080 returned -22 [ 644.415088] binder: BINDER_SET_CONTEXT_MGR already set [ 644.420704] binder: 10256:10257 ioctl 40046207 0 returned -16 [ 644.430707] binder: 10256:10264 unknown command 0 07:38:14 executing program 6: r0 = syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000080)={{0x80}, 'port0\x00'}) read(r0, &(0x7f0000000000)=""/88, 0x58) 07:38:14 executing program 3: r0 = creat(&(0x7f0000000040)='./file1\x00', 0x20) write$eventfd(r0, &(0x7f0000000200), 0x8) 07:38:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x40486312, &(0x7f0000000400)}) [ 644.443521] binder: 10256:10264 ioctl c0306201 20000080 returned -22 07:38:14 executing program 6: r0 = socket(0x10000000000002c, 0x3, 0x5) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000)={0x1fb, 0x20000000000000}, 0xffffffffffffff34) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000040)={0x0, {{0x2, 0x4e24, @broadcast=0xffffffff}}}, 0x88) [ 644.505089] binder: 10277:10278 unknown command 0 [ 644.511683] binder: 10277:10278 ioctl c0306201 20000080 returned -22 [ 644.526198] binder: BINDER_SET_CONTEXT_MGR already set [ 644.531873] binder: 10277:10278 ioctl 40046207 0 returned -16 [ 644.540699] binder: 10277:10282 unknown command 0 [ 644.545823] binder: 10277:10278 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 644.547649] binder: 10277:10282 ioctl c0306201 20000080 returned -22 [ 645.259412] FAULT_FLAG_ALLOW_RETRY missing 30 [ 645.264008] CPU: 0 PID: 10245 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 645.272477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 645.281810] Call Trace: [ 645.284408] dump_stack+0x1c9/0x2b4 [ 645.288030] ? dump_stack_print_info.cold.2+0x52/0x52 [ 645.293211] handle_userfault.cold.33+0x47/0x62 [ 645.297868] ? userfaultfd_ioctl+0x5430/0x5430 [ 645.302447] ? trace_hardirqs_on+0x10/0x10 [ 645.306662] ? trace_hardirqs_on+0x10/0x10 [ 645.310878] ? update_load_avg+0x389/0x27d0 [ 645.315190] ? trace_hardirqs_on+0x10/0x10 [ 645.319420] ? userfaultfd_ctx_put+0x810/0x810 [ 645.323988] ? rb_erase_cached+0xc82/0x32c0 [ 645.328293] ? trace_hardirqs_on+0x10/0x10 [ 645.332511] ? trace_hardirqs_on_caller+0x540/0x5c0 [ 645.337510] ? rb_next+0x140/0x140 [ 645.341028] ? rb_erase+0x3550/0x3550 [ 645.344828] ? trace_hardirqs_on+0x10/0x10 [ 645.349059] ? trace_hardirqs_on+0x10/0x10 [ 645.353274] ? cpuacct_charge+0x2eb/0x5d0 [ 645.357419] ? lock_acquire+0x1e4/0x540 [ 645.361377] ? __handle_mm_fault+0x3a38/0x44a0 [ 645.365954] ? lock_downgrade+0x8f0/0x8f0 [ 645.370086] ? kasan_check_read+0x11/0x20 [ 645.374225] ? do_raw_spin_unlock+0xa7/0x2f0 [ 645.378613] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 645.383186] ? kasan_check_write+0x14/0x20 [ 645.387400] ? do_raw_spin_lock+0xc1/0x200 [ 645.391622] __handle_mm_fault+0x3a45/0x44a0 [ 645.396015] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 645.400838] ? reweight_entity+0x7ed/0x1100 [ 645.405140] ? lock_release+0xa30/0xa30 [ 645.409102] ? lock_acquire+0x1e4/0x540 [ 645.413055] ? handle_mm_fault+0x417/0xc80 [ 645.417271] ? lock_downgrade+0x8f0/0x8f0 [ 645.421399] ? lock_release+0xa30/0xa30 [ 645.425353] ? rcu_note_context_switch+0x730/0x730 [ 645.430260] ? mem_cgroup_from_task+0xcb/0x1f0 [ 645.434824] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 645.439562] handle_mm_fault+0x53e/0xc80 [ 645.443627] ? __handle_mm_fault+0x44a0/0x44a0 [ 645.448193] ? find_vma+0x34/0x190 [ 645.451719] __do_page_fault+0x620/0xe50 [ 645.455761] ? mm_fault_error+0x380/0x380 [ 645.459892] do_page_fault+0xf6/0x8c0 [ 645.463679] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 645.469117] ? vmalloc_sync_all+0x30/0x30 [ 645.473255] ? lock_acquire+0x1e4/0x540 [ 645.477211] ? __might_fault+0x12b/0x1e0 [ 645.481254] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 645.486087] page_fault+0x1e/0x30 [ 645.489525] RIP: 0010:__get_user_4+0x21/0x30 [ 645.493908] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 645.513032] RSP: 0018:ffff88019082f538 EFLAGS: 00010202 [ 645.518383] RAX: 0000000020013e98 RBX: 1ffff10032105eae RCX: ffffc90005630000 [ 645.525648] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 645.532898] RBP: ffff88019082fcb8 R08: 1ffff10032105e84 R09: 0000000000000000 [ 645.540161] R10: ffffed003afa1ca1 R11: ffff8801d7d0e50b R12: ffff8801d7d0e480 [ 645.547429] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 645.554690] ? __might_fault+0x1a3/0x1e0 [ 645.558743] ? sctp_setsockopt+0x1e13/0x6db0 [ 645.563131] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 645.568825] ? migrate_swap_stop+0x850/0x850 [ 645.573216] ? kasan_check_write+0x14/0x20 [ 645.577436] ? trace_hardirqs_on+0x10/0x10 [ 645.581662] ? __account_cfs_rq_runtime+0x770/0x770 [ 645.586666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 645.592187] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 645.597531] ? update_load_avg+0x27d0/0x27d0 [ 645.601927] ? perf_event_update_userpage+0xd30/0xd30 [ 645.607102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 645.612620] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 645.617793] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 645.622192] ? alloc_empty_file+0x72/0x170 [ 645.626422] ? run_rebalance_domains+0x4c0/0x4c0 [ 645.631179] ? finish_task_switch+0x1d3/0x870 [ 645.635662] ? lock_downgrade+0x8f0/0x8f0 [ 645.640052] ? finish_task_switch+0x18a/0x870 [ 645.644529] ? lock_acquire+0x1e4/0x540 [ 645.648500] ? __fget+0x4ac/0x740 [ 645.651948] ? lock_downgrade+0x8f0/0x8f0 [ 645.656087] ? lock_release+0xa30/0xa30 [ 645.660040] ? trace_hardirqs_on+0xd/0x10 [ 645.664176] ? _raw_spin_unlock_irq+0x27/0x70 [ 645.668663] ? finish_task_switch+0x18a/0x870 [ 645.673151] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 645.678597] ? __fget+0x4d5/0x740 [ 645.682041] ? ksys_dup3+0x690/0x690 [ 645.685734] ? __schedule+0x884/0x1ea0 [ 645.689606] ? __fget_light+0x2f7/0x440 [ 645.693575] ? fget_raw+0x20/0x20 [ 645.697009] ? get_unused_fd_flags+0x1a0/0x1a0 [ 645.701572] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 645.707265] ? schedule+0xfb/0x450 [ 645.710798] ? alloc_file+0x430/0x430 [ 645.714587] sock_common_setsockopt+0x9a/0xe0 [ 645.719064] __sys_setsockopt+0x1c5/0x3b0 [ 645.723194] ? kernel_accept+0x310/0x310 [ 645.727239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 645.732761] ? syscall_slow_exit_work+0x500/0x500 [ 645.737607] __x64_sys_setsockopt+0xbe/0x150 [ 645.741995] do_syscall_64+0x1b9/0x820 [ 645.745868] ? syscall_slow_exit_work+0x500/0x500 [ 645.750701] ? syscall_return_slowpath+0x5e0/0x5e0 [ 645.755630] ? syscall_return_slowpath+0x31d/0x5e0 [ 645.760546] ? prepare_exit_to_usermode+0x291/0x3b0 [ 645.765547] ? perf_trace_sys_enter+0xb10/0xb10 [ 645.770195] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 645.775034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 645.780201] RIP: 0033:0x455ab9 [ 645.783369] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 645.802498] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 645.810189] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 645.817438] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 645.824687] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 645.831938] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 645.839196] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:15 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000280)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) r8 = getuid() getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) lstat(&(0x7f0000000300)='./control\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(r7, &(0x7f00000003c0)={0x58, 0x7d, 0x1, {{0x0, 0x43, 0x4, 0x1b9, {0x20, 0x0, 0x1}, 0x8000000, 0x2, 0x30, 0xfffffffffffffff7, 0x8, ':selinux', 0x1, '-', 0x7, 'trusted'}, 0x0, "", r8, r9, r10}}, 0x58) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:15 executing program 3: mremap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f000000b000/0x3000)=nil) r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000001ffb)) r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x0, 0x141200) ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f00000000c0)) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_int(r2, 0x1, 0x2f, &(0x7f0000000000)=0x100, 0x4) 07:38:15 executing program 4: r0 = semget$private(0x0, 0x1, 0x40) semctl$IPC_RMID(r0, 0x0, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0)) mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) mount(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000700)='ceph\x00', 0x1002, 0x0) mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0) mkdir(&(0x7f0000000000)='./file0/file0\x00', 0xffffffffffffffff) mount(&(0x7f0000000380)='.', &(0x7f0000000880)='./file0/file0\x00', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000640)) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmmsg(r1, &(0x7f00000023c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="34c2efd299c611551e9e70c05e26b24bc682f3c1a1c91eb6a88023a3e950002d88fbbcecd5462fb399bbed0f11561931311410ae56281bfe5dfd71154e45bd47a3b0f881367b63d038fee26a1f1414c7fc843b311db80b49b79fc0306c9329d2d486c32854199d489526f2680c5674d2db876c38ee7fc6465688d8a51f547c2990f68c479c93bf590fe84a66e56051c3d95ed066a8ce811165cf457839fe2d34f960249b91244a7857a1da", 0xab}, {&(0x7f00000003c0)="9d98ebb951f897c0a3422104b7c0fb6f7ac2a66c09a49c602370a414abd8c969d15290ae27a54103807845c0022e3fabef13f14737cb88b262933387815c357fc6a9b0fc554fd437c1989c0d6762e135d9dcea597600af2faaed99075715be57b8571a2ac281124f853fa0b3b8b19e8f7a163fa3317074e6d94a6f9e76c9b7cc6645fcfe9c0b66861996ec68d7c9ef35a13961af07cc01a027248450bd996219846b733bf2bd6b10427ceaee8b04c2bb37ccdf73bef5abc1b0eb0d1b6941a8f40feb068c3317d2ec30a737575305380bef7870", 0xd3}], 0x2, &(0x7f00000004c0)=[{0xf0, 0x117, 0x1, "46c1d71e40500b75925bb7f44cb313fca8beda82119951fc55d897d6dd8341baf29c867c4d1da6c7513fb220d58a93f5f504104b9cc4346328dad13024a4fe55d092a2f00a3a8b7f2df045073f96666b84ed1c4e5163fdde2d6c95c7da1059c5a6192e38edc48a691082e56393225705eece4afa39a9b680e64d0e529b7ff81b9529e777f40e69d3aa5e5adb3b663ea668d44cbf01a389426b87ed8576510198b4541f01739dd0d6254b5b3e14172a913a399616ffb60492db0af789ee07362a9e46670fdfdc74055b29dd9ddd0453309f352bc4573221979a"}], 0xf0, 0x80}, 0x6}, {{&(0x7f0000000280)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e21}, 0x1, 0x4, 0x3, 0x1}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000005c0)="55bcb3dcad913d211360c7daf82dfa0b9fc9a59ab3f599c74270ac138e785faed167baee5c78311a2c2cff66d07c7049391b8a7ab9b1b37650792127e6c71fea8c9efae48f153aaceda0e72945e2be82f61fe50f43fdb10d01", 0x59}, {&(0x7f0000000640)="8ebf063ec9ca110e02c0b15d9a3631bb43bf40c6e1badcebd7859d0d09c215429f889ece84d7187e0de7563624450cb8cf548f7a8ec3811ccf036db52c", 0x3d}, {&(0x7f0000000740)="65f3dfec20a8b4d630035da6a790bedbc0db8d90886a4dc14fa19f436cd8bfc8e420831547173e89ca0e0cb23e9bf5955c6e5a61b63d14dd71c24b523afddcdcffad26c4d3da6570bf4f060b58f5d9903ef13c100dafa606ae094c18bc3499b8c886cfb151", 0x65}, {&(0x7f00000008c0)="7e36915d14d1946b0a16eecd6eb4256997389ecb3995ffdd4b2da64db722a5cd4fb5b3b51c3741bc525bb3a0c290329b010ef246b07d6a261ca56fdd597d5b3a4814c53af5e719349a5268e9bde65f3a97138c3f4609875f009c90e72064d01c471b3ae8dbd48e9142932f2a45838ce770d8604273d13325ca26b047cf8b62a5ee4014b256ce32aec06b12312a8ed8be6397acfe2d5d76baab783cbc70decbf1c1604a3c98358f3c8a2a0b0d0d250d6c3e3f4085430a3bb316e1afa9d88ac114034135eead950858b7e4794a6b8c3b25a85d756d678e79", 0xd7}], 0x4, &(0x7f00000009c0)=[{0xf0, 0x117, 0xfffffffffffffffa, "74b40246c646783546e49b62496d0d0322792ad2270d65aa998a1343a2aa3ccfe366cd37c030654c8492ba3bb2ae99be3ab623f8330b578b2fd3262a86f7e84bcec009b436b91aadb74941f429613ab290d0b6e9e17d4bb8e54fe58b1394f94b3c4ef46490d46d47566cfd6d476dc5b02ccf5fa2163b1bee73c11d7d681de827db95bee12b039ac1e2ce3081a216ff3e5622a889f454f4a15e35d8748efe5f2430f72cb818c57d3068fac565cd1fabd0e851da50141a77b84727c239d94b17a2d5be1f7bf3d4ead6d0a448eda636687a18e9124cd7ef1f7b4100f2e3de"}, {0xb0, 0x1, 0xfffffffffffffff9, "00dbc6d3fcb7571d9a566c1718ef6354a4b644cca38bd486ba028f55bd35e439fe6d234bff650815b4d054a022ee7a1ca838a38b42f30848cddfaf09b33d74ceb44c38cd801c617320ef677c144effba305b9045f9d6a843f62d9518da3647e8c94e7b26612762d4e7f9f585dc8e9c29d9fdbd559aea02f279a3cce0c4988884f9c13267a1bfac4dc1d10cff46ed6753a4d8b481cf02b278dc9ef93e13c8"}, {0x58, 0x119, 0x2, "6916ce284ce087f8534f7598eb67c25f695bf1f6e438bc8f550294a4e556deb41a04940e51a913530e92f6a3f0ad7e01bafe39d10fc0af4eb28a45876dccc1394bb433bdde"}], 0x1f8}, 0x1ad8}, {{&(0x7f00000007c0)=@ax25={0x3, {"95d8be5ff7db84"}, 0x5}, 0x80, &(0x7f00000021c0)=[{&(0x7f0000000840)="a0707bd15f33de148d1da22e661789ad8896a5f1aec6eb51b4712a1a467f", 0x1e}, {&(0x7f0000000bc0)="bf00338827a59948a9bc808fa29240c0de61c6305bb95ce9bee7957ea61e2a7d88889375517810ea3ae56288741957993ad2084f74a717a6c8f8d372d8db7ebb703c399218e508a698b4fe117740499bfb3b4b2306d16fbe98209e07f70614f2ce9f07d1fe331d84d5750a4cfb7c30289e43c07652b4d73693ef337d9b71b292c2f2711f1f0c0227b36981aa659138d6d7dd8399a2a60b99b78c15c8fd11f92ba8dfc6b607483b52792ff9ebd8ff56538972e17e819a64fef311371a44b1e7cd987426fccb3d264c6305d6e9a9602649f19f0987e5d1ffd5413922337b75cf1e52cc23eacc60be2db4f801c276283c8b4b5989404f909c", 0xf7}, {&(0x7f0000000cc0)="f2eac1da36ffdb87d8aac068670e1313ed4b7531e855bc163bf40773fd763d909762b7f81dab2ad22a39b54fd6fa5cdca1c5d6ea1477ca6cf742d8145253d6bd379db9a60e70c3b052c26ca4185d5c726c84a7f893de0e102d721ecb16522cf1981a06272b109d3c1e2ac53faf0a134adb13a74fc5e5c4fc82dd7ca0b37f565155916bc01b6c97a4b291bf31830f687b8cc5dbc0929e47aa9c29b907e95b7d4d1490e37e4d8a2e5cb36b1fc37ba3c8ee517617bb77b5c60b6c774e3a01096db91befa53899d16353cf5f49d22572187fc213ea932050e10bac", 0xd9}, {&(0x7f0000000dc0)="cf1fc9654716821c53bf2e4f96d12602da354697c0a8fc819cd767c5028b88b340cff462120ad7b5dc7abc4adcf46ddc4ee18640c98771ec7cd970d0eb4888f973f2ad9680dfae85c0e51b129a9a860324790f2ebcad149a30f4c7ee596802f81547b27ed09fb8c8e27e33183be8c9a10cf366e1f35f6603d02fbcf85956437132906912ce9c86ca27f78a9e0f43b699c3655efce87228bd9967eceefe024f857e9c99c9fadf59", 0xa7}, {&(0x7f0000000e80)="7a426e4c8ff72ff5b09dba3bb3dd058517b5a66aac0205664829d7604fff9eb73f4d0e84e42f419e1090f4324b250823c7e9856aa7d672f1323a3be98d586d1ecf698366133d76815885dee3c367eb2169c26fa61346b2fda95b0607b340af5b45b313d37dcb5cb4d1467ccec8c1e7ad8b96062c1a6bc8a8e5cffe23d571fa9396020fa4c84190fb7b216e920bf5b0b533ce46bdbd73ee76b3e07a5100a2b59e63a6084511445336993f119b57c858e6e72f0cb1a4216cd5234e5067dfe09010ff1219bb7d", 0xc5}, {&(0x7f0000000f80)="59d3746777d1612ef11f097e71c4291831a8cc40d3de21403ad00a43d00417abd841a37dff1911b8b37cb3a1d9034b299739a3ef944a2a21da4592be1938b89e5c79f8756bbfb643ce3d44af658e680c8149865bf1d96d8314f5da65f82d18a61ec4a49b44e5f7f731964e5e3bf702fa57f13d828d4c524d34346525a4946d1622fc468417fc35a832049465054390de2900aed634742f27078d01672237d377360d12d692cd8f0141f98d5eb0fd36d3460f4f94905fac403537b9f2ba98392e444caebe4f9aed2c71485d0e7c1c17", 0xcf}, {&(0x7f0000001080)="05e9db8982b12e49869621151d064513e9cb603d65eb35d6ee44b2b481b9137300fe86281d731c171536c5ded8a6fca11cba0ff864607d6777c515a54430939f4d3687714f873ea9ae6ae572dea178fab8e995c744ca9d19aaa1f68c58fe8a9e85d7245cae9fd29dce8f4e3b600770a2a668609ca9e45a15a133eb271c30cde60ff8c915238899c1015580972e3074ffe72a7abb57dc3eb3d0ed34bc3b9e4b3788d67238caaf1eeebb355da1f290c660b6ee25f5b50aebb520236328f31aecb2bcc5406470b5fa227572e1f5fd73858ec7baea8a127ab53fbc346c13253d3ac05fe57326926b47408e081243df3fd5e4d60381dfb667d0081ebd249a910b2b617f88984ca8070bfcdbccc422ba9399d416e4cc9ff16ed3980cf53c355ccf04ef6ef0d3137d14467a8a02182f7fdd6de5ba7dcd4fe90521a8ae1b63df4aa14fe2711adee56a5ef41469876adee6d42b0fc0bcc89367ff3c7177f427a2e6cc182bda323b9669fa6801c0b3e607d0ac3523dd96727b250785b9cddb40f25dccdd94f1f6d03f7d39f45a28bbee687aeb89a05a76709a775179b8ca7fc745c147621dcb28fe58dc98160ebe14bd39d3e7778dda05d68c4a82629ba25d0f61ed1b270003a682701fd6e43047de3c9be1927766ab3231001bb383376724d7705d09f4cf1523acc3f8958eaa1a222c992ccc5cfe65fb29581d899dde8eec440945da97c6215990ce31039b046d4362b807a72e28a7049f9481503a109141d107b298bd9a82ed1841cf1975619973187408d30611014583a0a37e554008e8b3156553237c354e0d2cfb2a3a5961a0d5fb1978e59b912f6a78d396d03c71780486f5626530f89c454b459549c208980944a92bdf02f73a6fa0819ed15745726767c0e41f352264bf90ee411f9bf093b918985a6ef94f01ef349ffaa16c1f3e6033990d8bd7d7e2e8bf22b6fa2722b0f2a5e639411a0661ef43237ab2c0b0b4a016385e85fd64fe62852c1c20312af0986f685dbece6863422b547aec8664330658ccae79865f74485489b575858de7bc06a1d208dcfa8fde039f36495f974fdf68387803e5d4d834f3073c785813ec8e369a0c3a4db4464e46d81db8bb28d16c56d2f45aeaeee8690f497c73af827237cf7a382684556c772abb8458329505873eb2429465f6756b150ceabee4491a2c92553b37fa7fb72dc494cb325817853b670745da6523297b1280df93ab08359abe1a8f377c15c43b37b9182d55b844ce6514ad1a4ef2cb4eecb4c8195b5a5da2e7452ecad9b2f0b3a89510e9cdb6537304b9e73cdf132de65993940e0bf48a1c4707c41c4c93a0754fbf5f27721b4a52d872fe651c4d41f7593d8b7b727396bc71c36d816394d779878cb2d6ed0c6be2f63c45f1afc439a2c06549d51542539c8044554fd4fdcf0fbfa6036e4004542c7d4e03efd404f8e8bb9bb54507745589b250b005ddeaab657e766ad81bb6234d7c51c10c3df437b66d1cbd4e009a656d4de94a5a061d1fe984c3cdb3dad45ae395d86f073ba7012f70c04a2e7354c29fb40a0e41f96120cd889fa9c84dd18d24716cec01585310855fc730d09f9c793e420e356d8169c2befd62bbef24edda3d4c56d729b9692d060b502f7ac7c9d1b9d6391abf1c93756bf16b090821440d73083a69aaff28c01dafd2d0694b6e8c4f8d7c9f83ce0f7ea6baf063d08083f81012aa6df514e8d9ebbae508212f0b258efc0352015c56bde278f70fe3c0e5dbfe7d56e2a3a4c7536768c9ab4dc681c6847b50aa3f41b1b46d42ba06b6f553a386358ecf2c26b6e58f3275a12a91f0f6f913b68f1ef635f43b0b354d76f5bc156cc110d5ae6adb4d30919a979b020b4e93b6da108f75a137630be80944b233a1be39fc62d0b97b6573723a385241c190618467e14b01cb8504cea609aac6c2342bd82c0ef315d29514d5c41702dc3a5fc4be7ea73ab69ea1565e7d80ecf97108cf1137691f5b6ad2d20879d56b719624a9b8857d5b7e26e158c18fa96110cd500f6b19ce7fb691ff8b78db2aed513c709fc94371632ab65684b17a052980d1a9f356d25704a6f88a902699830fd9b51eb72aa1e1e90ad92410a5d3135eda74d98ba2aa1ea0f328a5aa9640106a3d1e87c343ab20bc56957afcfd78b279041af4ca3e638d8a536e980d01d6c812aa7f6feb8dfaab1bc0c62c344e919d1346db43cf6c111cab6c382c4d7997b1c0e98b78862f2e9239424255d4bc437185a76eee44cffcccbf54ae43f7c855bd1e8606cf22038f4b36ce898a251a75a8785795ee0daf8857b550fab3409f84eb111e1c4be67b8932ebdec137138a3f9d32b80087dc15808be52eee550f731ccb80865ede56b95b92703c7a535795d52db03fcb79b982288db8037f5551180cbe1cb6d36d05197a5ac8e1d65f872a22a477bfdf60e20cb544cab73a3cb54ce24ba4c5f910ec028c40d86e69b688f2e288a7fdb4f36a0d01ca9b5338e02f60d44eda28ab2db0c5bc693b3469939615a04932af4a928ffead551fe417b229cecee1fee7916a8147dde65b99d11452fe65a74895a38f8295faf0c00499b2e61a57b2cd1e6c693fd2be137902291aa545887a72a5c58af5dd12d2370096a9be9e689138066ef26a947a3b0d71081c86b1cf0bb2722a8c05b0d2bc72ecb318bc9bbba03a694e8f01c43fa74dea4535bf76edfae1cd33880cf751379dc72cf1c9ae22dba03e07933eb625100086655161f77c607eb3281d17521b2c4beba2eec592ce286e71cf2dfe2063738f84898324f822b784deeafe4632276e709a77ea354c412581b11ea31e60b4effb6958909a32cdce4415cec921236cac9c43413bbe01c84df93e215eacf08a5d48c13490a2be09365ea779ba99ca933c1fcd33f40c723f8e9b6e1fe95bd3701080d53a9c64a4d3f762d09185c1539ee28d5424613beb817481feb35aba2377e4fb9928a957ba2db58d41f7f80ce9f15f06a1a7d3b1e655f3b7902d88cda1fdcf29cc7b92a73651e29552fa3830cd21048e7b09161d5d7ae1b631e21519ff5bee7c3918e8674e38cfe615ac1dfb13e0ea13861792ae5627ade46d46bab83b8a8a7adf1d00ae0d1fa7830e2c4c633a82e564afca5c1ab6b49be784834a20a69e51fad576c7083a3a46800360dddc867819c48937ca23a8e434d5a129d17acf64134d31d28a7575ea74de8139fbb99eec991de9be6804b6fe4d55a3f424827db5dce8169699d1942f788cc5b7dbe0d47d4360c71786a9ae7d25ed32157ed413255b1df62cbb1f2f16b74d7ace02f610183ac8ba11f0e846ef78bc5ce07d884d947751f70aac541d73297235f21e68bcee1337337a570a2c0807de386fa8bdc8532c9470353ee8512f88a20123bd867bf71db3407fa56176184fc927bd7c800eb47d9d60905b148204c37759c164ab14ef1bf216ebff02be0106ed537fecefba265aed3ca0bdd737d09952a9f73b97cb0ec28b1089db9f179e57adf10196e1dd768f576dcb500de9c1660d111088faf263113eaeed3262c4da74b0ce9361a11b2dc50409bff64011a3c501092a36c9cb0702db79239c3997508ab2e51477b1dfafed1f833a1f5f80177d017dc00c779ea901c78b055b2b9fbd9dea5cf3b5fc44480dc7e94b3c7ecc650204d8305bb0fc8296f694e16108615498696c1eed63aa0013a3214bac23b514348e8b2502a1f4f930ba9232c9ae1c6a6d6793939f0ff31a36d56cc41c16136367af57f30872510572f9c86541b028dfcaf6c2eb7f90f78c77f2eedce34a356d7b1f5aac7ed01ef141d1c1c1cc4796f785c12bb47b8823f8eab51bc043b92f748e48e54b8bd5e11a2dfb951051a32d2a872a7f32c5dd959a378f06a33112f0f934aaa82a326403e1040b6084e9ad87cb7797ef272a8756e1df4a579754809b93c18a5ceb8f758206404b1c9c6d4c67be873347c4e272545581e1f87ad1a9593fd398df3278b234c5139ce9df54d6141cfe0184c7e0b315efa4d63d520e9666e63da14a39cf3c745e0c96ffb36fe562003ba32eaaaa2b150fcfc8c81f56d7f2d53219a267d78c4f431efc62894f63220369d783b0a87f56d1e247502c045ddd95f7331f6f74738c367bfeecf26dca94395099c4d5c71c97ac236926848470c7df2c45c5c4e190a831543204dfc5293aae2ad700d834cb64954238dc6d15eababf69bbb44a1c387636301e2f72ca70c23752c6b78d0954280eae9e30d4f8a2d3b6cd884d3cb940d4b24e780eac05a72a3fc35b6825aa4018807f649cbc986cb24a43d15854d33f7771d4f536569a1281a181150948db499bdcf47decd974a41d0111312a835cad8017e0926bd319e848b1edc59976135528c41c81683aed3e977b2a10120dc1d316262e53c470b5d371db960b34acdbeb693a621655f6f48088280245cd6473763217eb49eb6459ee277c88182e1a18b63b3c63a13781e9d07a9f04e6978f27462958996d4cac57a31a7a7f5426d56bb9bb99fe654a28713930963d28ca2085c39f2da2b84a888ce5c55f489863b2288c90bbd4757db1027b3d6e3db5fc027928c5944fd56ba51c32552826fd4e53590f53ad0c9ce24b89ded329e7a9bac0005a599b087603728421829eac8f73cccdb0cc4ba53c54f1f63a14a55f1e07e6f5c8325a52402668032f64370c6f85d4dcf6386227efb57910ca8710e96760951ebc63c9d8898d3e7ca1cfa42b9163f060f148b8a6e7369ce609e27d5b95efccdb16372dcf7d0552e8750a0f131a383c9518b4f57185ea18f150663365f3f6c4225ef1a9857eb2c3435c3f105b4a09b0d7c8cbb4f9e3c3bc0eb22dfb15684aa6cc4d7c4fd94d818c58fded79a089ad78423d36cd2fd7c05b43be89581cca8ef611df17c830fe19ba0dd43a6c396bd2754b9bd36ff56bd7a15f7fbbf779ea003b3e77cfafb837fecd14247fa745c066a581d0faa7dba0016f02f9c74c5b456cc3c7e646ceacf98f4f161d1723c3ac7e81dd97077c052efa88e34c00afe37154555c75e1217da91c1a1b30e93f7d60f63cb2595e74932eae3b52beeecdf2c1b9a20d522d6880576280e9d201d9d7a1f56aea47ca1267095e86e150589c2d79ce1d3134a49630b5933b431149a5d8c4bb9a0cf497b7926c399ebe9abf4ee16b6e0b7c0c8a89eba7dc842b73f2e8486f3cd10dbd3be62772572668605d504286cd655e57dfac4664b7dda556631ac0afde5dfcf41198d042886ecbef79178ab3966f4b58646421f347752eb4991f63517769e17a197ade86f40d3b96fd3cb107d046eb7eb2beb8e0cf318f87fc4410a80519f27ab43350f0b9e89e8fc3848ddd4f8decaa289314284d59131d7447a0821bd87d83804533f722018947b4554c8ecc04447cc5aa344fb7876ea8ac484847247ce1ed31b696fb5b1e95589e26f47a62706577eeae4affd3cb6ea7e615cb411413b26000390563a3ec5ebcfce9829161f5c543e2d3886a7be3a763ee042ca0469bcdfd8049d385a78a7658b7a9c3e0abb0633f4ee9f7b8d53dcd22d2ccbd67404b01b46fb178a120ec4eb283dc4fa9055a8e71861370b4b0d4c8370489e1a5772e57a61086937d009de787d3bfb0b07bba743421e116d59470e3d5ff8c32c2ef2c87004ed5e90c0c39c695e7ff135a1599c8d3249ff8914937697aa65986bbb8a70eb732aba17c9ddee3bc8211ac5a4ed1666ec98d80d17c11e68b09640d3b5591cb2278576ad58390189c7591112e782cb8954bb1434cb130d6c3b3eec01f03189f17ebba150cf0160629a02533488262f4b19ceaed95c9", 0x1000}, {&(0x7f0000002080)="1400e4e65b1fe4405f1fc94f4c6fd6c435f4425b3805dbfaf82fac3395b2b90a76e0c09501123f8dcdc0e70183f35f2fa712d27681f6a310af1efef3ef9fc2ba5f9734", 0x43}, {&(0x7f0000002100)="1c5d0ac1b4e217a6f428fbbbf0c58d77094e9d2e1cef09db220abf508c5b7d4413efa15983ee1dce3b912520d43103b0c2a863fb3d403b27b843ae302dac836b4a88ae0bebb44d5073520ba323e0f8a0cd6b381289397cc59038adb87e2f6f4f2c235703b94b1250b7b197c7cae8e0542016ffee6379105959433446d643c18bb84bc6770799d0083f48015fa39317a4aba0ea2f869a4bb24ab244b1bcd9e289985aa7d20f2a37375aecc6d3ff65f59065ef9652d6a39be53d80", 0xba}], 0x9, &(0x7f0000002280)=[{0x78, 0x12b, 0x0, "ff07998dc135e90b8f68f234f19ca682f4387c95c57611825e7a3d63a355963c00becb2c4e620657bb5277f537b80a6108dcf05a1a9afed7904265b5f94e0e351b59858cae6c2a81d5f870fee1eb7162cfe2d1bc07a28abbaf9e682253acc780c7bc390fecdf3a"}], 0x78, 0x40000}, 0x8000}, {{&(0x7f0000002300)=@nfc_llcp={0x27, 0x1, 0x0, 0x7, 0x1628, 0x7e, "4838ebce20a8c402db9db2dfea3195cdd874a9ba94de172900c3257fe99c51ac8e578278bc0f74f7f610f740cb080687f33c452c7fe8581d6e6479231d00eb", 0x1a}, 0x80, &(0x7f0000002380), 0x0, 0x0, 0x0, 0x20040000}, 0x3}], 0x4, 0x20000000) umount2(&(0x7f0000000180)='./file0\x00', 0x2) 07:38:15 executing program 6: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000d0fff5)='/dev/audio\x00', 0x42801, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="8ccf82f0398b924c054446ee7d62d546ce50aeac771bb62f2f7c54730296d879cf2346f2bea3dd", 0x27) r1 = dup2(r0, r0) ioctl$int_in(r0, 0x5421, &(0x7f00000000c0)=0x200) write$vnet(r0, &(0x7f0000000140)={0x1, {&(0x7f0000000000)=""/53, 0x35, &(0x7f0000000040)=""/82}}, 0x68) socket$inet6(0xa, 0x0, 0x0) close(r1) 07:38:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x4008630a, &(0x7f0000000400)}) 07:38:15 executing program 7: ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000280)="02") madvise(&(0x7f000079c000/0x800000)=nil, 0x800000, 0xc) sigaltstack(&(0x7f0000c63000/0x2000)=nil, &(0x7f0000000000)) madvise(&(0x7f00002f8000/0xc00000)=nil, 0xc00000, 0xd) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x44000, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000080)=0x86, 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f00000000c0)) 07:38:15 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='\x00'}, 0x10) write$P9_RFLUSH(r2, &(0x7f0000000280)={0x7, 0x6d, 0x2}, 0x7) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000300)=0x7fff, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x30, &(0x7f00000002c0)=ANY=[], 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = getpid() sched_setattr(r3, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r4 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r4, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r1, &(0x7f0000000400)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) lstat(&(0x7f00000002c0)='./control\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x2, &(0x7f00000003c0)=[0x0, 0xee00]) setregid(r5, r6) openat$vcs(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vcs\x00', 0x401, 0x0) socket$packet(0x11, 0x3, 0x300) close(r0) close(0xffffffffffffffff) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000440)={0x6, [0x6, 0xffffffffffffff01, 0x9, 0x7, 0x7f, 0x8001]}, 0x10) 07:38:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0xffff}) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000140)=ANY=[@ANYBLOB="000000000090003f930f7874"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:38:15 executing program 3: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x5, &(0x7f0000000080)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0x8) ftruncate(r0, 0x800) sendto$inet(r0, &(0x7f0000000300)="652cf9a651d0e689b8dc8d6af528d94d6d37650a6833592813b6740bf1149c5717a781c762ad129f1e4c1f0481acd7da2885b0c44ec1929e5f8e1da2f8b388313a1c07dd7fde0ee2bce80d436b1de332242463d2d996a22685c3fc4526e27f10ffa19673ce566a287d8302881cdd8f342301c160175b20693a50765bdf05760e31db2243092f419e69f375e7225610d904977c6d740d32c294c66f055834f953062edb5a13c19129b08e3fcbb169b8d90a2e38b75c8d504ef0988d730bc7ed5da4216accc0109b60184e0ad79d7e0ab0e0e12245ae3efb91401d1a1db839be21091a6e", 0xe3, 0x4, &(0x7f0000000200)={0x2, 0x4e24, @loopback=0x7f000001}, 0x10) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000000)) [ 645.943374] binder: 10316:10317 unknown command 0 07:38:15 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x3) r1 = dup2(r0, r0) ioctl$LOOP_CLR_FD(r1, 0x800452d2) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0xffffffffffffffff, 0x2, 0x80, 0x1, 0x512}}) [ 645.968340] binder: 10316:10317 ioctl c0306201 20000080 returned -22 [ 645.998710] binder: BINDER_SET_CONTEXT_MGR already set 07:38:16 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f00000002c0)={0x53, 0xffffffffffffffff, 0x21, 0x0, @scatter={0x0, 0x0, &(0x7f00000001c0)}, &(0x7f0000000140)="abb1a501df7e659e926f555983723046e975d086b77ea44ca455de9ed59bafac37", &(0x7f0000001600)=""/4096, 0x0, 0x0, 0x0, &(0x7f0000000100)}) 07:38:16 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa}) r2 = syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0x0, 0x111980) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0)={0x0}, &(0x7f0000000300)=0xc) mq_notify(r2, &(0x7f0000000340)={0x0, 0x2e, 0x0, @tid=r3}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r5 = socket$netlink(0x10, 0x3, 0x4) r6 = getpid() mount$9p_fd(0x0, &(0x7f0000000440)='./control/file0/file0\x00', &(0x7f0000000480)='9p\x00', 0x100000, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@fscache='fscache', 0x2c}]}}) sched_setattr(r6, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000380)={0x0, 0x8}, &(0x7f00000003c0)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r4, 0x84, 0x78, &(0x7f0000000400)=r7, 0x4) unlink(&(0x7f00000000c0)='./control/file0\x00') getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(0xffffffffffffffff, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r5, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r6, 0x10, &(0x7f0000000100)={0x10001}) 07:38:16 executing program 6: pipe(&(0x7f0000e2aff8)={0xffffffffffffffff}) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x200004000008916, &(0x7f00000000c0)="295ee1311f16f477671070") futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000564000)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000edfff0)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f000000d000), &(0x7f0000048000), 0x0) clone(0x0, &(0x7f0000f88000), &(0x7f00002b0ffc), &(0x7f0000714ffc), &(0x7f0000e1bf43)) r2 = gettid() readv(r0, &(0x7f0000616fa0)=[{&(0x7f0000e4bfb4)=""/57, 0x39}], 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000a44000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x7) fcntl$setsig(r3, 0xa, 0x12) fcntl$setownex(r3, 0xf, &(0x7f00002cb000)={0x0, r2}) recvmsg(r4, &(0x7f000070bfc8)={&(0x7f00001d6ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0) dup2(r0, r4) tkill(r2, 0x16) [ 646.014268] binder: 10316:10339 unknown command 0 [ 646.024031] FAT-fs (loop3): Directory bread(block 128) failed [ 646.031544] binder: 10316:10317 ioctl 40046207 0 returned -16 [ 646.035927] binder: 10316:10339 ioctl c0306201 20000080 returned -22 [ 646.052254] FAT-fs (loop3): Directory bread(block 129) failed [ 646.061488] FAT-fs (loop3): Directory bread(block 130) failed [ 646.080490] FAT-fs (loop3): Directory bread(block 131) failed [ 646.082662] sd 0:0:1:0: [sg0] tag#2626 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK [ 646.095216] FAT-fs (loop3): Directory bread(block 132) failed [ 646.095235] FAT-fs (loop3): Directory bread(block 133) failed [ 646.095249] FAT-fs (loop3): Directory bread(block 134) failed [ 646.095264] FAT-fs (loop3): Directory bread(block 135) failed [ 646.095354] FAT-fs (loop3): Directory bread(block 136) failed [ 646.101204] sd 0:0:1:0: [sg0] tag#2626 CDB: opcode=0xab, sa=0x11 07:38:16 executing program 7: r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x10d, 0xa, &(0x7f0000000040)={0x9}, 0xc) socket$inet_dccp(0x2, 0x6, 0x0) uselib(&(0x7f0000000000)='./file0\x00') 07:38:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x6000000, &(0x7f0000000400)}) [ 646.101223] sd 0:0:1:0: [sg0] tag#2626 CDB[00]: ab b1 a5 01 df 7e 65 9e 92 6f 55 59 83 72 30 46 [ 646.107411] FAT-fs (loop3): Directory bread(block 137) failed [ 646.113045] sd 0:0:1:0: [sg0] tag#2626 CDB[10]: e9 75 d0 86 b7 7e a4 4c a4 55 de 9e d5 9b af ac [ 646.113061] sd 0:0:1:0: [sg0] tag#2626 CDB[20]: 37 [ 646.181030] binder: 10355:10357 unknown command 0 07:38:16 executing program 7: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000140), &(0x7f0000000180)=0x4) syz_mount_image$hfsplus(&(0x7f0000000100)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x800000004, 0xaaaaaaaaaaaa9d4, &(0x7f0000000180), 0x5000000000, &(0x7f00000001c0)=ANY=[@ANYBLOB='noer,\x00\x00\x00\x00\x00\x00']) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x200002, 0x0) write$P9_RMKDIR(r1, &(0x7f0000000080)={0x14, 0x49, 0x1, {0x0, 0x1, 0x6}}, 0x14) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000200)=0x0) syz_open_procfs$namespace(r2, &(0x7f0000000240)='ns/uts\x00') pwrite64(r1, &(0x7f0000000280)="9457dcbbe9cd6e5dbcfeaaa514f15c2c0f2113fd74b29ad1258bd30ea45d2d54d230dcf225620de6467733597028b2394b3b837930ab9ee318d0fe7e4a06541c544b8f00b85cbbb69929b6115e2b6e886d34e5a6059cb157e2c4cacaf06b595dc041ee2ad270ccb572cbf5faa4fe34291bc7a2e97a8a43227ea451ad4f1e6efc6cdc42ceee24d01b05a4b76f30a9cd1d09bdb6d5e467fb24dd7736a71a7be95b85ffdfd6ac7cc95ee64422c18e926b062ba9c3556b62e17c1f08b8b3aeb3f019e755869b123f7ed497e3892256ec9019843b1fdae065a29ddae561a24ef2861beddcc27aed55acea0db9dc7ab5e4338ecfe5e2b70e9285b6dac537d513e997e223ab988a5babf7897d0a556274fd74d05bc46f9c53a287865a524256d1936954e26141b179007dbe98a3d03431d5a473c9cb3e3758525e48126440c56a28c792d663bf967b65799ab8c2bd165bba370363cbf68f292fc6b1f8152ff37840dabf22db0c4e88fb887eeee2c7c6efcdf5739ae2f50a8029de9feb118903ea368235c6e0a03f500df63aab31b4927b6811f2653c0443fe21a71f4ee485bb52db849a30be0b332651ad4b73abcc0f843614d1722513aef05bfce499b4d20319aa31cf9b92ecac429ff69f9bbd6f4aed6b813e6135a6c4c8650aa237ff08380d71b600d4af97c5ffe6b087a3d4e9db0acf207a3ff3f20393657cf3aa3cefce1d1738aa156337516d155a5baa9d43379a1bb3825ffda92a5bcaa65aaee24bd1ef99a9e39e89c9eee59c5606e7dbd6155d673c6949fbe5f94185c07f2b46a2d11869147531a466922a249c6518c8b9c97fd6363390991210b6f1b94613fb1416ff63a7cb5b4086e05c978c83afa3ba43e4d46deae036d9810022cdae0ac2f06b241c21c8a376d41b6d8d0f25171f6bfa2c9d70cd704959d0eaeef10e0baab0fe99d084663df53cbda0b9d8404805f6e3e7c063f1cf156511d0d8a88f0f3d75bd7bde93d4136150e51fbc116eaf8fae77024dd44c963d7c673685c27544ec6bbf695c67ee1aa40494e899811047ef6f39e2da8ebfbd8a857c2cfb0a8dffd97c0357f32aa6791fc99f805dc36237cdfd7e61891e6353d9b9a2b44e927a646251f2ea8b349ad8e698bc6ad99f3d3d3804a2be7fb22e1ebe64a954883930ec487d2407e4822a460b75d34eee6fcd3807c158b54bf7e45a145c7425b0da772a509eccb317b85ade29236dbbad7a3651685e881474340290caddd982e41ee6d6f1f98cd74e284f4b22e752817ee16551dbf62240c890eb94e2ad2c6dcbd5228957e5d522f42f47312fe0d5366488aad0c8c00bb9d0d3e831338466ec666ad05578f86e24c28086cddc63ed0d59579772d604648b71522db6096bd10ffe5cfc80399399ad84839b2c367ccc752dc06da7f87fe7287a4ecd2a1fe702b68fb8cff5ccaac1146675be7ec9beaccdd9467e39cce901396bc59dcb8cceb9fb7d415d1609d016289258baf64085fc42aaed2d38d4ad3e5d6cc996d07faa6022757cd63d45701213747f87ddb683638f0410dc05d52488f3285ec21d390f0939cae11a0927d5df6feef50d479265c9897f0b84156e8738e7669a175788537f38610729199d394d22bd57d38c59b8c275d9ea05c2ac0757f313b7714b301b29d841fd0cacf4ac0f8b553ec290fa74d8510a30eeeb432165ac5827bfe0434096c6efab9ba5e5dec06f609b2e28b713e1fe78e91a7410bcdd4391ac60bca65d6310da08615963422881ad3af5a48b24d85e1f24731ceb33bf361e52f3e5860767ba663ccb1757f718b8ace18cc267dc88bc8fd001d5ecb09282785745d4e3da8f84766955bbaf8965dfcd40d9fe1c72ee760cebf1ecc580d364fddfeff872a7bc810520321aa393169bc55ae33ad41393faa386c4c5ac7f52eda2343d116332b05f9a920fb681d87b7b1eced8e1e6d89067fd2c19e807a636688e5149e7013519171cf970e7666071c31c0172fdef45be59d79f44611e3ff8cdd5eb7591f0020c4aae09d64e40d00e3b763dfe7dc1036a17470e35146d4c625a833a98d6ec6e99882c815a3e8910d57c64b206e804b1fb434126fc04036ef234a3622bf8059196c51c5fbf0c6d9c932b6be1f883a4f8dfe1f2405a3d508583f11298ced752b892a33441aecb01c156b465658323c55c3dcc42100d94d863b0e88c9412bf47cdc8ee27602579cd5bd45402fe242137d1e7e8db0edc2cbf1414d632fbf7e269ed81ecd2096c2a7f5e2e57e7980c26753f1ce94272c72a998bbb91ea93850222d7ca23b2737b90706e94b96261b307cf0f008aa518ccdb9f8212e741bb9a64afa0d40da85a4323b81dcfc9c14948896dfd77c40549314495a5bede8db2d1f1a8506733d6addc8ad130526c4d5cc92c155492115a8b0fab72c8c4369a385b378dcb3c34f962185de94cbc505091822b3cb6f81894b096c9c5c2f83c167b0a8e3c83e95d4b6a3f993e5190b08b76ef84b1c7066fb022216b13c490a7e3dd2d299ecdd120dfffec4ee95f11d92fd429c84c2b099cd4232cf1ec666daedb2545c7635c222d77deb6f27298d21083babdcad328cb41d841d43636ab9e660163bbcb7f9be2c2f13d683f6fe795c21027a08206424ca0104625575e3f954caadb7d922eddfa82260e8a1f21b14368737656ecdfaa945af3b348674003f00c10a83597e25e9377f4fbd47b640562df271abab6d79d17e0f99a4709a48c82cca8b141bb302a7e7de43764d5d8ac40843871eda6053b4a0bb99a738909241df5a18b6d2c5ec5b32da469419084ee44e304721a420f1d323961124a1f0320b54ba29a79836056cd14120598fc293786153d8979f9d3fadcc0fc8fcc5dd9361e659b0108df87be12b5798670613c210006e5e15bee2d08e5192f15135a9a4cba9413c8ab1537e5b4361d2f61b601c2e2d261e10e4a795fa0645374e2b96065cc7673afb3c35b6aeee7a1974e42d2c9d70a48f9e65fc45e7dd5024b7ab8c4f2d8a75bdefff23b99e581e2be112619b4f4fab22efe43ef6ba93c9333a26282d29acffd85369db9a799bbba192d16c21557f30b35c96d69ca476f85d028948f79db94db1efd23a4588ae9ea65c4c767d2e46965b4d8b6fa4d13c1efac62fe60933e2a17be740f7dd05efd7f352ae4f79ddd7f5654923d3b5f5058467045e11396d5859f9fd7cae3e32bdb94a536033cd2ea7694eb23e680d81ad35e44492da2e81513c80e7a214a3b2eb36ed91a9e8e2ba36bc2642d1d341ad06d408832e22901589a3e4018e8ba6a3dde7b4772fda6579d0a2695f3e8cb2ffe48e7b4f82778fafef84e6b704acd62bcebcf930d210af11558ec6234658a61d99e09c20361076271bae77523852c957f5cd4ef996417d5cb087c84a64c1d4535baa40fb0fe8c8763cf20f7f562a01198201b492515fb55e21d8aba4f09c585e971fd8f4f64c2617b5956c70049094b8c38acee10977c253becbc7ba10466f1f99b2f0fbd2306fc1f8e45e2470694f4d03acf7acb84afa3fbb1a16dab53ba122a51b1c79d6be7e8aaee278bec759ccfd644541aeca9e67576fda05955ae68fac42475dbaeda8fbf9f9328d6a65410ff55ff0bc31921dae26c4e84b5b4805d9447e84de26224c3ab2145f630908ce2e74774d78219b7d06ee45d0d58832806eca49ff1c666761d5ba23fa49f18543e9944114d7fb0225fff0f3b81c7654445aa23b97b9bf1e7572957b15af442bb249d1753257a2440830768569b4264508d12aeae71e74934b0d26aded0289add32d17b53e906c5b1c06f59c5b12e426ec14076ec94fd03867bc8cb55cd3e7daa74b46c8a094bd1212e996bc4533c26c4a886208f8427a6d48955cd96cabc6ddc9d4c72dc594136d6d7fbf7d1bc432636713d31636d72dd4e564973f836d70b65fb53cee46bdfde60803fdbb624f1f9553fe33e5c157cae7b23c20a511c9d7dfa07f2e3ae893aa216ad74290447008da1a224c045ab6dc179b5180d840cf9c53251bb92c61d78c75ac1a12b7799896dcceb32408de51c642c4da6f383fce523660b31c7384427caa34908d2372ac885982c586da35597ad520a7412d74afce9af80745d9292953a7f13fa941915871276d5f40b57db585c4e41dca2a796b42b1fbacbf029f5e4e4ef8c4ddc9073c410660d311a6207e12d3eabbe67a731227910d17e2c457fa21f0e789021b8b801a3080c4e52764c0dadd9849f53523976c2535927e3f57e1d8bbeaa555d491b71088b22d20617eb093fc25e3bca18c9b2a6c6480a5d4dac9387d8a33967fdb386e1d1eae4c5cb74ba43a0c1fc98317d253b02a0cc1cea4a25132aa15faec6ccbda2e3ec018d13bd465da913cc026ee78f062196725e90bf77f2711db1c9aef1b84c7f457b0d438ebbe3af426c8f530286fe099bc27794a8d1c64aa2c3a394dd52938b60d0553d14f2015a62e99bfb0dd11d9697815878666eb9873577c3978cfe7d4644c75cab75f5b9fd2a34408b49a614f45e1d69e2daf40f2dbc2639b00019dc310b5e6ae2f05c5b024b2e8d812f8c184eff524268e2b7038c3dbafae96f9666bfbaf538a8e170897637cf427badfabcc7a623a177f1714d31e1edf5ef959ec6506508d655dcc7523c9015332d71b54f3b5d9d25ef1eb1bb0032b8007c470b216707bff7f24baf1a03a16f8f343c30305585576ece1745dc71392cc0ec6ea3eae388c15ca011f1fa9d7f6ef679823a9a3f2f5fdde755f41d35a40a9ebfb20dc6785ec8d5cc029dc549bb91aa0085fc1d47d3136078236c1b64ee1d22b445fbdb3eedd91f8c11564dea0dac15bf325a4d9b7d447edf77b609afce8bede3fb9a72bfba58c704e628e86ea043fbd0905231ce02d68d7a233c4f7b9e56abda14b77300279eaa4efe3e215cd3b0aa3695237fe862d396ae09bbffa50a1e65b849b52444a76df697ff8f0a0e01509244e65946e6331887cb3e1bf09d71cbe85803bf7192bcb17b7dcf4dc08f0d84948ca3c0bd811b5632cc3ac0b7de8a6da6a7f1811b5d6c77002cd14bef67be9a5f319ec01bf2e6340476956abd9293c2274736e0393da3d7cebbdbc51e60118d7ffa6230f7430b6cb6dabe9dafa5f2dcb811ea8bc6bc123576c8f194b77c706f23677158d40f83bc15815f8a766982238f5d8666cd072c98ded432660cdc61874e9fd980fe7b0a0ac469b12481ee49bb72e27dd43e399d0b583c26d5601c7bd0f9d57301bb093119e8867bd999061f69f1ed88ddd1764a0f1a1b3507eb91e82ea9ae6012c00ec29e335320c589c3207744878929aee0b8b811aaa10b15618ea519738a664bbcc6ffe55c06b9174086c4e81f4363a08bad90c3fcc0f7191ad1b15732ff17b3cfb025935572de7b7cb6473495a580f2c9df8538222895c3030d17eed6330ad01bafaee0e2e4d5d82d22b983cfc8047fd6e71fdce6e71fe0f461d63dd442f3a8df60454fbf2d29f6004d067d159929805c4ce1c193a211d940ba250a29c63ac6235a3825947aac94e93471eb6a7392bfdbce7aae6031798d17d81158cb8eb7bc535e9a66f61a0ed846082273bc43c364873d66abd65babc1005c4034f51d17136d987af2ad30440b05271a8fabe3397a1ad106e5eb2441225597c96a77eaa525a489ab873d87506cdaae0ae2eeaa3b50aee8e22a44a96daf966f363677e2d6c52c2437988961abbae3ed7c89140dfd2506158d03cc85ee27b783829479717432a2623b0be7390f73b8707c8b6be97217db6e5b749294933b4f2d607dcab82568549d763442dd273bce2272d0388b584e", 0x1000, 0x0) [ 646.212440] binder: 10355:10357 ioctl c0306201 20000080 returned -22 [ 646.228194] FAT-fs (loop3): Directory bread(block 128) failed [ 646.235140] binder: BINDER_SET_CONTEXT_MGR already set [ 646.253644] FAT-fs (loop3): Directory bread(block 129) failed [ 646.265261] binder: 10355:10357 ioctl 40046207 0 returned -16 [ 646.270919] FAT-fs (loop3): Directory bread(block 130) failed [ 646.277926] FAT-fs (loop3): Directory bread(block 131) failed [ 646.284561] FAT-fs (loop3): Directory bread(block 132) failed [ 646.290590] binder: 10355:10366 unknown command 0 [ 646.294253] FAT-fs (loop3): Directory bread(block 133) failed [ 646.300784] binder: 10355:10366 ioctl c0306201 20000080 returned -22 [ 646.301593] FAT-fs (loop3): Directory bread(block 134) failed [ 646.315371] FAT-fs (loop3): Directory bread(block 135) failed [ 646.332743] FAT-fs (loop3): Directory bread(block 136) failed [ 646.347122] FAT-fs (loop3): Directory bread(block 137) failed [ 646.998959] FAULT_FLAG_ALLOW_RETRY missing 30 [ 647.003569] CPU: 1 PID: 10325 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 647.012061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 647.021413] Call Trace: [ 647.023997] dump_stack+0x1c9/0x2b4 [ 647.027621] ? dump_stack_print_info.cold.2+0x52/0x52 [ 647.032806] ? rb_erase+0x3550/0x3550 [ 647.036595] handle_userfault.cold.33+0x47/0x62 [ 647.041248] ? plist_check_list+0x7e/0xa0 [ 647.045380] ? plist_check_list+0xa0/0xa0 [ 647.049520] ? lock_acquire+0x1e4/0x540 [ 647.053477] ? userfaultfd_ioctl+0x5430/0x5430 [ 647.058042] ? trace_hardirqs_on+0x10/0x10 [ 647.062261] ? plist_del+0x4a1/0x9d0 [ 647.065955] ? plist_add+0x790/0x790 [ 647.069648] ? lock_release+0xa30/0xa30 [ 647.073614] ? cpuacct_charge+0x30a/0x5d0 [ 647.077763] ? cgroup_rstat_updated+0xe6/0x470 [ 647.082345] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 647.087880] ? update_curr+0x200/0xc00 [ 647.091763] ? reweight_entity+0x1100/0x1100 [ 647.096179] ? trace_hardirqs_on+0x10/0x10 [ 647.100433] ? kasan_check_read+0x11/0x20 [ 647.104584] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 647.109153] ? compat_start_thread+0x80/0x80 [ 647.113567] ? lock_acquire+0x1e4/0x540 [ 647.117528] ? __handle_mm_fault+0x3a38/0x44a0 [ 647.122103] ? lock_downgrade+0x8f0/0x8f0 [ 647.126237] ? kasan_check_read+0x11/0x20 [ 647.130364] ? do_raw_spin_unlock+0xa7/0x2f0 [ 647.134751] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 647.139323] ? kasan_check_write+0x14/0x20 [ 647.143546] ? do_raw_spin_lock+0xc1/0x200 [ 647.147764] __handle_mm_fault+0x3a45/0x44a0 [ 647.152170] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 647.157004] ? __sched_text_start+0x8/0x8 [ 647.161136] ? kasan_check_read+0x11/0x20 [ 647.165281] ? lock_acquire+0x1e4/0x540 [ 647.169245] ? handle_mm_fault+0x417/0xc80 [ 647.173480] ? lock_downgrade+0x8f0/0x8f0 [ 647.177613] ? lock_release+0xa30/0xa30 [ 647.181571] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 647.187002] ? mem_cgroup_from_task+0xcb/0x1f0 [ 647.191590] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 647.196338] handle_mm_fault+0x53e/0xc80 [ 647.200380] ? __handle_mm_fault+0x44a0/0x44a0 [ 647.204953] ? find_vma+0x34/0x190 [ 647.208478] __do_page_fault+0x620/0xe50 [ 647.212522] ? mm_fault_error+0x380/0x380 [ 647.216652] do_page_fault+0xf6/0x8c0 [ 647.220444] ? vmalloc_sync_all+0x30/0x30 [ 647.224585] ? schedule+0xfb/0x450 [ 647.228114] ? lock_acquire+0x1e4/0x540 [ 647.232071] ? __might_fault+0x12b/0x1e0 [ 647.236118] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 647.240944] page_fault+0x1e/0x30 [ 647.244379] RIP: 0010:__get_user_4+0x21/0x30 [ 647.248760] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 647.267892] RSP: 0018:ffff8801d4a7f538 EFLAGS: 00010202 [ 647.273244] RAX: 0000000020013e98 RBX: 1ffff1003a94feae RCX: ffffc90005630000 [ 647.280510] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 647.287776] RBP: ffff8801d4a7fcb8 R08: 1ffff1003a94fe84 R09: 0000000000000000 [ 647.295060] R10: ffffed0039dd28d9 R11: ffff8801cee946cb R12: ffff8801cee94640 [ 647.302325] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 647.309606] ? __might_fault+0x1a3/0x1e0 [ 647.313659] ? sctp_setsockopt+0x1e13/0x6db0 [ 647.318055] ? get_futex_value_locked+0xcb/0xf0 [ 647.322710] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 647.328403] ? trace_hardirqs_on+0x10/0x10 [ 647.332619] ? futex_wake+0x760/0x760 [ 647.336409] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 647.341591] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 647.347108] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 647.352197] ? futex_wait+0x5d2/0xa20 [ 647.355982] ? futex_wait_setup+0x410/0x410 [ 647.360292] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 647.365465] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 647.370982] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 647.376065] ? futex_wake+0x304/0x760 [ 647.379854] ? lock_acquire+0x1e4/0x540 [ 647.383809] ? percpu_ref_put_many+0x119/0x240 [ 647.388371] ? lock_downgrade+0x8f0/0x8f0 [ 647.392511] ? lock_acquire+0x1e4/0x540 [ 647.396464] ? __fget+0x4ac/0x740 [ 647.399901] ? lock_downgrade+0x8f0/0x8f0 [ 647.404029] ? lock_release+0xa30/0xa30 [ 647.407984] ? lockdep_init_map+0x9/0x10 [ 647.412027] ? exit_robust_list+0x290/0x290 [ 647.416338] ? __mutex_init+0x1f7/0x290 [ 647.420296] ? __ia32_sys_membarrier+0x150/0x150 [ 647.425033] ? kasan_unpoison_shadow+0x35/0x50 [ 647.429603] ? __fget+0x4d5/0x740 [ 647.433045] ? ksys_dup3+0x690/0x690 [ 647.436740] ? lock_acquire+0x1e4/0x540 [ 647.440695] ? __fd_install+0x2b2/0x880 [ 647.444661] ? lock_downgrade+0x8f0/0x8f0 [ 647.448790] ? select_collect+0x610/0x610 [ 647.452917] ? lock_release+0xa30/0xa30 [ 647.456885] ? __fget_light+0x2f7/0x440 [ 647.460865] ? fget_raw+0x20/0x20 [ 647.464312] ? get_unused_fd_flags+0x1a0/0x1a0 [ 647.468879] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 647.474417] ? alloc_file_pseudo+0x281/0x3f0 [ 647.478811] ? alloc_file+0x430/0x430 [ 647.482611] sock_common_setsockopt+0x9a/0xe0 [ 647.487101] __sys_setsockopt+0x1c5/0x3b0 [ 647.491254] ? kernel_accept+0x310/0x310 [ 647.495310] ? do_futex+0x27d0/0x27d0 [ 647.499106] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 647.504632] ? fput+0x130/0x1a0 [ 647.507898] __x64_sys_setsockopt+0xbe/0x150 [ 647.512289] do_syscall_64+0x1b9/0x820 [ 647.516162] ? finish_task_switch+0x1d3/0x870 [ 647.520646] ? syscall_return_slowpath+0x5e0/0x5e0 [ 647.525556] ? syscall_return_slowpath+0x31d/0x5e0 [ 647.530468] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 647.535464] ? prepare_exit_to_usermode+0x291/0x3b0 [ 647.540462] ? perf_trace_sys_enter+0xb10/0xb10 [ 647.545114] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 647.549953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 647.555125] RIP: 0033:0x455ab9 [ 647.558292] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 647.577428] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 647.585126] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 647.592376] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 647.599624] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 647.606879] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 647.614131] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:17 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0xa0800) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000dc9000/0x1000)=nil, 0x1000, &(0x7f0000000000)=""/152) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) mlock(&(0x7f0000133000/0x3000)=nil, 0x3000) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:17 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xa630840, &(0x7f0000000400)}) 07:38:17 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x876a48dfdf12902a, 0x0) write$binfmt_elf32(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="7f454c460001050200000000000000000300039a00080000000c00000038000000240200000500000000082000010056040800ff07000000000400006008000000ff0100000600000000080000080000000400000007000000c090b0aec24ea09b6b56dc568a2fd45de3a8014626369704000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000abb6fbeeed174281f1a992b4f2b2304cf64d68f98e69f3b05b84a5fb5fccf1fba9c4505c4a93b5fb3dad056f8d4e6ee1ba9ec8d1d73a539da02ce0705dcadbad26eed8aab6f2c32854b6d9ee26544dae061aa5426635360a69c3ef5de50b7005de871d85d6a03862c7efcac176caa2a7fc2c2e1a6759434a46e8e1cfba01479e505e074619b40529843d63106ae408928e8a"], 0x470) r1 = socket$inet6(0xa, 0x1100000000006, 0xb96f) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r2, 0x0) shutdown(r2, 0x2) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='attr/current\x00') ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, &(0x7f0000000200)={0x29, "b07d2cda3b5f688ff2aea8ec23a7442a136dc660db8a6e8f42882057f3ae4712a4a775770e07478b7d"}) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000140)=0x2, 0xa2) accept4$bt_l2cap(r3, &(0x7f0000000040), &(0x7f0000000080)=0xe, 0x800) syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000740)='./file0\x00', 0x8001, 0x0, &(0x7f00000000c0), 0x6000, &(0x7f0000000800)=ANY=[@ANYBLOB="63727069642c008ca9275e40907d71fa69ef05d248b3fe485251a4a9aa6a3ce4b1a053e2fd1be5b0bcf2751007da70137472cde80d8860aa0fd3a823fe9d407df9258be0d6bda9b911309968983c7c69de2a313ad50cc80e347ce9838d4c45d0b5ee5eb6c355a047220350e65880a08ee16f37bae6904fe873e321161222ae24f021b5ade364abb519004df70b939099c7cf0dab23f3b8d6dee415d0afcafa132ce1f7e5844ce9183dcb037d2fca747792189546bda8a6d5fe3e"]) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000240)={0x3, 0x8}) 07:38:17 executing program 4: r0 = socket$inet6_sctp(0xa, 0x10000000003, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x64, &(0x7f0000000040), 0x5942a11d005b8d89) rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x7, 0x6, 0x3, 0x7}, 0x1}, 0x20, 0x1, 0x0) pread64(r0, &(0x7f0000000080)=""/253, 0xfd, 0x0) 07:38:17 executing program 3: socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x4e23, @rand_addr=0x5}}, 0x968, 0xffffffff, 0x200, "484e28bef2c21634b298de3978f871425e1a084c5ba78992d31d2f13a59f2d5a02a31cf96a2405a554bfd2e961165f42e21e4e1640eff98980d8e226adc35ded3b266b298ba6f5d5651c62b107b7795b"}, 0xd8) r1 = socket(0xa, 0x1, 0xfffffffffffffffe) getsockopt$inet6_int(r1, 0x6, 0x23, &(0x7f0000000100), &(0x7f0000013000)=0x10) r2 = getpgrp(0xffffffffffffffff) process_vm_readv(r2, &(0x7f0000000540)=[{&(0x7f0000000040)=""/166, 0xa6}, {&(0x7f0000000240)=""/100, 0x64}, {&(0x7f00000002c0)=""/142, 0x8e}, {&(0x7f0000000380)=""/139, 0x8b}, {&(0x7f0000000440)=""/47, 0x2f}, {&(0x7f0000000480)=""/185, 0xb9}], 0x6, &(0x7f0000002780)=[{&(0x7f00000005c0)=""/193, 0xc1}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/4096, 0x1000}, {&(0x7f00000026c0)=""/120, 0x78}, {&(0x7f0000002740)=""/58, 0x3a}], 0x5, 0x0) 07:38:17 executing program 7: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x65, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x3f8, 0x4) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000080)={0x0, 0x7fff}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000180)={r1, 0x101}, &(0x7f00000001c0)=0x8) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0xd470041877f0fcc9) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r0, 0x1) 07:38:17 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") accept4$inet6(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, @local}, &(0x7f0000000140)=0x1c, 0x80000) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x7ce, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) [ 647.798900] binder: 10411:10414 unknown command 0 07:38:17 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r0, 0x65, 0x1, &(0x7f0000000080), 0x1d0) close(r0) 07:38:17 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) syz_open_procfs(0x0, &(0x7f0000000100)='mounts\x00') epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000a80)='./file0\x00', &(0x7f0000000a40)='ramfs\x00', 0x0, &(0x7f0000000b80)) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='bpf\x00', 0x2000000, &(0x7f0000000200)={[{@mode={'mode', 0x3d, 0x2}, 0x2c}, {@mode={'mode', 0x3d}, 0x2c}, {@mode={'mode', 0x3d}, 0x2c}, {@mode={'mode', 0x3d, 0xffff}, 0x2c}]}) mount$9p_xen(&(0x7f0000000000)='reiser/s\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x20, &(0x7f00000001c0)={'trans=xen,'}) 07:38:17 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025cc80a2b345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r2 = socket(0xa, 0x1, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x3, 0x0) recvmmsg(r3, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000001740), 0x0, &(0x7f0000001800)=""/151, 0x97}}], 0x1, 0x0, &(0x7f0000001900)={0x77359400}) sendmsg$nl_crypto(r3, &(0x7f0000000300)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)=@upd={0xe0, 0x12, 0x301, 0x0, 0x0, {{'\nrc32\x00'}}}, 0xe0}, 0x1}, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f00000002c0)={@dev={0xac, 0x14, 0x14}, @local={0xac, 0x14, 0x14, 0xaa}}, 0x359) 07:38:17 executing program 6: r0 = memfd_create(&(0x7f0000000040)="00000600000000000000", 0x0) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000006f0200000000000040000000000000000000000000000000000000000000380003"], 0x39) getpeername$netlink(r0, &(0x7f0000000080), &(0x7f00000000c0)=0xc) getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f0000000280), &(0x7f0000000500), 0x1000) accept4$nfc_llcp(r0, &(0x7f0000000100), &(0x7f0000000200)=0x60, 0x804) 07:38:17 executing program 4: r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000200)=0x14) bind(r0, &(0x7f00000002c0)=@vsock={0x28, 0x0, 0xffffffff, @reserved=0x1}, 0x13) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000000040)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000000)) ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) flistxattr(r0, &(0x7f0000000340)=""/249, 0xf9) [ 647.819320] binder: 10411:10414 ioctl c0306201 20000080 returned -22 [ 647.849225] binder: BINDER_SET_CONTEXT_MGR already set [ 647.857270] binder: 10411:10414 ioctl 40046207 0 returned -16 07:38:17 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) syz_emit_ethernet(0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="500000003578000030aa55b75d5780aa4abcba7581520dd7691406ae6675b3156b91d0e5167d9dc78d95129932ff5e43ba414af3c1718caf074f3ada7c6b3488e546114eb91c3b96c13e32e4bdd5b71529d95d622c20cfbd498ff80ae62b87dbe887c4bcdaa947fa712d86b71f55cbd158e6c997a88abb2753bae9e2807a6bc45e991dab50c8a37fc787aaddb1a3c839ea0224a4ae53d8cc698bb0ff4d688548b9a70807c8eb9606bbc5688d0cb5755a814c4f145dd4635f8bfe1d6a59b70fc3bcbf1a5170bd19e59629730513"], &(0x7f00000000c0)) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[], 0xfffffe0e) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0xa7b6, 0x2000) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f0000000140)={'filter\x00', 0xfc, "92545f26f886f26825ccbd0040c7036fa83a568d9c6f56d94b60e112fae59e88274f8d04a01535d5c3c0f4811011f72b82c1e7952233b698c5ecf3ac60a8e3f0c19ea5f117942e0191043835f487fcf67c80dd0437c335fd440d20991196695c2901099726a49031ee348d0ffd0a2db0bc4e3274213cfdb8098919c397cd18a593ec23be57da84dba1b2c82ad14254cd023a03ff7cef36210e6e4ea28b8afa0e4e8aecc59187a39be90a1361572c56176ecdecd6dd6749463e9da6421cd216ad24ff604c4f57b5b78e8ef8e76412c8d4a1736d253f4dd0daf746f7f825f8cb09b390fe28cf42f845fc5ec8e571aa21b97089e2379c725e29028910af"}, &(0x7f0000000080)=0x120) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000340)={{{@in, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000000440)=0xe8) mount$9p_xen(&(0x7f0000000280)='filter\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x20000, &(0x7f0000000480)={'trans=xen,', {[{@version_L='version=9p2000.L', 0x2c}, {@afid={'afid', 0x3d, 0x400}, 0x2c}, {@cache_none='cache=none', 0x2c}, {@access_uid={'access', 0x3d, r3}, 0x2c}, {@uname={'uname', 0x3d, '/dev/ptmx\x00'}, 0x2c}]}}) 07:38:17 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000880)=ANY=[@ANYBLOB="6e617400000000000005000000000000000000000000000000000000000000001b0000000500000010050000c801000010040000ffffffff20050000200500006006000060060070ffffffff6006000060060000050000009166351167b10df4c7ab1976dcd414900aea6e943ff4cfceaf99b1fd6957af9657eb22c146fef93a15322b47582f3189", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000800000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000"], @ANYBLOB="fe8000000000000000000000000000bb00000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000065716c000000000000000000000000006970366772657461703000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c80010010000000000000000000000000000000000000000000000004800534e4154000000000000000000000000000000000000000000000000000100000000e0000001000000000000000000000000ac1414bb000000000000000000000000000000000000000000000000000000000000000100000000000000000000ffffe00000010000000000000000000000000000000000000000000000000000000000000000626f6e645f736c6176655f3100000000626f6e645f736c6176655f300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c800100100000000000000000000000000000000000000000000000048005245444952454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c80010010000000000000000000000000000000000000000000000004800534e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001fe8000000000000000000000000000bb0000000000000000000000000000000000000000000000000000000000000000677265746170300000000000000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c800100100000000000000000000000000000000000000000000000048004d41535155455241444500000000000000000000000000000000000000000000000000000000000000000000000000000000ac141400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x570) close(r2) close(r1) 07:38:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x500, &(0x7f0000000400)}) [ 647.883895] binder: 10411:10437 unknown command 0 [ 647.884847] binder: 10411:10414 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 647.917300] binder: 10411:10437 ioctl c0306201 20000080 returned -22 [ 647.993377] binder: 10464:10465 unknown command 0 [ 648.004508] binder: 10464:10465 ioctl c0306201 20000080 returned -22 [ 648.011915] binder: BINDER_SET_CONTEXT_MGR already set [ 648.017788] binder: 10464:10465 ioctl 40046207 0 returned -16 [ 648.025367] binder: 10464:10465 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 648.025374] binder: 10464:10468 unknown command 0 [ 648.025390] binder: 10464:10468 ioctl c0306201 20000080 returned -22 [ 648.698477] netlink: 192 bytes leftover after parsing attributes in process `syz-executor0'. 07:38:18 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xfffffffffffffffd) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:18 executing program 3: r0 = getegid() getgroups(0x6, &(0x7f0000000040)=[0xffffffffffffffff, 0xffffffffffffffff, 0xee01, 0xee01, 0xee01, 0xffffffffffffffff]) getgroups(0x8, &(0x7f00000000c0)=[0xee01, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xee00, 0xffffffffffffffff]) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000002c0)=0x0, &(0x7f0000000300), &(0x7f0000000340)) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) setgroups(0x8, &(0x7f0000000400)=[r0, r1, r2, r3, r4, r5, r6, r7]) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) ioctl$TUNDETACHFILTER(r8, 0x400454dc, 0x70a000) r9 = syz_open_dev$sndpcmp(&(0x7f0000000440)='/dev/snd/pcmC#D#p\x00', 0x7, 0x2) ioctl$TIOCSSOFTCAR(r9, 0x541a, &(0x7f0000000480)=0xcf14) 07:38:18 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r2, 0x4018ae51, &(0x7f0000000240)={0x2, 0x10000, 0x80000000}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='schedstat\x00') ioctl$sock_inet_sctp_SIOCINQ(r3, 0x541b, &(0x7f0000000200)) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000001e000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000140)="b805000000b9008000000f01c1f080a4b000600000000fc3180f09c744240000000000c744240200080000c7442406000000000f0114240f08f3a5650f050f20da0f01cf", 0x44}], 0x1, 0x1, &(0x7f0000000380), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000020000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000000)="f2a766ba610066ed48b813c4830f000000000f23d00f21f835300000000f23f866ba2000edc441175d392e67450f01cb0fc72cbe67400f001066ba4100b0a8ee36420f015900", 0x46}], 0x1, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:38:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x338e8, &(0x7f0000000400)}) 07:38:18 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8971, &(0x7f0000000000)={'dummy0\x00', @ifru_addrs=@ethernet={0x1, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000db4000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000008000c0004000000cf1b482629c5cf11d83529711ac10131bfe4e96c9ba140b2a34377ba31974256eabdd778cbcd508eb416d49ed335f601b16c240526a219df5bf15a3978c6597e83433bdcc655fff81b0d0603a4e595a54542ebf72cd5e9c0c9d5eb48210b183d88f7effd5439ef486454b70536aad8a0c1c54137fd77fea9b0f2872e446b86aa2adc26f33d3de0db76e85b6517d522411658831633e614aab741b62e68fff3f1682638c0050bebaac5691f29d23b6fa4fa7dd0629b368d7a291f80291d19a65b9cb58c881a86d48806669efdd5779d201a1eb8b1db0fe9d05331cf68dfe3ef0565b6fe4c3b8fa5baefcfc284ede8ce11394c498e71ed7a534054e8249b0b6f440f182f48b6b4ea49c05b4b6ac973fe4dfc2533471b085eddd5ec10fac3c11d27702017b319745a856ad719c6b4154c0a02e16b8d2e2ff7b7cdc5dd93b02ef609b55ee2325f4fbb4d3a3d0819"], 0x28}, 0x1}, 0x0) 07:38:18 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070") socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000240)='pids.events\x00', 0x0, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000040)={&(0x7f00000002c0)={0x124, 0x3c, 0x0, 0x70bd2c, 0x3f, {0x20}, [@nested={0xf4, 0xe, [@generic="d1797cf8681364d6a5c368d13fea", @typed={0x8, 0x28, @str='\x00'}, @generic="e4b5a20c0e53287170da43ac185d98499b27d563b80a424c3fff1aa21cb14110f8454aa97240a86e15f959cf5d0411da9c6d1a06fac82abd58e3a9ffa1d0d9e0d3d329b35cf1d2b56f1559e9a2058fdd00f141eef14d426690c1d4cb311756da1a1de9a3e79bae00bc7b6300357fa07d9ea57adc870e9ac0c512be4850d62c621edf7ac0f7fcc31a6bcd21aaa0e30d3627665eeb79a47e6f2e698678f34cc597d0402525cda81e4a5ec4bea09da8e2a6ca", @generic="92d1dcf00c4bea42b80eeb8df02c4e09c9fb232b63", @typed={0x14, 0x83, @ipv6=@ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}}]}, @nested={0x1c, 0x54, [@typed={0x8, 0x3f, @fd=r3}, @typed={0x10, 0x16, @str="73797374656d9b6c6f00"}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendfile(r1, r3, &(0x7f0000000280), 0x33fe0) 07:38:18 executing program 6: r0 = gettid() timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000)) syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x6, 0x662cc1) r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) read(r1, &(0x7f00000001c0)=""/105, 0x3ef) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0x9205, 0x0) getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0) setgid(r2) tkill(r0, 0x13) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r0, 0x22) [ 648.811407] binder: 10487:10488 unknown command 0 [ 648.826439] binder: 10487:10488 ioctl c0306201 20000080 returned -22 07:38:18 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x200, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000140)={0x3, 'sit0\x00', 0x2}, 0x18) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x7, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r2) 07:38:18 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0x14040004) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000000)=0xfff, 0xffffffffffffff9c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}], 0x1c) sendto$inet6(r1, &(0x7f00000007fa)="97", 0x1, 0x0, &(0x7f00006f9000)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 648.852831] binder: BINDER_SET_CONTEXT_MGR already set [ 648.860491] binder: 10487:10488 ioctl 40046207 0 returned -16 [ 648.876908] binder: 10487:10502 unknown command 0 [ 648.885330] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.886684] binder: 10487:10502 ioctl c0306201 20000080 returned -22 07:38:18 executing program 4: perf_event_open(&(0x7f00000007c0)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$xfs(&(0x7f0000000080)='xfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00800000005b480800000000332988b0f01f39a41e2745cfa7872c72f14376b9411b3d4d201dabbdc58128aaebccb6ad39a9be9f069d337229abcaf9c59f465fe4db037ea616a1410c57df9fc511b9325cdf8ffa16b71e68c115720215f0df757517ab38977712146b8c3c6eb572c689a952445f40698a05216cad130a7a373d6a23a62e96ed45345b09cf38d86a1484"]) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x2000, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000040)={0x0}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={r1, 0x1}, 0x8) 07:38:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xb80b000000000000, &(0x7f0000000400)}) 07:38:18 executing program 7: stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000001c0), &(0x7f0000000140), &(0x7f0000000280)=0x0) chown(&(0x7f0000000000)='./file0\x00', r0, r1) syz_read_part_table(0xfbfffffffffffffd, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)='ER\b', 0x3, 0x40000000000}]) [ 648.891737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 648.970752] binder: 10520:10521 unknown command 0 07:38:19 executing program 0: mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) 07:38:19 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$inet6(0xa, 0x1, 0x100) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x9}, 0x1c) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xc0, 0x8001) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f00000002c0)={0x0, 0xb4d7, 0x4e, &(0x7f0000000240)=0x8}) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000001c0)}, 0xc100) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xfffffffffffffecc, &(0x7f0000000000), 0x0, &(0x7f0000000280)}, 0x0) readahead(r0, 0x747, 0x100000000) r3 = openat$md(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/md0\x00', 0x28080, 0x0) ioctl$IOC_PR_REGISTER(r3, 0x401870c8, &(0x7f0000000200)={0xcf1, 0x0, 0x1}) getsockopt$inet6_opts(r1, 0x29, 0x0, &(0x7f0000000100)=""/133, &(0x7f0000000080)=0x85) [ 648.993721] binder: 10520:10521 ioctl c0306201 20000080 returned -22 [ 649.002083] binder: BINDER_SET_CONTEXT_MGR already set [ 649.003190] XFS (loop4): Invalid superblock magic number [ 649.007612] binder: 10520:10521 ioctl 40046207 0 returned -16 07:38:19 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r2 = getpgrp(0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=0x0) kcmp(r2, r3, 0x3, r0, r0) r4 = socket(0xa, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88) setsockopt$inet_group_source_req(r1, 0x0, 0x12, &(0x7f00000002c0)={0x9, {{0x2, 0x0, @multicast2=0xe0000002}}, {{0x2, 0x0, @multicast1=0xe0000001}}}, 0x108) [ 649.060334] binder: 10520:10535 unknown command 0 07:38:19 executing program 3: io_setup(0xb7, &(0x7f0000000180)=0x0) io_getevents(r0, 0x1, 0x1, &(0x7f0000d83f60)=[{}], &(0x7f00005cfff0)={0x4000000000001, 0x7}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x90100, 0x0) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000140), &(0x7f00000001c0)=0x4) io_destroy(r0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x101001, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) ioctl$sock_SIOCGIFCONF(r2, 0x8910, &(0x7f00000000c0)=@req={0x28, &(0x7f0000000080)={'veth1_to_team\x00', @ifru_mtu=0x10001}}) setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x41, &(0x7f0000000040)={'security\x00', 0x1000000000000084}, 0xa) [ 649.083593] binder: 10520:10521 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 649.092219] XFS (loop4): Invalid superblock magic number [ 649.102214] binder: 10520:10535 ioctl c0306201 20000080 returned -22 [ 649.831047] FAULT_FLAG_ALLOW_RETRY missing 30 [ 649.835628] CPU: 0 PID: 10501 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 649.844098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 649.853432] Call Trace: [ 649.856006] dump_stack+0x1c9/0x2b4 [ 649.859618] ? dump_stack_print_info.cold.2+0x52/0x52 [ 649.864805] ? kasan_check_write+0x14/0x20 [ 649.869027] ? do_raw_spin_lock+0xc1/0x200 [ 649.873268] handle_userfault.cold.33+0x47/0x62 [ 649.877939] ? userfaultfd_ioctl+0x5430/0x5430 [ 649.882519] ? trace_hardirqs_on+0x10/0x10 [ 649.886743] ? trace_hardirqs_on+0x10/0x10 [ 649.890961] ? update_load_avg+0x1455/0x27d0 [ 649.895361] ? trace_hardirqs_on+0x10/0x10 [ 649.899588] ? userfaultfd_ctx_put+0x810/0x810 [ 649.904163] ? rb_erase_cached+0xc82/0x32c0 [ 649.908480] ? trace_hardirqs_on+0x10/0x10 [ 649.912727] ? trace_hardirqs_on_caller+0x540/0x5c0 [ 649.917750] ? rb_next+0x140/0x140 [ 649.921280] ? rb_erase+0x3550/0x3550 [ 649.925076] ? lock_acquire+0x1e4/0x540 [ 649.929042] ? cpuacct_charge+0x2eb/0x5d0 [ 649.933195] ? __update_load_avg_se+0x65d/0xb80 [ 649.937849] ? trace_hardirqs_on+0x10/0x10 [ 649.942079] ? __update_load_avg_cfs_rq+0x50f/0x990 [ 649.947106] ? update_cfs_rq_load_avg.part.66+0x18c/0x2e0 [ 649.952632] ? lock_acquire+0x1e4/0x540 [ 649.956604] ? __handle_mm_fault+0x3a38/0x44a0 [ 649.961195] ? lock_downgrade+0x8f0/0x8f0 [ 649.965346] ? kasan_check_read+0x11/0x20 [ 649.969480] ? do_raw_spin_unlock+0xa7/0x2f0 [ 649.973894] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 649.978479] ? kasan_check_write+0x14/0x20 [ 649.982695] ? do_raw_spin_lock+0xc1/0x200 [ 649.986927] __handle_mm_fault+0x3a45/0x44a0 [ 649.991328] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 649.996159] ? reweight_entity+0x7ed/0x1100 [ 650.000475] ? lock_release+0xa30/0xa30 [ 650.004433] ? lock_acquire+0x1e4/0x540 [ 650.008395] ? handle_mm_fault+0x417/0xc80 [ 650.012621] ? lock_downgrade+0x8f0/0x8f0 [ 650.016758] ? lock_release+0xa30/0xa30 [ 650.020721] ? rcu_note_context_switch+0x730/0x730 [ 650.025644] ? mem_cgroup_from_task+0xcb/0x1f0 [ 650.030217] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 650.034983] handle_mm_fault+0x53e/0xc80 [ 650.039046] ? __handle_mm_fault+0x44a0/0x44a0 [ 650.043611] ? find_vma+0x34/0x190 [ 650.047132] __do_page_fault+0x620/0xe50 [ 650.051189] ? mm_fault_error+0x380/0x380 [ 650.055322] do_page_fault+0xf6/0x8c0 [ 650.059111] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 650.064544] ? vmalloc_sync_all+0x30/0x30 [ 650.068683] ? lock_acquire+0x1e4/0x540 [ 650.072653] ? __might_fault+0x12b/0x1e0 [ 650.076697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 650.081533] page_fault+0x1e/0x30 [ 650.084976] RIP: 0010:__get_user_4+0x21/0x30 [ 650.089359] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 650.108489] RSP: 0018:ffff880190e97538 EFLAGS: 00010202 [ 650.113839] RAX: 0000000020013e98 RBX: 1ffff100321d2eae RCX: ffffc90005630000 [ 650.121105] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 650.128360] RBP: ffff880190e97cb8 R08: 1ffff100321d2e84 R09: 0000000000000000 [ 650.135607] R10: ffffed00331226e1 R11: ffff88019891370b R12: ffff880198913680 [ 650.142864] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 650.150121] ? __might_fault+0x1a3/0x1e0 [ 650.154182] ? sctp_setsockopt+0x1e13/0x6db0 [ 650.158579] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 650.164272] ? migrate_swap_stop+0x850/0x850 [ 650.168664] ? kasan_check_write+0x14/0x20 [ 650.172885] ? trace_hardirqs_on+0x10/0x10 [ 650.177105] ? __account_cfs_rq_runtime+0x770/0x770 [ 650.182111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 650.187627] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 650.192975] ? update_load_avg+0x27d0/0x27d0 [ 650.197377] ? perf_event_update_userpage+0xd30/0xd30 [ 650.202555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 650.208071] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 650.213242] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 650.217644] ? alloc_empty_file+0x72/0x170 [ 650.221865] ? run_rebalance_domains+0x4c0/0x4c0 [ 650.226606] ? finish_task_switch+0x1d3/0x870 [ 650.231082] ? lock_downgrade+0x8f0/0x8f0 [ 650.235213] ? finish_task_switch+0x18a/0x870 [ 650.239703] ? lock_acquire+0x1e4/0x540 [ 650.243678] ? __fget+0x4ac/0x740 [ 650.247130] ? lock_downgrade+0x8f0/0x8f0 [ 650.251278] ? lock_release+0xa30/0xa30 [ 650.255241] ? trace_hardirqs_on+0xd/0x10 [ 650.259372] ? _raw_spin_unlock_irq+0x27/0x70 [ 650.263854] ? finish_task_switch+0x18a/0x870 [ 650.268333] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 650.273762] ? __fget+0x4d5/0x740 [ 650.277206] ? ksys_dup3+0x690/0x690 [ 650.280904] ? __schedule+0x884/0x1ea0 [ 650.284780] ? __fget_light+0x2f7/0x440 [ 650.288830] ? fget_raw+0x20/0x20 [ 650.292265] ? get_unused_fd_flags+0x1a0/0x1a0 [ 650.296828] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 650.302344] ? schedule+0xfb/0x450 [ 650.305872] ? alloc_file+0x430/0x430 [ 650.309673] sock_common_setsockopt+0x9a/0xe0 [ 650.314169] __sys_setsockopt+0x1c5/0x3b0 [ 650.318305] ? kernel_accept+0x310/0x310 [ 650.322346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 650.327879] ? syscall_slow_exit_work+0x500/0x500 [ 650.332704] __x64_sys_setsockopt+0xbe/0x150 [ 650.337092] do_syscall_64+0x1b9/0x820 [ 650.340959] ? finish_task_switch+0x1d3/0x870 [ 650.345434] ? syscall_return_slowpath+0x5e0/0x5e0 [ 650.350344] ? syscall_return_slowpath+0x31d/0x5e0 [ 650.355263] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 650.360270] ? prepare_exit_to_usermode+0x291/0x3b0 [ 650.365278] ? perf_trace_sys_enter+0xb10/0xb10 [ 650.369937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 650.374763] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 650.379929] RIP: 0033:0x455ab9 [ 650.383093] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 650.402272] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 650.409960] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 650.417211] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 650.424466] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 650.431716] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 650.438966] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:20 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x8200, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000200)="0f2334660f38821666ba210066ed66baf80cb8a804ab89ef66bafc0ced0f20c035000000800f22c0b8010000000f01c1b9800000c00f3235000100000f30400f07e4a9460f01df", 0x47}], 0x1, 0x0, &(0x7f0000000180), 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$TIOCMBIS(r3, 0x5416, &(0x7f0000000040)=0x9) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4068aea3, &(0x7f00000000c0)={0x7b, 0x0, [0x4, 0x5, 0x2, 0x5]}) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r4, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r5, 0x0, &(0x7f0000000000)) ioctl$sock_bt_hci(r5, 0x40800448d4, &(0x7f0000000040)) 07:38:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x9631040, &(0x7f0000000400)}) 07:38:20 executing program 4: socketpair(0x9, 0x80002, 0x2, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f00000001c0)="2d37fa41c9d6bfb522ad2d918804182f5adb10795f7b158c88f21b048fe45f2fc9f9f300b82754390bdfbfda41d8fd6bf0b36147d5e6cf1a69bd8ba13d8651fa20cb63e5bc7bc08f6acf5d8f2bfc85c3f94135df69d25fbcb50bccd11d2c7425c232028efd0aae0d0e97c5d1f48dc903b8c884022076f08115e08193fbb7e36fa17139799c1c47fb68b35760f46333450536ec") r2 = dup3(r0, r0, 0x80000) r3 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x2, 0x0) ioctl$KDGETKEYCODE(r4, 0x4b4c, &(0x7f00000002c0)={0x3, 0xe5}) ioctl$TIOCGWINSZ(r2, 0x5413, &(0x7f00000014c0)) ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r3) r5 = socket$inet6(0xa, 0x1000000000002, 0x0) getsockopt$bt_hci(r4, 0x0, 0x2, &(0x7f0000000400)=""/4096, &(0x7f0000001400)=0x1000) ioctl(r5, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") mq_timedreceive(r4, &(0x7f0000000300)=""/167, 0xa7, 0xeccf, &(0x7f00000003c0)={0x0, 0x1c9c380}) r6 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffb000/0x2000)=nil) shmctl$SHM_UNLOCK(r6, 0xc) setsockopt$inet6_opts(r2, 0x29, 0x37, &(0x7f0000001440)=@routing={0x6c, 0xc, 0x0, 0xfffffffffffffffb, 0x0, [@remote={0xfe, 0x80, [], 0xbb}, @loopback={0x0, 0x1}, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}, @mcast1={0xff, 0x1, [], 0x1}, @local={0xfe, 0x80, [], 0xaa}]}, 0x68) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f0000000040)=0x0) ioctl$sock_FIOSETOWN(r5, 0x8901, &(0x7f0000000080)=r7) fstatfs(0xffffffffffffffff, &(0x7f00000000c0)=""/10) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 07:38:20 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="025cc83d6d345f8f762070") socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f000000bfc8)={&(0x7f0000000000)=@nl=@proc={0x10}, 0x80, &(0x7f0000002000)=[{&(0x7f0000001000)="5500000018007fafb72d1cb2a4a280930206020200a84309c02623692500160000c90200f0ff56039848a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83de448daa7227c43ab8220000bf0cec6bab91d4", 0x55}], 0x1, &(0x7f0000004000)}, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0xd0a7, 0x100) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r2, 0x800455d1, &(0x7f00000000c0)) 07:38:20 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r2 = dup2(r0, r0) write$P9_RREADLINK(r2, &(0x7f00000002c0)={0x10, 0x17, 0x3, {0x7, './file0'}}, 0x10) bind$vsock_dgram(r2, &(0x7f00000003c0)={0x28, 0x0, 0x0, @reserved=0x1}, 0x10) ioctl$sock_bt_hci(r2, 0xc00448df, &(0x7f0000000300)="175efd7b9b3701067bfd47e17b3d49cbb997360c06636c8eaa656dc6ebb9d864abe36df818d49b8153a754a479ec836bb239bcef519db6ff6d975350b587e47b4c4b0bd9e83e185947072f5dc9a4bd91d7d1f4ed60b4f594c39218778547b9be04b282b6d0f2b6a79a0b0beca45f9bc87ddb36efd5b9ed7fd32ff4c26383a7872a2bb83986d836cb5f8ea8dd2a2aa50269") r3 = accept(r1, &(0x7f0000000080)=@xdp, &(0x7f0000000140)=0x80) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000180)='fou\x00') ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000440)=@add_del={0x2, &(0x7f0000000400)='ip6_vti0\x00', 0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r4, 0x32a, 0x70bd2b, 0x25dfdbfb, {0x2}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_IPPROTO={0x8, 0x3}, @FOU_ATTR_TYPE={0x8, 0x4}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x1) [ 650.729001] binder: 10593:10594 unknown command 0 [ 650.754402] binder: 10593:10594 ioctl c0306201 20000080 returned -22 [ 650.767348] binder: BINDER_SET_CONTEXT_MGR already set [ 650.772980] binder: 10593:10594 ioctl 40046207 0 returned -16 [ 650.781758] binder: 10593:10607 unknown command 0 [ 650.786940] binder: 10593:10607 ioctl c0306201 20000080 returned -22 [ 651.740008] FAULT_FLAG_ALLOW_RETRY missing 30 [ 651.744580] CPU: 1 PID: 10606 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 651.753069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 651.762400] Call Trace: [ 651.764982] dump_stack+0x1c9/0x2b4 [ 651.768606] ? dump_stack_print_info.cold.2+0x52/0x52 [ 651.773804] ? rb_erase+0x3550/0x3550 [ 651.777592] handle_userfault.cold.33+0x47/0x62 [ 651.782257] ? plist_check_list+0x7e/0xa0 [ 651.786387] ? plist_check_list+0xa0/0xa0 [ 651.790524] ? lock_acquire+0x1e4/0x540 [ 651.794494] ? userfaultfd_ioctl+0x5430/0x5430 [ 651.799063] ? trace_hardirqs_on+0x10/0x10 [ 651.803281] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 651.808625] ? plist_del+0x4a1/0x9d0 [ 651.812320] ? perf_event_update_userpage+0xd30/0xd30 [ 651.817492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 651.823011] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 651.828188] ? cgroup_rstat_updated+0xe6/0x470 [ 651.832768] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 651.837163] ? update_curr+0x200/0xc00 [ 651.841032] ? reweight_entity+0x1100/0x1100 [ 651.845427] ? trace_hardirqs_on+0x10/0x10 [ 651.849646] ? kasan_check_read+0x11/0x20 [ 651.853784] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 651.858362] ? compat_start_thread+0x80/0x80 [ 651.862756] ? lock_acquire+0x1e4/0x540 [ 651.866713] ? __handle_mm_fault+0x3a38/0x44a0 [ 651.871289] ? lock_downgrade+0x8f0/0x8f0 [ 651.875422] ? kasan_check_read+0x11/0x20 [ 651.879554] ? do_raw_spin_unlock+0xa7/0x2f0 [ 651.883943] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 651.888512] ? kasan_check_write+0x14/0x20 [ 651.892741] ? do_raw_spin_lock+0xc1/0x200 [ 651.896961] __handle_mm_fault+0x3a45/0x44a0 [ 651.901356] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 651.906179] ? __sched_text_start+0x8/0x8 [ 651.910309] ? kasan_check_read+0x11/0x20 [ 651.914442] ? lock_acquire+0x1e4/0x540 [ 651.918399] ? handle_mm_fault+0x417/0xc80 [ 651.922614] ? lock_downgrade+0x8f0/0x8f0 [ 651.926745] ? lock_release+0xa30/0xa30 [ 651.930701] ? mem_cgroup_from_task+0xcb/0x1f0 [ 651.935263] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 651.940004] handle_mm_fault+0x53e/0xc80 [ 651.944052] ? __handle_mm_fault+0x44a0/0x44a0 [ 651.948616] ? find_vma+0x34/0x190 [ 651.952141] __do_page_fault+0x620/0xe50 [ 651.956191] ? mm_fault_error+0x380/0x380 [ 651.960324] do_page_fault+0xf6/0x8c0 [ 651.964119] ? vmalloc_sync_all+0x30/0x30 [ 651.968250] ? schedule+0xfb/0x450 [ 651.971785] ? lock_acquire+0x1e4/0x540 [ 651.975740] ? __might_fault+0x12b/0x1e0 [ 651.979785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 651.984610] page_fault+0x1e/0x30 [ 651.988048] RIP: 0010:__get_user_4+0x21/0x30 [ 651.992429] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 652.011594] RSP: 0018:ffff8801b318f538 EFLAGS: 00010202 [ 652.016941] RAX: 0000000020013e98 RBX: 1ffff10036631eae RCX: ffffc90005630000 [ 652.024193] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 652.031442] RBP: ffff8801b318fcb8 R08: 1ffff10036631e84 R09: 0000000000000000 [ 652.038705] R10: ffffed0039dd2ae9 R11: ffff8801cee9574b R12: ffff8801cee956c0 [ 652.045956] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 652.053324] ? __might_fault+0x1a3/0x1e0 [ 652.057380] ? sctp_setsockopt+0x1e13/0x6db0 [ 652.061772] ? get_futex_value_locked+0xcb/0xf0 [ 652.066424] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 652.072120] ? trace_hardirqs_on+0x10/0x10 [ 652.076335] ? futex_wake+0x760/0x760 [ 652.080120] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 652.085295] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 652.090812] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 652.095895] ? futex_wait+0x5d2/0xa20 [ 652.099691] ? futex_wait_setup+0x410/0x410 [ 652.103999] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 652.109182] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 652.114715] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 652.119801] ? futex_wake+0x304/0x760 [ 652.123602] ? lock_acquire+0x1e4/0x540 [ 652.127559] ? percpu_ref_put_many+0x119/0x240 [ 652.132121] ? lock_downgrade+0x8f0/0x8f0 [ 652.136254] ? lock_acquire+0x1e4/0x540 [ 652.140211] ? __fget+0x4ac/0x740 [ 652.143657] ? lock_downgrade+0x8f0/0x8f0 [ 652.147801] ? lock_release+0xa30/0xa30 [ 652.151761] ? lockdep_init_map+0x9/0x10 [ 652.155818] ? exit_robust_list+0x290/0x290 [ 652.160121] ? __mutex_init+0x1f7/0x290 [ 652.164079] ? __ia32_sys_membarrier+0x150/0x150 [ 652.168829] ? kasan_unpoison_shadow+0x35/0x50 [ 652.173408] ? __fget+0x4d5/0x740 [ 652.176848] ? ksys_dup3+0x690/0x690 [ 652.180553] ? lock_acquire+0x1e4/0x540 [ 652.184509] ? __fd_install+0x2b2/0x880 [ 652.188466] ? lock_downgrade+0x8f0/0x8f0 [ 652.192601] ? select_collect+0x610/0x610 [ 652.196746] ? lock_release+0xa30/0xa30 [ 652.200711] ? __fget_light+0x2f7/0x440 [ 652.204677] ? fget_raw+0x20/0x20 [ 652.208112] ? get_unused_fd_flags+0x1a0/0x1a0 [ 652.212690] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 652.218212] ? alloc_file_pseudo+0x281/0x3f0 [ 652.222614] ? alloc_file+0x430/0x430 [ 652.226401] sock_common_setsockopt+0x9a/0xe0 [ 652.230879] __sys_setsockopt+0x1c5/0x3b0 [ 652.235008] ? kernel_accept+0x310/0x310 [ 652.239053] ? do_futex+0x27d0/0x27d0 [ 652.242836] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 652.248352] ? fput+0x130/0x1a0 [ 652.251614] __x64_sys_setsockopt+0xbe/0x150 [ 652.256007] do_syscall_64+0x1b9/0x820 [ 652.259879] ? syscall_return_slowpath+0x5e0/0x5e0 [ 652.264791] ? syscall_return_slowpath+0x31d/0x5e0 [ 652.269705] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 652.274707] ? prepare_exit_to_usermode+0x291/0x3b0 [ 652.279706] ? perf_trace_sys_enter+0xb10/0xb10 [ 652.284356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 652.289188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 652.294361] RIP: 0033:0x455ab9 [ 652.297527] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 652.316693] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 652.324382] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 652.331644] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 07:38:22 executing program 6: r0 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x2, 0xffffffffffffffff, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x111c00) write$P9_RXATTRWALK(r2, &(0x7f0000000100)={0xf, 0x1f, 0x1, 0x4606}, 0xf) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000000)={'ip6_vti0\x00', {0x2, 0x4e22, @multicast2=0xe0000002}}) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) clone(0x0, &(0x7f0000000100), &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000040)) 07:38:22 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000001a40)) unlink(&(0x7f00000000c0)='./control/file0\x00') r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000280)={'#! ', './control/file1', [{0x20, ')vmnet1)'}, {0x20, '-user'}, {0x20, 'ppp0vboxnet0md5sumposix_acl_access-posix_acl_accessloppp1'}, {0x20, 'user)'}, {0x20, 'lowlan0+trustedcselinux,)ppp1'}, {0x20}, {0x20, '!@/)!*trusted,-posix_acl_access'}], 0xa, "04e87697689e604af8617ee586b3fb6634fd8267cf01f7c7ce08912ef22be6a542b7744d30105de3fe3fbea0e7cd35a786f01a36789da9d24be2e1edb7c9c33396e498b1a58eabb3411b341096696ea8015831a7985c43cfcc7bfe90c4f69cc8a27e307d865e890ff49b95dcf906d2b434fc5d4558d5f3b0c54074ec9875b80bdf6ef9f4af29d04ece77fae0763805bdfe2220013eff9fc7cc0e4ba812cbdd0abceaea2c325f5bac492246a35ebe23c1c4a48a948cc272423017c7dcf4cef9ecf72a7a87b4ce"}, 0x167) process_vm_readv(r4, &(0x7f0000001740)=[{&(0x7f0000000100)=""/87, 0x57}, {&(0x7f0000000400)=""/39, 0x27}, {&(0x7f0000000440)=""/178, 0xb2}, {&(0x7f0000000500)=""/117, 0x75}, {&(0x7f0000000580)=""/65, 0x41}, {&(0x7f0000000600)=""/22, 0x16}, {&(0x7f0000000640)=""/13, 0xd}, {&(0x7f0000000680)=""/168, 0xa8}, {&(0x7f0000000740)=""/4096, 0x1000}], 0x9, &(0x7f0000001a80)=[{&(0x7f0000001800)=""/192, 0xc0}, {&(0x7f00000018c0)=""/34, 0x22}, {&(0x7f0000001900)=""/155, 0x9b}, {&(0x7f00000019c0)=""/115, 0x73}, {&(0x7f0000001a40)}], 0x5, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x400c630f, &(0x7f0000000400)}) 07:38:22 executing program 3: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) fallocate(r0, 0x0, 0x0, 0x10001) lseek(r0, 0x0, 0x2) r1 = open(&(0x7f0000000040)='./bus\x00', 0x81, 0x0) sendfile(r1, r0, 0x0, 0xd7c3) lseek(r0, 0x0, 0x3) 07:38:22 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) write$tun(r3, &(0x7f0000000180)={@void, @void, @ipv4={{0x16, 0x4, 0x1f, 0xfff, 0xc6, 0x68, 0x9, 0x3, 0x32, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}, @multicast2=0xe0000002, {[@noop={0x1}, @ssrr={0x89, 0xf, 0xffffffffffffffff, [@loopback=0x7f000001, @broadcast=0xffffffff, @multicast1=0xe0000001]}, @rr={0x7, 0x7, 0x8, [@empty]}, @ra={0x94, 0x6}, @rr={0x7, 0x7, 0x8080000000000, [@rand_addr=0x1]}, @ra={0x94, 0x6}, @timestamp={0x44, 0x8, 0x0, 0x1, 0x7fffffff, [{[], 0xce}]}, @generic={0x88, 0xf, "98f97024b6be9f8272730eaa09"}]}}, @dccp={{0x4e24, 0x4e20, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, 0x80, "841a6a", 0x0, "268c82"}, "9e7d9cfa363842e61bd53766afbe0daba728874222e904cdf6b2d8de09cd8aa55919a08431b8200e6c8dc3e53c39d24696ec7f8eb9bfe54960d26a6cecb3387dcb136fce25dda8f25f73bf27614c1085787dde2a1116098050825f0007a9"}}}, 0xc6) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"]) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) 07:38:22 executing program 4: r0 = socket$inet(0x10, 0x0, 0x0) recvmsg(r0, &(0x7f0000002540)={&(0x7f0000002240)=@can, 0x80, &(0x7f0000002480), 0x0, &(0x7f00000024c0)=""/123, 0x7b}, 0x0) sendmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="240000005e0007031dfffd946fa2830007000247b9a904005a4e43680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) 07:38:22 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000000)={0x1f}, 0x8) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x20000, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140)={@multicast1, @empty, 0x0}, &(0x7f0000000180)=0xc) r3 = getpgid(0x0) r4 = getpgid(0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000200)={0x0, 0x0}) fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, 0x0}) sendmsg$nl_route(r1, &(0x7f0000003a00)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000039c0)={&(0x7f0000000280)=@bridge_getlink={0x3740, 0x12, 0x204, 0x70bd29, 0x25dfdbfb, {0x7, 0x0, 0x0, r2, 0x4041, 0x1}, [@IFLA_XDP={0x15d0, 0x2b, [@nested={0x1378, 0x6e, [@generic="5d311b2cac11a5b53bd198f2d138aaf12d45d81f19a473956bfc7343b6b9aeffd33cd39153a4374ec2bc756f63ec03bd5c90e7d57d9a7ad58f365f7a969a33515a7634f27b9399f4ffb0664d3494b6218824e9064953608fa74e49a49e729960a7c8d4e10623103f73bdd3bcb5f6e6c927113628af96deea4a8ea5010bf03f2f7c2905d7", @generic="149dd32058fd78d441371e736f898210f1257e0651a08b187607cb4eae735a9d85e1d3ecb4f105700a6d1f6b06c85a120605948aec67c71418c75f96c90298c168a72e9bf965cb071db9dc8a9525298ef295d151857bd35d1cce4562ead704c046d74fcbf4a02f84cacce0b73ca0051784c30c673e2d6ec3df42254157a24e2fea2e7509867387e376ae7a4ac18748c7313e56576c7ad89e48ee03bd763f", @generic="47470b5d1309eb7e67b21fc296b85a359bfe4b1a2a52bcc5424a79b5e6b7e6c3640124dacdd6ef1b75f581a3378aabc93db5645197f4ef028c5297e753467993d7c357a781735fa95b6b89f209764427f28d322e421fceff8fdc278333b1784a7779bd9cb8d9b61cc22d58fbe12f178047fd23dba537b5dc5b221ea0a6535a4d6294f307d04032ae8a04e80623108da8b55a10286922eb2b56d8f78919e45412f6efcbdc58614d3d6d32b44a41741cb62d0ed1da55e0aaa60ee62b30dfc14f14dcd96cd9f90b4683253accc55b87fcd469b75588449f8466addbb914fa6d1c64aa5cbd291c9b5c82b445e6a21c94f7b4d43653a64925bb6dbac6f5497353ea5b45e3f6b4e13c41cbd5b699aade02f5de10273d83a026a76336b161bcb3e3bc6192ee80f474ea6b10cb2a48cd680083c1975cf9829ec35b4c4c90222db5dc40e69ad5a8358941e61d486571b18bc7dce58f4a060d61307233e62efcdd9641c506e367fd951a45dd2a9077b1a51dad870780d6f35437ec2a1092f720d38e7a241730ae4a576f5c593d00442968f407e3029cac39917a69a0d9765fe6ee2a334f01668817c61f4fec123c8d01a61ff7ce9fa09bf1d7cd9790ca66720a2e03df89ba8a4d67ce522922e2c48156b5b3efb27492e22b0c6511814e4e74e8401ff80cdea8556b468eb4a9f28619e2816e0c7421f9354924f031b424e14b0fe83bddfd9fe2702fb9715042754a455c1a7202457f2d966872883e58101138a171af9f49cd2edc1cddb225f17344eeee02c2cb67806efa2dad6338c9ad350d82eb1b97eab236a1e36d0a81390ac69752aa767c0e7e3df141230d278ad52005dbb1e54ff3232c9ba819174daedae605f19396f17760052f8227e7d70a1f75092d985c0471eb08a4b0c12b26089f06149b575e394361cd95ffe24c5f5ee58f982b7cae6d9abac5f454bb04da13fc440051f0656e5b428e99b659e6ed4e7bef63103458974146185e38aab083b453f8bf6deb5e1a5fd1b7ad290c0607057d04e322fc090e3d150985eafb4c97c00c53367a0b51ada1c138b87ed56979df00ca7ea2fb66c31e6b10c411a1863e6e21569695505d58932baeb34a85991cf7505b75763bdcc21622589970627ecfc17d4adefdfcf8ab74b3848364607c378c9e4ffd03e870de2f12dd2b234a49c0ba7ef31caf9e80134cbfe88a472c92c5eff4d0bce1c6fd60d8536234a6225f4ff3608cbab0bab4db2e044b691e4840beb1e58b47c2a5765252094f8524f71252e7d64abed79598e0c5084802274e8586725530294251349e20dd3775ca8924327da64a0149b7448a532a05cc01b6eb770df92b41dee7322a743fa98c2ed19ec318dff2a0092de2e09fc21c0cb26f96da94474b1892fc658332907f02049968604506c22d4c1603ec10d9c242166465ed71376b3925a43fa0ae084a4f7f9d24558c1c8dcc25c2f23462bf07029bdf391709d59360c49830e6121e7915829caebcfebbd2b12b292b8e36a80584a6d574001d10f1331e1df504891c08f0c9f315262912b8317f71f4e4ff28472650147cfde49cca0205eb7c7eb22e2f1843b97dd53b39392cd754c842e006eacba62f61b75f05982d2b5f5afda95ce06747d16d3132f6d47a4a8570ded3c1037d33872fdb001ce3cca9f22c8292fca92b6f31d0be9139ed82d3b8cd431d5ecf7898d8b0ae089dac26b22f0637ae7fc5aee518049a52f3ff1cd574d8a98b796e2cb316a8a9e28de91f38653253cca766cdcedd969f7a9b5be76ff036a9e5ff257fe450f9c745d49eedaafa849ea7d6cd17fe1b3e78e9b638bc2a8a129ae33da100a8658a73d07b809d007d5a347b7a1d3fac4c63ee6a0194014b23b38fb7c9cba32189a4b43a039ff4ae343868a4402def80f26c340c70476c3f6fcb97c5c2d586c5326cf427f4915b2de535134f10ed59c8d753ea1f3a326053624410a960e27a9dddd5742596aeb068b316de6539a05a2d24ff2334a9e39629230bcfb02edf45c8c409f9d081f3d762ba64a0f0b0ed27c77c48ea5af339936b2a0579427b86f15802f7c0b361f6ce48d019a6978092769bf727a40f94585de1660a343cf9e9e4f625d7b680de3bc1c14bc72bb3daff9323c5698f7f2c4bc0b5d146f75c14aa8e1c536409f4aac49d38a48f57871c74f0080883766e90d5e8a5ef85d8c8ada2cfcde9934b7214f716a45cb587d98dc9d0d24728a252c31c89cae35ef9f69787d0af4326f735b61927feb1a6e52037cccf3c8ae9e9bbfc31eb0bb220494266824453e5dfde6c78aa6c117e107a9f0f125424e987f911b4c0b61d201a97d25713893801ee5cc0b39bf7f88349562e237664164c99d430f848d9da93424d876abd4630a1251d3326dd01b41f2794ebb91ea838ddeb320c88b37249579f64c938d63e3c437a2c8725f63e7fe7a8b8a77293c9aad6d732f9ed8ece221113f9ad814b39a6fdaf86a9a7c183bc3b64b4901c6030b564570aac54588547322a9aedb657321a53a169ac63f9f5b2e254d9f305401abfed12f542e12d975606e8adb557950dc9b9b78c141ab68818ac2634578d5b88e8d184e53f7131cc8b7c05400148b97de67bf00b303be354eefd372aa05d6555ad45e2a192909d8918345b8be546b6b02035512fbd5aeadbe69050c81f107d805f915ec994a535d5f72419f3b74110bbb9ae5d58759151c13477549512f096bfd59cef585e55b5e61aac130120f9c698eeba01d4d7cfedf60e12fbe78db4593d399dd6328d7a931c717fb6ed57c040e4dba5d212279de3e0587e6aef75b6919f158f2e9967ba8549a1c3f852198aec31a6804afdc9a89df68238ef78324ddc785ea520e4308c3eeba6c70a15e2706229f4be5e278c9f2bba40abd21a4bdade1faf633efc5de6f6641fb85b965479f6981cb7adc55739b0766770ac7f2d48ce3105f05dc6206c7798ef23e1622d417152aebf8704c37a33f31853a8b81a01dbdd43500b70387bfc982535f4933e4beb81a8124ed74b562ed52ea88ce2a85a36bfb9a4acc0bf934390ca6c681875c2df4b6af3ddd0de8cbcd931acabf3808111e302e251af1c911a1ca492704b2d99c04503fc93250e787cb398c0913338ecc90322d7a3bcd108baf8a82f5b3e4e10f9ac22197b43aa38e7a49b81f956fd691564ce639fe3c6e754010072163d468840caa103ecee4d02b17eccea1926758fef027d40547bf511827789c48676e2f0940c1a83c2530a0d8ef20ace5cf6cf00199a06e0f16ab03f127412df0f9b5322181a63298fc5215424754cc8700308e843a16ff4e9a6b2e507d2877b6959017881752eb477076ee2ef34d454d7717f8e7227b605ca34591b007a2542ee956f7234f630e4bab8d33270ae7a7a0ee8997f65ab6eba0791b979ee85db1655413a3d67ff787130c0da761c5b3cf1a0c0a6d14bc81defd81c411059485637ecad3c3afff85ef3ed81eb00e60919dbbd11a892ee6e8be59d26b6ab0195e8f34c7779ef9de93974066116bce4a089f9f77b4ecc90593e80e310e8e00ddec8b575b1970d24ce132bbc147418a888785407282edd481566915c4a4302e9cb2adfeb3a203c27ddbd7f142b4ae208908985ac132b3b2dceaaf0b550ce9e2a0072c1bbb3b710e4f440d8f21808931f6af27dce8452e4c12daa91c3f77fa79dc538441a898df419e921b9f1b24e50db890b77f39ca7def1df1b4e98a894adce96fbdf69b9e2e2b767e6152d56d384d64026f75d396f4e92e3596ee1179ec9978f67d6106362901882621b7f5fcb69ef56f587958389086e6df0d638512d520e0b7e1d54ce021823f988a5f49b977503729bfef007ae17174248696326fde7990c3e0e6ffc5c93139780dabce97de5812f3d74d6f5d1b0af568de534c6f55a4cae0cf2116d3d2e17fb4c1c50c19ca4ba3f8a74a9f633a9f027b065dbd8a58e344d1be9a034c2ee224b11fab66ac2c0b5818cbc132426e93f4ab5613be63304dbb0bfe5c3fa2425e84fe825336089b643c6816b17b81dcc75b258dfbbb8ff5d9420dd09ba150d92af6230968011f930256ab0526b8f197cf7972a7634e6c4d0c7654e91edd68c3cea0b62dea2a3b6239fd96458d539b9fb7dbd47d780dd95e6f9e91f3593b05b8868f50de933036bc23fe357d7d9194ba53187764cc13244d33c76d15fe196fc0b7d9c2168dea6341c86e25f558fd45c7440daff52d94db797ef28b489946079e20e4727022136586d9614864cf6087bc23f8151886b76626b6a5c4593b6103239b028c8bea60f3c11b588a0acb2b83f88f735ea243892d1f6ec10777722e53032a14f1a9ee7c6d98b974e28d8fa48c7b15cae30ae206c16c4559e75d9338d14c3d278bfbcc352a217a564a9b76012c6b57e26d0cb351c4097940c7bf71daec6429a89de14f32fd0a8e60d75e532e9f255a816f38ce1c313e3fc4f4a9c8c8bcc4159b5163fa17fc8cc6151eafba51911b90b95fc182e7141e023129a1f0c8c499eefbd9639f08871b551ec66eebae5951db51386d1e1b3aa098878287261660e658f534167ff1082205d47edc5fb8974edea98ebba10735402b282c1c90e71b614db26ef2ca8add28ed7152012c204ae0bc668b5091abf00effdfdea96b058989344a19dd1e736df51c15fe4db164019a1a6a1ff000fd3624b1d34a6f57ab4d062827fdadec0d008d468880f677ed1fd4774eab87dc4e4ae7297d55c97d557dcda48dd88ed989e5197f393124bce043dc41a605ef482b9aceec6b156bb249e40deb0ca42218cd2c1fad71f8024ed5058b76a4beeb9ed99bd05f501f6151af4d715a0b910aaf7a384c964890b5dc0b3740b8b0e175225d583a37d2036aef5c93efa09f3ba3078b82785a7a57eb2d82a58be51489c51f2f0e605d62ef52103c7784480e6a906e2dae4d07338cb94027ae205fdb9c9754ec3e14a85acd9db9b88c65ff94d768e5dc796f4db17da9703c86c33d222fe6f093e93cb78f74bb3c21e8c1701d352e90c86823fd355d5c3b0fbfdca1abbee5e032b091cc892bfc572134b973ec809dea743efe82e7d8935c9d728113c81d2b42c7867f7fd1c11a4c7f8b40b8e9cedd9b41c5244861e2253a050191b5c9a65f463fa09bcf43927c85c013eedece21f0403bfcb6277675e0974632637149bef7bb45ec8ae0b4e97a30a1d83f90684e9d67fc62555541edaf05ee1a634c3d06831170e68d967da633fead57747844bcadba5c7ed280827d797c0bc7ebd21dabef04cb94fbb91239c9b609e6cf347305c9080c398cc134b14270af61c205b73738acaf5bee11fbed45720cebb3cbb14f86bf5168f429b70a77ff5ad42d1f5f665a5ff9fa8b9067636e7244c675cf1685ceef87af4e5b7dee50699573c412a87a4339db78f0bb7fcc7372abe618c1d5b22ed6f864c6763b657bb4fe700362f2a821a51fb46a26bf04698a780ec04372cad7a61fe073f0d1d2fd4a876047a7444a50799b40b4f4271b5d2ab38e35ebdf96b4c2a434ccb1cd8153d0875a3e48eece32fd7650be8961e5cd9bd45c6a8b7ef7ab04cbc3330361bb516740765f7e3be02adba2e39bd2ab0b6af483abbef124bbe01cf69a65c6d79253244289991a8e23f4d9452b6b3da5ee3fc35019b2f8864fc4bc30db426db12488aecb855d63f36e9492a3ec88ece09612e1ce20bbdda6b1e6a2e4ebf226b2b1b950b95d9474bd2671d4078ba0d62d21f9d4934a74cc5b026de5e26244f5f84280e117c0bb9a58eba4edfde80ca14acffe9cd119cbc28d38e870e818703448290c9b10cc35e", @generic="71b050d0d2133d91f3431646fa84a6b8e0e1e7ef21ba4687496113b3be27369bb7b9f5c97f3659d1f1f3348d054dc62eb18d1cf3dea5183465cea902fe1aab586f78345f155ddb9e8751540ce1ac98ca8b72c74e3965205325b1e656032a89a3a628b4b4304d47bf7d0e2813f394d098b6ca0c72bfdb4d03560062561889773f22fbd9259a959442823382158674c8e7430d5fb42e1a3967575f5c39b0ca77dfb0aa8cbbbf7572b552a76fb25b5b280c69104f931cada8f9bf0fc216cf8d429d3579962826fdce6b066b82dc5e9216ae0c", @typed={0x8, 0x96, @u32=0x6}, @generic="7297ade2b573fc2088ad7e7053e9011e3b1178aa931628d40ae0ea31f7309b5e597dcc62a7c119dab0986d497f723e52c68740926c42babd87a086e73bf0ea4cb77f89a1f697f02dab96c970a42783249432aeda815d1c5f6a492f76b78df2facb691d27abdb6c4f5e232f36205a3d98c7f5c59bc3cbb596ed6e528a3c0b2eb21b86b86ab929acb8faa59dea8d2fd70405a430f3c24e7c1b67f313a3873839d8", @generic="5cb530901faf8fe4c01312f5c46a6648a44172aad24bf7d667a47257f7bfa918474b4c7712259c2605f19f45272c6cdebcf1db2b882a590c67961a5ed6c797490cbecd635842f9cbb2281b4c436d9e1ff395a02300af2e05138541d264425f9ce17c2117369fe1f5f7792c22d064804cd4bdc8bb860c410354af89d24b4979da06789c7756f0eceba70b634e068da83cefcdd3ddafe54572b59452d95c933f424df43e625706bb48d2adec16c8aadea4d9007bbfff3f28a1831532e1d10472b278ef2d5d062d7ce6eb9e8b1c79084df0216c2d6b3601"]}, @generic="7c082cae4918c597ae015da8da03b54c0ee2c40f940276da24ffb0f61a0e595b12c4cb8fbefa6eaf2a1b1f6e0e9c8119f14e67eb654e5eb501cd65f5ee5992e2dbbf6a643d9fc55d021c1132239f04b8133c3de26987f851ad6ba09cc30cf3292f7a42eb50e0210e0a399aa897536c00fb67b315a1d40a09e80bd1ba58a450e43ca05a6e3f46c3ba882ae3a53432", @generic="4d281571a114cafcb5896e96fb1ba5c2f00cd37af03c0b49307d0d2d7cf45eb0d8963c5c980df7b321963666b303ba354e00837f24d063ec9c3ee31a6822d047ab00e642c1e105822ea842b1ceac10f9318d896058c05a4cfc9b48adbd99f56c17511ce37c1d468f170267e618adde1b39ea75f7d5af98e385081cce6eb56601bb5bf2368aaa31da", @nested={0x18, 0x54, [@typed={0x14, 0x29, @ipv6=@loopback={0x0, 0x1}}]}, @typed={0x4, 0x5f}, @typed={0xc, 0x6, @u64=0x6}, @nested={0x4, 0x4f}, @generic="8929b8b3ffa0752a40c442ef586922f1b17b59249b4260f78159077f489080d3e35d8655029cabf6f439343fe5807730bf3a782b80493d6564f631", @generic="88eb052d33fc2e9d0a99e8ffe044e7bf89e95f1773c7af0bbc000c450718394058ad2ee675b9a8673ae38a790eaf5dd3a5a5ccc4177ad83032652cd582926e229f1766040f9cee12207ca811190f4245dea25e2799644723a7c5253d1c01f10aac2d7e220883a88ab012487e3f639a96bd8296e3066ef254d2c0b9416a3f771e33c47d6bc034ee6140244ab8db18ef3278d89f703cc0c4a0913298dd53c1d95933f8a5e831156c842e6795306467edd274e5c51d6b4da8069e29b1c4c35d517f45a4e237fba41e2fffac0cbb69c6a14a1f9aea8a87"]}, @IFLA_WEIGHT={0x8, 0xf, 0x100000000}, @IFLA_VF_PORTS={0xc90, 0x18, [{0x128, 0x1, [@nested={0x124, 0x6a, [@typed={0x8, 0x1, @pid=r3}, @generic="328d9f6e19dadc1f40236096a2659ae6ee213e651fcea2c3ad253cc3ae6fb7db96cbb7108bbbfee6308788f3", @typed={0x8, 0x52, @u32=0x80}, @generic="31ddaf8dd796d1d37c8116a1cd30f1d2b5e659a090e7b5d02056ac04f53a2f80e459a89e13b108fb433f4d87164aef7ce247b877afa016b0247e0fc221157bbf33a4b536b87a3dd5a5578df60842eebf", @typed={0x88, 0x88, @binary="116bf5b9c15ab0147e5ace187e72924ca22cca6add22311a8e44a28379c2291d23d3ac82814a69efba74dc1fd233c1b47c45eaae3954262fdd87684017738de566adc8175cfc2cf5517453496caaedee46ff325303e1a2ff4d6e2cdf88dc23299a3f9e2e8357a919ef3d447907ada2b0566bcb8bd37429aae9bca0ab6486386a8f5d587c"}, @typed={0xc, 0x6e, @str='bdev\x00'}]}]}, {0x280, 0x1, [@generic="d1616957f0f05353ebb27f3f3706d084eaec44c53ebd83bafbf2c874133112a3c7629de90603171b10e2e50c", @generic="c65aa0eb86d38d1552dbba3eabe43a22ee0aceb9c012db6014b7434b938f2f832fd48f759fec68487deb070988d0d0724f65d970794d33536e070a8463789bb1105eb3559ac0b699b66fd22c238505fb07385272a5f43360a21a5872e048cb5be8ce5e98b14c252b04733b66a213101d1808ec869e7b4a122706816ebeb02a265788ebad49489c2e79b4b12f1e88e1068f740494c2b1140d0c3c20872353f32c5d159ba535a0414b0d0b8abfcba4051b56cc8ede0ca891220e4bcc611b2e28dd53bacd8d21b845c99386e4774bc61f1ede103f8baf960861405b5732070f4299f00dce771a83402ffdefa8bbc463cd4313831aea4342", @nested={0x158, 0x69, [@typed={0xfc, 0x23, @binary="3022096d69d45c61408f0cc539ace3f49e6764e7a7e991a5e664857822671b129d73d21b82989d913c47de2009b9445227e6fbb5f421a42d146648101f06d0ef1eac5194696e66f6b753e6827686b90d1cd6225db586e061e1f18656fc2ea3e168df892b38483d2f87d5475262d64f8382fe87b88fcf50bcbd223e18b81fb77f937776019eeac2461f9cc6f4ecec84fdc61d24d74a3bb6a3f25e63db2f87a058df4c528d30155e77a3df47b81a04752a2f5e6c4d265084458702ba2c7bc5e3c2c8124cca687d03829755f561cfb85778ec913f62221b4ad362b4dff803b34f2fa156645a13233cef5a3da4fa0b1d522789e859f2e725ed"}, @generic="2ebd4ae1c4d22e2ba597e8a800f06cb034d6edfb555b868d7b85005a7afd855036e1023f42dcd82558797cd4baf20e3d5575cb7553ce92dcaad9eb068289d501859ba4c4b5361b9bf92dc798e806cbfe6d4b273a17b2d52a"]}]}, {0x7c, 0x1, [@typed={0x68, 0x4f, @binary="734cc7bb5d7fa490ae1ba20362b611e5e72cfb6fb8af681ccda527c1b09ae0c1578c0ace582bdf34292d3770716b2727c203f6ef12b2af48759bba5c7c8da35b572ae9a329d3517409169852963bd1a2f8cbbf951ee919e4bd10552c6ce41e77b191"}, @nested={0x10, 0x42, [@typed={0x4, 0x79}, @typed={0x8, 0x5e, @fd=r0}]}]}, {0x4b8, 0x1, [@typed={0x14, 0x8b, @str='cpuacct.stat\x00'}, @generic, @generic="c5a957867038d79590dde5461828dde6558c5f0d3df17b0a8001c0df592c90344959cd743b62ce7e8d6879a0818239d2d2549aa4df6bb98834e73e43439a990edf359a136ce1896a29c196a4c865fb895640781cfe8a9d741844b9bdc59c751027b02d040d1bdc9bf687e268183148d4de98e958e6910996ee0361207bbd01dbb0af6246114a7713a01a26c9d223835aff16f1504cf959148347cb69df32e93d88c0c379cf0c499075478f783c17456e548a598018a6", @typed={0xc, 0x7f, @u64=0x3}, @nested={0x218, 0x49, [@generic="eacd6627486c9357a78f4334a1f9af198a014bbcfb15930a3e3625f6225fdca7876161b205248af6d68a7e14463326cce3645c205583adcbff947ba668cebc0853da6de5e8dcb7dc48f8eabb43573b53a3b2af92", @typed={0x8, 0x4, @pid=r4}, @typed={0x14, 0x5f, @ipv6=@dev={0xfe, 0x80, [], 0xc}}, @typed={0x8, 0x1, @pid=r5}, @generic="b3f7f0eee3e349289e0a2bfdf5a3d58e9a8198caa0b5be99d605fe888dcfcd75ddbe74b8d64f649943d2e4175accd006a062589526332a2c37010359b56815e59c1da0b66005d801f8d3d6ce5a9a1fec8f1e154e8437b5875b62d6d747fdc16eca90eeec70edd81589491f883ef0f5d39b66bbfd3fe9a9c6fd4062cdf8ff00a560aac6df05470c993682f4ee9354084270058b2e047e71b5e180e5284c047caa5e4cb82555ccba3910aa28a1dee773642dda6b711cc9f6b6b6d1296b1bff623b661d9f338e52263cf352a2f8", @generic="2d16616cd429adcf0ef00703509efccaeb2051284c7b65f904815066eedcc0067f81a000a27ae6339e28453d1bf3d35c32fae003280199cabfb9f727f1cca4f46ae5dbd4d744704257", @generic="357df663b5e7c712cc14fa8332d438d37c16f5496df660f8478a2ae90878af8c6c4b420a14493bfc66745cce3d98188a6e8276ffb9ae01182a0da17ef50083704ae79e53dcb12b9325753565ba95773f71cecee02a87fcd8c2ca08d730fc1b53b6774251154f596796adef4cf0d747b8756e1225ca78842e21df1c395de62fdc0972db2071"]}, @generic="c9b6c541eb84edc9769e9494f5e67592277ae0253b52b6aaf2231aba77abde529abd6322a56a692725090a4f271a19277887781f8c643cbf3550d9738c61b85b1cedb3af1bcaec1d975add33f0e242b004f403c65bb78774f1e4b24a8593c8d3266e5d4a90be7ec9eae6f267d7d962afbf31547338a4a1d3dece149cde252933102ae722f2eaea0804fb2a73e97803bcb54d28bcceab9233f6f0052e7c65f0cfc359bfa29ff62a7dfad5782dfca7bc77ecd9aea48c8cf554507ca643b2b09ef0fc0d56c91cff2b8165edbd2dee5d49f634db34cf3bbf93ffcc419b43bde8fbb4ae122ea11b03e032ae824748f277", @generic="cad71b83f1dba06ede83f7c1e7183a8f26b81e3130bcfd36a391c7b09037f173006c4c9d4e5bc410745f025e85d461021552f6af84713fe8e219ee56dd66db928367291fe6cc371f2409b0b0d1e1f92dc09312550f592a528a581ce391ede6609a5f68909cb0146a9cd787913d9b6706d0af3dd705e02953d95716785fff39f0ef65130061e8eae5e9492ecef579", @typed={0x8, 0x16, @fd=r0}, @generic="92fd5cbefaf613f9ed3aa700c616933aa050371b462d3e1e11800fb7f784b01c659349a98d5dcae5334570cd31ab27dcaae57985a46d5d83b3e620f47011298e"]}, {0x3b0, 0x1, [@typed={0x58, 0x50, @binary="7215b570160b2f5e67a373931015c28b093a1ee0423fd9fc3619ca904d7df08d5b922e740e64ea9814b49c7b4923e4dd3ca6c3ff424830a5ad1eb5a006e5d5f76d79dc245d66a96526e1148dcd93df5489"}, @generic="972b0bec83f2cad827b62a342e3eb044fd8982d05701669e41a5314ad328340002d84af9f1f885eb629c2eaac93e8680b69d25db4aed7e6627b2fe30cd6e06cfc2e2e7f6ea8f8eafd24d6e94cfc257b299f754110a7e69880df3ef397049", @generic="1db631e4f6a34a7ce9df35a5a46b9caeeb106e16c0ff1785958434b6f8d5eba5453ae2a1e4c5930365c2027c1878f08b02a6f41e1c49ae1d2c63350984898c6a16cef9dc12fe5792b535904f3652c295a01c8f42981ab5895d29cf3beb1871256433eb2c1236a689011bf1086f2beda49cff7b9b2d44488a22f61d89034fa660e8128f24a1a9f1ccc5c92890ed44b3fc509efac2ad4a3606f4a203e5cbc3d258389a78a1e675145a0f2e231271850f0da95aac0786d2fd86aafd7327a6e6a0d2c7619e5448dc060c2028290cba406f8f2991682b21b48222062df65b5a7677f3b7097279994943769b12008f524268d2d8", @typed={0xc, 0x1c, @u64=0x9}, @generic="f14aa0a731fc9fe9422ae14bb1b1c887f44fcd9d0642fc19379152fd484a79feb2711481216d0cc5f4933df175f478b9", @generic, @nested={0x20, 0x76, [@typed={0x8, 0x24, @u32=0x6}, @typed={0x14, 0x6c, @ipv6=@remote={0xfe, 0x80, [], 0xbb}}]}, @nested={0x180, 0x31, [@generic="555d8a234063768b69a841aa602a4a24b7b641f9a0a124d4be364e2a5d4680608ab85854a14566ad341fe58c80eca8559011c036da521e72bae869a04c2a6e33ac35624614189a3bd9dd8897011b147986291d9a385d3052c74ee6a691c6d2171f7b77375906551af404bd5f7553f0c42629f1fd64cfcfba83b7c0ce3e87e0c2bb68f8fd9b6f", @typed={0x4, 0x17}, @generic="9b8ae9b0da94ddc4b8cf70472983c3e9949b9bf025bcc7edb57f96908c45d97ccfc71e422dba95aba2c10ce0b26accb10c3a9fb747ef222495667d1898c77f523a7accc3561fd96bde074856963c55718c9bd28eb1aa358c72395e0812268340e6dbec1cef3b7fad535603b3d6813c8a721cae2c773b2fc1b0d3a2520beae2bfd939386130aee3234c45f0de271c784375b81a1560c0dd4248798f2e7eb71c8d5d26cef2174aeede6993ebffe74647518511a4e0075a04f8e2e54524bc095f3281ff310b613d1174c31452bb0387450ea2a7881df6644d6241be0a1aa2427195c05c55fb7adc174c8417fce190ebf31a"]}, @typed={0xc, 0xf, @u64=0x4}, @typed={0x1c, 0x4a, @str='mime_typesystem^wlan0\x00'}]}]}, @IFLA_AF_SPEC={0x1c, 0x1a, [{0x4, 0x7}, {0x4, 0x1f}, {0x4, 0x7}, {0x4, 0x1f}, {0x4, 0x7}, {0x4, 0xa}]}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x5}, @IFLA_PORT_SELF={0x145c, 0x19, [@typed={0x14, 0x6f, @ipv6=@dev={0xfe, 0x80, [], 0x1f}}, @nested={0x1060, 0x1a, [@generic="2a2806cd67a0ec483548a5d050ddc439a3a9ad0029c086a8c06344b7d42d57ee84cd", @typed={0x14, 0x2d, @str='cpuacct.stat\x00'}, @typed={0x8, 0x6c, @fd=r0}, @typed={0x14, 0xc, @ipv6=@local={0xfe, 0x80, [], 0xaa}}, @typed={0x8, 0x2d, @pid=r6}, @generic="f4169b1e6b9a81472c9f95f78b9ab4a2e8729e0e3809714480e5afc77c4654448faaa9c11f95d3fa9612da270a891b606998392c6c8df35122ce6cacc4cd6b2073a3e5ff1f7e4c2cf61e147da10ce85fa37b30d38f4fcb9ec03dd7335fd747a42a7f509e56c1e9460ada3d66557640804c93b832c282c68eaad2d157458c4692258a85b88631f7fbb5323244e484f5471c28e92c55c696e625750bcb3d98c973f30c8582963199b235364df629e9c19abcbe3354f3104589c0f2ea486a3387fc4c8f094229583a1d8ed0734261f5f04ce51b0f3d7cdd7e53809169519123962c128163244aa11b1a7566ec90e082772c6999d197d090e945c6138a7d7813293a410da44284c4069ac586db434152302f1da5e93e707785630606d9ce58bc4998c535b78eec5f25ea88f69ec9dcdd073187d72439f09d4cef88f439a91922d4093fd22b242c53d33aa2a7df118dcc28701855882b23dc88ac5e771e4588024af9d3668f828f93d711ac63e55f51553c95076b3e5bb8f8035adbcb379362d05357ccd0aab513536eb9a93825e5dbfc5f9c4cb67657cf4fe102f79899654fbb916f5bda3fb2cdd6ec9b6028821bc4fb1cb7febf4b27f064051ae94672cf32edd6df00fdbd8ff190bdb38b487df3d63d8ad3fb23537fd22c10d2df9b3624590cf4e9e1834abffe0c1258d4621e26862852ebe324d06b3a39edbdcdd19faf95b35180df26fd559680d40c68f03b914be0b3168277564a12d5a1cad3683088446b13b6d7dd082ef545a4dc528bd4a644ac62ecf4a229c16db264ff3b46476f97d3ba2ecabfa0a2fcb2237a9e1a505d96d4b68e587da319a9898ee7f937bdba068c281c86b373f3c5a524b54cf36eaae03da4336c7175c78b00d858f75c2a62a6a59acb40b02d5df18bf39a6db6f3411d7d30bcef05fd174306a4908715e4e9b3461cd34032b596d61c7cd7200c153a72371a34ea8baecf029975acd9375ce1f30ca047374e5ea2e9d9ab10f426adc745726d2272b8307f12b71f67865da0c27f1ccfaf5d80dbd9b1ca28c60512e01ba94f531011caaf9f8694f237cde02e5cbe4f9c46f768a7669dd3eb22f41ac8c999574d0d3e137bf065dc0994ff5239a6c4d3dd00a58cb97fa24df3309a46ab917d34b7f8d1e71b850c7499256ebbdd66cadbd9756e57c6746288ccda6627d727f20eff23c89b567032e5f7ea8d2998c970c00ff79cfcc028ddaf23546ed47bff0d36bb45c170f2e46a4a092abb25c2c7662ad66a6824ff6127b1ea604e9626073fadd722a364e91dfa3d7b7b8ea65f0c63f2866f8e1b2a2a6a17414638672771b6dbb73428c85dd9725ec8da4e3f519e3dbc31ed9b7a0d3d62daab2210be97ad372fa1a8b275aa169aed3486dc2cba0f9798c93af31d6e43d38071c89fab437bbedeb91c66d3d8aa2992cc205e9e772fd63abeaeeb517d7d767230535f50fbf258db079a06439097cba2edd46966e9fab66f364d0bfca36c81229095dd7c460fe34ea6d823f80c8cacb320d3cbd06b049d721e997c1ca719911ecd6d878ce2638e1dc6bc993ec301ad504699ab05d66ddb438edf4ac5f0edf106f25fdbc9bae3a924d6926ff247d2fe7e79f7bc9e5cbf6a20ec9322ca9fe72a0f275bb690cc0673c916ca0c92e56d138bb126a79605bddaf9dca1e14306e6cf1eb81a96df03f5e01980deed3234d3b3f9fe3a7ef5222dfedef83ee89cbc237f961314cebde932dce2ef9d5f1041993e3a32a27e3a203e53d1fbe258e0d29ba28d87a13ccf6dd78cc854b940f034b14a7711f9de8495f6c2dab1f94e1b69aec7a56aed2c73d9e967f16fa93a9a208017eb1f098abb31eefff9223ee864e5797176b2e2fb172e2f6d2391a9063b7cb524a08a16f27d3fc52cb3fe0358fed2bd56d47925e5acec1453f08330642cbc2dae84569b4db5e9a1b22a63be2440a461d499723bb474cf6fc52951cdf2c5b656cafb9bf1b214707fb787247c1e2871ea20f1ae133e6730daf42118be7b3e50ab5cc335951793f696e24c3e8422d30648f6e065174d7fbef8cbda1da43d38b339cbc60845442ea874b5f0111cdbad5b1182d74d6d0ff9f42f63ba23baafda81276e88c1cf3a9085505cb24c58c15e72684a299b8038a44160eb2bf39e4642fdcdd91e0915489cdbd1c91337e3d46a1a9fc98cbd496005f54cd2790edac1acf5dc0d8f80b92c7e1117a698df0b2348d7825ac20d2fc82169681ea1a1d5b4937b8066a5fc8e0eb626c6c8365e84c7757f4f36956929c236f9fda4e5cf64d731a9fc5022f4d7c45cdbc24f129f6e81e1a932a0dfd7b5eb49a8427cb9c46901b5d87004c16edca29e6e85dffc775cc9963137795a90786ef82454ce5d5f47742ab51d9d40c47ae4a96ccd4c12ba95da2258e1ca2931bd22f9f784b3a808d8c3e6d4b4983c7a111d24ec993b5ab967692e26a540bd26e40ffe1252988c82800f23805990fcce0a0b6bb85e4f504e46844ec1ab3795e4775f0697f819737d58eaa7cb86f4fc4f43173e611c59c8cdd5e14d29cdec91399ff44c91bceb4af12515093ece98c8c63b3e8332f32acab8f7777ecf747221a44e7616b0edf995353e1c64e216bd8c658c6ae85fbd3a1983fab5872e1e0eee47395d7c8db28e1df09e75fc27c9c6478e47ad582cbcd756de1d8040e070a2ba0f214b9e4643b4bebbda09a162c11ec0e962711d37a83b9ef8adcee72e49e6b7a46af3d0cedba970a57d97454b56d8037183f6adbd5007cc60b84647e80bf21666aa26d0bec0becf421ec19750076620c47f730b9aa9af17662d186847a84d0b782e85ec94b1c28d27ac2c1f84f0a0dbafd8f87f7ec9d9bc08a1a9800da04b3f0f0c723b46ad80680fc985d4fa1e6e6c2bfb0b569c794558f89f2bf0f0c2675a149cc2d5362df6766c0a0e9586f493f5d67ecd9dc047acfc66cdd2711bc1a6e635d53533b296ae4e8467d1f9a53dfd34f1dedffc660da046eef79d8ecd2c3f590d9d30ac494be82eb8c93db254083d170390d5394d57c6c600c508909bf0558490ef4ca3a4ff36e631a0c9761ded0023733c9f5db5ecdb93cade23e024bc842cf0b184db855649dd74ac41496795efe345b2201997961207f56df3179482eb412d33b9f0aa6236d63137e9f044382ee7ee2b0602930ed35e3ec3006bc9f0e63ed6afc81c4e1763748168e3f1d84b6abce81acdf47273ad3ae9f1425e57fd4a30541dd11cd34c2639037dcc5e9eabe110b9f4b6df0993c03bfdeaebddb6c4479f294df502da50224e30bb8600a489fee16b31c0af6f7287b0ded638343bc6b2bad9e57de0f058d42f7d76f052caabbd75f04041ee9202e7fc9409b593a4dcd3e1ac50e477f580811d9fd89e6915c2298e9c25dc92c9a313b5039a16667f419976b6f8dc67f539a1b8eb16ce475e33b81cc0cf727f97cfcaeedea81e99eb8f0fa472ea53504baf8211d1e64305f6e149e9b85a9ae398c070ccd829346f687583371ca32faecc25b303a56a691ae15bc97a88db8ce6ac82b815f4b278ca61e6f23d0839c94d4547cd8e384765622ce8b0cfa047cd00c48ab65c21504f113abe020f26dbea9bd01be453b781368eb42f00bbb44aca8f6dda1987f14ac5b46a91c247bbe0c5759fc7620359be813be41de50b1e9c598fac8a68887c4923cda9f2947610f11e546032ffaf5d0af6bd25dba26293d165fbaac914dcd127f6fef316eacd82627c889b126af6c51adeb0b11349feddb7a681f13ad879bdcac98e2b7c1c3d2b5ffb12c0bf1a80c011309d5b133670f484969dafa2350885be87e9080519eef2f5022516451d4e55afa1c4d6e8c3008351e6ba5eebf570086e751132363b5786e907e32f80ee299615dc8877a58d87c7f2dd7d0693ecb4c8aefa040a36df596ad57e30e5e369e9b5bd2895b76109667aa7967f3a21da976c5b28891fb014a180252352560d672a09629ab7a72aa148c247f58132e322d9c0aa98cb10a0702eef6d3b74f1a3b04bbfdb3a09ec9878b073c2e358837226a1c75a2a4a2cca5cbbbbe7b8a7a710feeaf05f3afc1913af7c90dee591c70e6ce9a0a0694dba6f0cf67f64ee3847d002185a9d8695a9d427a4c13841851b5c4d68e0b1f79475f9b3734bd2ba81d21389093543cb6e17295e886fec0e6a854870f857f9466b630ece0f56716586f583d1b37e76115295c67a0a2e33e39527fd41b2580b4346a1a9ca6f5167c8db3adf099449a6d78ad35bc5d87c637cd0864336f1c3ad7c5cc9111c4380a45ad2b6a84bd8cb96f55938c3539f29dd5415ffafd14792d4561425c7067b51cdf8e12ebc32ac7db0611f6b6999cdfc1b08bb13c7da3f533dd2022d2b61beecf1f6c2a7e6e6c8442ac57926da1af8097b53e7f7aab8a4fd37a59bf0dfd680ea3d0f28a050015ee92cbd5633dd9afd0388e77d315d6c203a407175ba1c22d6587b79b6acac62246ad72f1d7cbb2bc04149f35c126158f4621f52f0266b1ce28486aee14d7d5fa72661eddcb25a05d20fa462660c3b9c065259117461aca06f798e406f9d85f7ce024db66b46057061e1bb6d0f500a60a2da757504697f93fd6dabbc7fa791f306cc36bcf55aeaa7a727f8e9b9161359c65f12350207f098f03777763c90a0c4f703f44ad86f008111c817410a74ebb1d1965380fe5e51b145942c026a5b1cfe27f734992dfce9c789cd378756cd242d3a1af2c19355a6c020b703fe383b01f0705530c64aa7bab329b1c96efc55939aae763f2ed0b0053384ce87ac39cb60936e6226cd5dfcfa45502880bc49497ae76eba11b5dc07487e1b2226db3e8b99877583d4f8199f5c65e41e4efdac99cf8523cf03a23fbdece91b2d7cbee4ffc3ac17d09d283f899e1c90a467df3154731f270151ac19a70e16c1b9c84c09770a258c668c552b871029314d5f1f087d0a6e986e6c9a71db52fcf0c5cff4b5e05323ba40600b1ed991245436af31d7dcf5f9d4b8c4cb31ee0d5df379e179bccda01c8f0a2a804d2c667808dc46e2fb8401981bf04a5faee63e0fd8832d9d378d469f3048a8a515c4d95ce07978c129689ccf56333a7b3ad7c75818f19613c236d6b876e1f27d94ee1a7f3d8333d4857c72f3b31dd28c8f5cc4fe34cd0c9c24a5a16c66456c99669304a55d61229dabe99da72643b93af3240376961e2162eb067c27651e1b302146a1157a362be1ee0565d9dbb256d62545011b51d61410a5927f98ca4d947cc819d8e5f3968164b58eb868aa4f7538191e5f1f06cdb4907f8255d20853bea7e0f7410b1949a1467e66e32a5fcdd7011047aae682adc715ccb4df2ed96f9d89162d07123d3ab82b0616384786da9251318af673a8dbe4907f553b9c2036a5a07d8cf3e06d98dc4886f769a66ee81c9ee1faccd5f2961db580807ccf9b68a7b6a6b4579ff093f03ced42eee97aa6bdad0f9557d6c98b35f869bb5ca39b8def30d5257f6e8010db502ad58f9d188817f48584870bb7b5f97064254069f6a768aafc90ded5c74b0f161110567202b9c66bf8b8454a3a89648df8c8e7c49e5bdde737dcec8c43cea677300f33b64158dfaf86c807c1cc7e35631df0f5d62f0b78a07ee0f82acd1b441166392c2e0f0a7b652dce4d5db37a43ba2f152227cbd01dd2351364b048878afddafa6ac38d19099baf28765c2d4025dfd117ee59ae34c5f1a16dac8f04d0aa73ae9b3a03fedc11dd4703172240b9f89d2bcac34f172302d2dad0a6861810ba15e5f274639e71e3bf478ca2b49936e4e5c0901cf60cfa3e4726f124fe2251b526328aef143d0702"]}, @generic="b04764c087a51c4065a929dbb1dc86a0b9ac0c78bc0dd45eb5305b5f58201fe38373e8628a971dcaf21ea842086421ebfd8fe8fd97f5f565be5b5a410716913a9fb659f4e947a458af86baab5edb2fd11425c3b24b8ef695973ef8d9d618befe35047ddae269ae06c8a99733d6749ea14744450052badf90e3a9f4019808fd43df2df8d9b868b607a593737ba3e2f83173abbfd618eea3ccbd496b840b10f73889fbcf69e976035621d0e2a94a2be2503df193582114e437f1c90c040aeb36a289fe6519e150052e3405509359daf71fe80ab9c21dae2ce4336d9f8d5b1cf03af0ad54cca03a983ac57cb75d19c3b68997bcfe3a7c634ba3", @nested={0x2d0, 0x5b, [@generic="e96781da12b9c883db911947990bed821cec8ebc5588eb83bc2ce2667d146187f0093b6210fbd6670000d6ad12c3f10bc4ab108e86716007c4e1ea5feec1ef2505b21776713459c402f7adcae9d9904a4a31d78992412a2c77586e7187a8deb1f9aab449523833cbe709ac3d3e6db515582a0c3e3ea3e031af285cf925adfef93f70b7df20f9da515cac9498db18a67808efc9790c7aa84c39e79b9a3e7bad34236410b78b915ba4496c43", @generic="cdc975e11a86360d6328c258d1f3e9120a6fc8bc3f04da0d20d584a589cb2ecd561aa92a4789325c430fccf886a9447c9c85fc7d4cc44e0cfe3ebc60912f55ea3934dfca7b3402fe5396c1f9c8eb2ce6c4fc241a4e7a39fd69b089d59dbc3c60dd76565c161d1516b7a595b8d81c5ebb4ca77aba18597fa5a00f868e07b30d042c724106ee2ed67399484ac048624fc75d27f0aa6ba1ab7c7e5b450b08db83ece341db2be5a166867261c61b89a67a313e51d2ef4e18ef3c6a05dd53df0e2a33b5566e077e", @typed={0x8, 0x7d, @ipv4=@local={0xac, 0x14, 0x14, 0xaa}}, @generic="f047d7315d4b233a134947f6b595fc9135651c9e7b541b58733ecf3892729a624f942128933453ab15176daf643f6080b15aa54fc989357a612b4221e843a7acdf90204ee0a596ff36f6723b2d580bc2829bcfe88402226d8da2ccaa5cc62fd212e14f2ec5d0bfb2aef1b81def3c739deb2119819777834acc57cab950b9a31e55cdd155d2e1fde1ecdb19291e791d1e39ff856c03096dbb740b40453ac6f658", @generic="511a664afe70aff70569750ec429e6fd8cec442d6ba27f41a3bb58f9127b9f29f4532af7620d76d1fa0bc698a453f50f5c28406358959ad9b42998cda85d06f85a2e094d", @generic="22b168b35a3e61aca3a0dbbf2732c0ba5c228cbba65faa698e0ed6ea9494fbb53b52b2bc1bc2b17fce499164100424733709e5db9bafa9abd751f83f5613063d27a8c9dcbccc39d8276253c0acab19869e168d15390b35fbadde8395703f279f69b0", @typed={0xc, 0x79, @u64=0x4}]}, @generic="203a27987c7962bcc9c2d55fce02267ee550d5ce1f9c8bedc9d7110a"]}, @IFLA_AF_SPEC={0x14, 0x1a, [{0x4, 0x1f}, {0x4, 0x2}, {0x4, 0x1f}, {0x4, 0x1f}]}, @IFLA_EVENT={0x8, 0x2c, 0x6}, @IFLA_PROMISCUITY={0x8, 0x1e, 0xffffffffffff0000}, @IFLA_IFNAME={0x14, 0x3}]}, 0x3740}, 0x1, 0x0, 0x0, 0x4000}, 0x41) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r7, 0x40044591, &(0x7f0000000080)=0x5) listen(r0, 0x3) setsockopt$bt_BT_RCVMTU(r7, 0x112, 0xd, &(0x7f0000003a40), 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0x7, &(0x7f00000001c0), 0x0) [ 652.338893] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 652.346144] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 652.353409] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:22 executing program 4: socket$pppoe(0x18, 0x1, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x8000, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth0_to_bridge\x00'}, 0x18) ioctl(r0, 0x800000000008982, &(0x7f0000000080)) 07:38:22 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x100000001) connect$inet6(r0, &(0x7f0000000040)={0xa}, 0x1c) sendmmsg(r0, &(0x7f0000008340)=[{{0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000001340)}}, {{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000300)=[{0x10, 0x1, 0x3d}], 0x10}}], 0x2, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x40) ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000080)={0xfffffffffffffffe, 0xfffffffffffffff9, 0x1}) [ 652.386744] binder: 10622:10625 unknown command 0 [ 652.395514] binder: 10622:10625 ioctl c0306201 20000080 returned -22 [ 652.407981] binder: BINDER_SET_CONTEXT_MGR already set [ 652.418968] binder: 10622:10625 ioctl 40046207 0 returned -16 [ 652.430673] binder: 10622:10638 unknown command 0 07:38:22 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x800000, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) getsockopt$IP_VS_SO_GET_DAEMON(r2, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000040)=0x30) close(r2) readv(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1) close(r1) [ 652.450008] binder: 10622:10625 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 652.455487] binder: 10622:10638 ioctl c0306201 20000080 returned -22 07:38:22 executing program 1: socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) r3 = getpid() sched_setattr(r3, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r5 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r5, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f00000004c0)='./control/file0\x00', 0x0, 0x0) getdents(r6, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) write(r2, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e22, 0x5, @local={0xfe, 0x80, [], 0xaa}, 0x7}}, 0x3, 0x7fff, 0x8000000, 0x5, 0x2}, &(0x7f0000000140)=0x98) fstat(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setfsuid(r8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000340)={r7, 0x6, 0x3, [0x200, 0x0, 0x3]}, &(0x7f0000000380)=0xe) socket$packet(0x11, 0x3, 0x300) close(r0) 07:38:22 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0xff, 0x12380) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000240)={0x0, 0x8}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fcntl$setpipe(r0, 0x407, 0x8) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000040)={0x905, 0x7fffffff}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x0, 0x0, &(0x7f0000000040), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2002, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="88000000cb5be1ba7d357b0111204b9c933e940ee41f79959e09b7d07798632a2a6e222d7d71879659bc56a77299eec7da596f6a69f3f075f53a681a327cbf4a3d541613a307495b18d8a2ae01bc3553b2afd23c425b629b9681da93027616ba133b07000000000000009c692c94a3a8eb66f8385c1dc70c8b3ebfdc375bebfd798aea87308da5412dbc8c381ea61abe19f015b613b37015a455350a23e2cbab4784860aa2cf6a8a08417996971599e6279bf281ae302c8e83cfa6a5ae8748fddd560c"], &(0x7f0000000140)=0x90) syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x3, 0x301100) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000180)={r5, 0x80000000}, 0x8) 07:38:22 executing program 6: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vcs\x00', 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f0000000480)={{0x7f, 0x45, 0x4c, 0x46, 0x7fffffff, 0x4, 0x2b7, 0x79f, 0x5, 0x2, 0x0, 0x58a71b1c, 0xf4, 0x38, 0x2ee, 0x4, 0x1, 0x20, 0x1, 0x5, 0x4, 0x3}, [{0x7, 0x20, 0xec1c, 0x9, 0xfffffffffffffffa, 0x3f, 0x3586, 0x7}], "edb46a0531a47152284ad720b1c08a7e9f49fd21558c1408b22dfaa1a31dc4881309578b5764f32211034651cce931ab277907ef8a3b856f1d74a1f452d4ba702a09fcfa4ba92f2644b10109f155c02a2a3325d55a8ba072d21d7c066aa4f85f7d3fd9976476a3e3fd126a6e3ed5263ae50a9943f66dd125421c60678741a5ec8d72c415c496298312a3af6deae34e27893b883221a4fee5e8c04a124dca51376e05c7957009769becef", [[], [], [], [], []]}, 0x602) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) r3 = dup3(r2, r1, 0x0) getsockname$packet(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000040)=0x14) 07:38:22 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000100)=0x4) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000180)) fallocate(r2, 0x0, 0x0, 0x8000) creat(&(0x7f0000000000)='./file0\x00', 0x0) dup2(r1, 0xffffffffffffffff) 07:38:22 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/audio\x00', 0x40201, 0x0) socket$pptp(0x18, 0x1, 0x2) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@broadcast, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@ipv4={[], [], @broadcast}}}, &(0x7f0000000300)=0xe8) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000003c0)={{{@in, @in=@rand_addr=0x4, 0x4e20, 0x7ff, 0x4e21, 0x0, 0xa, 0xa0, 0xa0, 0x1, r2, r3}, {0x40000000000000, 0xfffffffffffffffc, 0xe, 0x6, 0x401, 0x20, 0x6, 0x80000000}, {0x8001, 0x6, 0x9, 0x1}, 0x3, 0x6e6bbb, 0x2, 0x0, 0x3, 0x3}, {{@in6=@mcast2={0xff, 0x2, [], 0x1}, 0x4d5, 0xff}, 0xa, @in=@multicast1=0xe0000001, 0x3503, 0x4, 0x0, 0x80, 0x8001, 0x5, 0x3}}, 0xe8) r4 = syz_open_dev$sndpcmp(&(0x7f000000afee)='/dev/snd/pcmC#D#p\x00', 0x0, 0x101000) dup2(r4, r1) r5 = getpgid(0x0) write$cgroup_pid(r1, &(0x7f0000000000)=r5, 0x12) 07:38:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xa, &(0x7f0000000400)}) 07:38:22 executing program 6: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f00000000c0)='./file0\x00', r1, r2) setresuid(0x0, r1, 0x0) rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='./file0/file1\x00') [ 652.650117] binder: 10666:10674 unknown command 0 [ 652.665769] binder: 10666:10674 ioctl c0306201 20000080 returned -22 [ 652.687149] binder: BINDER_SET_CONTEXT_MGR already set [ 652.692990] binder: 10666:10674 ioctl 40046207 0 returned -16 [ 652.706727] binder: 10666:10681 unknown command 0 [ 652.712018] binder: 10666:10681 ioctl c0306201 20000080 returned -22 07:38:23 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x9, 0x6, 0x40000000000, 0x7, 0x0, 0x3, 0x800, 0x8, 0x7, 0x40, 0x1, 0x7a2, 0x1, 0x8, 0x30ae, 0x2, 0x0, 0x8, 0x4, 0x1, 0xffffffffc318639f, 0x5, 0x6, 0x81, 0x3, 0x4, 0xffffffffffffff54, 0x80000001, 0xffffffffffffffe0, 0x80, 0x8, 0x9, 0x100000000, 0xa, 0xab, 0x7, 0x0, 0x7, 0x4, @perf_config_ext={0x6, 0x5}, 0x1000, 0x19625343, 0x4, 0x3, 0x5, 0x3, 0x200}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x2b21eb26d8900c3b) sync_file_range(r0, 0xffffffffffffff33, 0x100, 0x2) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") r2 = dup3(r1, r0, 0x80000) ioctl$TIOCMBIC(r2, 0x5417, &(0x7f00000000c0)) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000005000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000016ff0)={&(0x7f0000000280)={0x18, 0x55, 0x3ef, 0x0, 0x0, {0x7}, [@generic="9f"]}, 0x18}, 0x1}, 0x0) 07:38:23 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='setgroups\x00') pread64(r0, &(0x7f0000000000), 0xffffffa5, 0x24) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000040)) lookup_dcookie(0x180, &(0x7f0000000140)=""/249, 0xf9) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x5, 0x4) 07:38:23 executing program 6: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x2) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x400) ioctl$VHOST_GET_FEATURES(r0, 0x80044dfe, &(0x7f0000000100)) 07:38:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x7a, &(0x7f0000000400)}) 07:38:23 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) socket$netlink(0x10, 0x3, 0x4) r3 = getpid() sched_setattr(r3, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) getsockopt$inet_tcp_buf(r2, 0x6, 0x0, &(0x7f0000000100)=""/87, &(0x7f0000000280)=0x57) unlink(&(0x7f00000000c0)='./control/file0\x00') r4 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r4, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r2, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) r5 = socket$packet(0x11, 0x3, 0x300) close(r0) close(r5) 07:38:23 executing program 7: personality(0x8) uname(&(0x7f0000000140)=""/176) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x80000000, 0x4000) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xc8441d1abe986e4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0xd0, r1, 0x800, 0x70bd2d, 0x25dfdbfe, {0xa}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x380000000000000}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote={0xac, 0x14, 0x14, 0xbb}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote={0xac, 0x14, 0x14, 0xbb}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback={0x0, 0x1}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0xa}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5}]}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x16}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_1\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7fff}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4004080}, 0x40001) 07:38:23 executing program 4: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) truncate(&(0x7f0000000300)='./bus\x00', 0xa00) syncfs(r0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, &(0x7f0000000040), 0x8000fffffffe) gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000340), &(0x7f0000000180)}}, &(0x7f0000044000)) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000040000)) tkill(0x0, 0x0) write$FUSE_GETXATTR(r0, &(0x7f00000000c0)={0x18, 0x0, 0x6}, 0x18) getresgid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) 07:38:23 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = inotify_init1(0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000000)) fcntl$getownex(r1, 0x10, &(0x7f0000000100)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000000c0)=0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) fcntl$getown(r0, 0x9) fcntl$setown(r0, 0x8, r2) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x4000, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x4207, r3) ptrace$setopts(0x420d, r3, 0x8, 0x0) 07:38:23 executing program 0: r0 = socket$inet6(0xa, 0x1001000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x4}, 0x1c) getpeername$inet6(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, @mcast1}, &(0x7f0000000100)=0x1c) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={0x0, r2, 0x3, 0x2}, 0x14) [ 653.424736] PF_BRIDGE: br_mdb_parse() with unknown ifindex [ 653.430794] binder: 10698:10702 unknown command 0 [ 653.463414] binder: 10698:10702 ioctl c0306201 20000080 returned -22 [ 653.495627] binder: BINDER_SET_CONTEXT_MGR already set [ 653.504942] binder: 10698:10702 ioctl 40046207 0 returned -16 [ 653.533504] binder: 10698:10702 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 653.533511] binder: 10698:10723 unknown command 0 [ 653.533526] binder: 10698:10723 ioctl c0306201 20000080 returned -22 [ 653.641770] FAULT_FLAG_ALLOW_RETRY missing 30 [ 653.646351] CPU: 1 PID: 10679 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 653.655550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 653.664884] Call Trace: [ 653.667462] dump_stack+0x1c9/0x2b4 [ 653.671089] ? dump_stack_print_info.cold.2+0x52/0x52 [ 653.676274] ? rb_erase+0x3550/0x3550 [ 653.680075] handle_userfault.cold.33+0x47/0x62 [ 653.684731] ? plist_check_list+0x7e/0xa0 [ 653.688869] ? plist_check_list+0xa0/0xa0 [ 653.693014] ? lock_acquire+0x1e4/0x540 [ 653.696972] ? userfaultfd_ioctl+0x5430/0x5430 [ 653.701538] ? trace_hardirqs_on+0x10/0x10 [ 653.705768] ? plist_del+0x4a1/0x9d0 [ 653.709464] ? plist_add+0x790/0x790 [ 653.713252] ? lock_release+0xa30/0xa30 [ 653.717212] ? cpuacct_charge+0x30a/0x5d0 [ 653.721350] ? cgroup_rstat_updated+0xe6/0x470 [ 653.726287] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 653.731810] ? update_curr+0x200/0xc00 [ 653.735688] ? reweight_entity+0x1100/0x1100 [ 653.740119] ? trace_hardirqs_on+0x10/0x10 [ 653.744364] ? kasan_check_read+0x11/0x20 [ 653.748496] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 653.753075] ? compat_start_thread+0x80/0x80 [ 653.757471] ? lock_acquire+0x1e4/0x540 [ 653.761432] ? __handle_mm_fault+0x3a38/0x44a0 [ 653.765999] ? lock_downgrade+0x8f0/0x8f0 [ 653.770132] ? kasan_check_read+0x11/0x20 [ 653.774274] ? do_raw_spin_unlock+0xa7/0x2f0 [ 653.778670] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 653.783240] ? kasan_check_write+0x14/0x20 [ 653.787462] ? do_raw_spin_lock+0xc1/0x200 [ 653.791683] __handle_mm_fault+0x3a45/0x44a0 [ 653.796079] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 653.800904] ? __sched_text_start+0x8/0x8 [ 653.805130] ? kasan_check_read+0x11/0x20 [ 653.809282] ? lock_acquire+0x1e4/0x540 [ 653.813237] ? handle_mm_fault+0x417/0xc80 [ 653.817453] ? lock_downgrade+0x8f0/0x8f0 [ 653.821586] ? lock_release+0xa30/0xa30 [ 653.825553] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 653.830994] ? mem_cgroup_from_task+0xcb/0x1f0 [ 653.835558] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 653.840299] handle_mm_fault+0x53e/0xc80 [ 653.844345] ? __handle_mm_fault+0x44a0/0x44a0 [ 653.848909] ? find_vma+0x34/0x190 [ 653.852452] __do_page_fault+0x620/0xe50 [ 653.856506] ? mm_fault_error+0x380/0x380 [ 653.860643] do_page_fault+0xf6/0x8c0 [ 653.864426] ? vmalloc_sync_all+0x30/0x30 [ 653.868554] ? schedule+0xfb/0x450 [ 653.872076] ? lock_acquire+0x1e4/0x540 [ 653.876038] ? __might_fault+0x12b/0x1e0 [ 653.880088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 653.884914] page_fault+0x1e/0x30 [ 653.888355] RIP: 0010:__get_user_4+0x21/0x30 [ 653.892749] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 653.911875] RSP: 0018:ffff880192587538 EFLAGS: 00010202 [ 653.917218] RAX: 0000000020013e98 RBX: 1ffff100324b0eae RCX: ffffc90005630000 [ 653.924477] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 653.931727] RBP: ffff880192587cb8 R08: 1ffff100324b0e84 R09: 0000000000000000 [ 653.938976] R10: ffffed00331225d9 R11: ffff880198912ecb R12: ffff880198912e40 [ 653.946227] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 653.953494] ? __might_fault+0x1a3/0x1e0 [ 653.957550] ? sctp_setsockopt+0x1e13/0x6db0 [ 653.961938] ? get_futex_value_locked+0xcb/0xf0 [ 653.966599] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 653.972306] ? trace_hardirqs_on+0x10/0x10 [ 653.976531] ? futex_wake+0x760/0x760 [ 653.980314] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 653.985488] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 653.991009] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 653.996093] ? futex_wait+0x5d2/0xa20 [ 653.999877] ? futex_wait_setup+0x410/0x410 [ 654.004185] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 654.009366] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 654.014899] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 654.019984] ? futex_wake+0x304/0x760 [ 654.023790] ? lock_acquire+0x1e4/0x540 [ 654.027744] ? percpu_ref_put_many+0x119/0x240 [ 654.032317] ? lock_downgrade+0x8f0/0x8f0 [ 654.036451] ? lock_acquire+0x1e4/0x540 [ 654.040406] ? __fget+0x4ac/0x740 [ 654.043838] ? lock_downgrade+0x8f0/0x8f0 [ 654.047969] ? lock_release+0xa30/0xa30 [ 654.051931] ? lockdep_init_map+0x9/0x10 [ 654.055991] ? exit_robust_list+0x290/0x290 [ 654.060301] ? __mutex_init+0x1f7/0x290 [ 654.064273] ? __ia32_sys_membarrier+0x150/0x150 [ 654.069009] ? kasan_unpoison_shadow+0x35/0x50 [ 654.073573] ? __fget+0x4d5/0x740 [ 654.077019] ? ksys_dup3+0x690/0x690 [ 654.080719] ? lock_acquire+0x1e4/0x540 [ 654.084683] ? __fd_install+0x2b2/0x880 [ 654.088641] ? lock_downgrade+0x8f0/0x8f0 [ 654.092769] ? select_collect+0x610/0x610 [ 654.096898] ? lock_release+0xa30/0xa30 [ 654.100857] ? __fget_light+0x2f7/0x440 [ 654.104810] ? fget_raw+0x20/0x20 [ 654.108245] ? get_unused_fd_flags+0x1a0/0x1a0 [ 654.112809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 654.118331] ? alloc_file_pseudo+0x281/0x3f0 [ 654.122731] ? alloc_file+0x430/0x430 [ 654.126527] sock_common_setsockopt+0x9a/0xe0 [ 654.131015] __sys_setsockopt+0x1c5/0x3b0 [ 654.135161] ? kernel_accept+0x310/0x310 [ 654.139218] ? do_futex+0x27d0/0x27d0 [ 654.143003] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 654.148531] ? fput+0x130/0x1a0 [ 654.151792] __x64_sys_setsockopt+0xbe/0x150 [ 654.156200] do_syscall_64+0x1b9/0x820 [ 654.160067] ? finish_task_switch+0x1d3/0x870 [ 654.164547] ? syscall_return_slowpath+0x5e0/0x5e0 [ 654.169465] ? syscall_return_slowpath+0x31d/0x5e0 [ 654.174383] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 654.179383] ? prepare_exit_to_usermode+0x291/0x3b0 [ 654.184380] ? perf_trace_sys_enter+0xb10/0xb10 [ 654.189029] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 654.193857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.199025] RIP: 0033:0x455ab9 [ 654.202192] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 654.221346] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 654.229046] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 654.236308] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 654.243564] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 654.250823] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 654.258103] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:24 executing program 1: socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) r3 = getpid() sched_setattr(r3, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r5 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r5, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000280)='./control\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r6, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) write(r2, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) 07:38:24 executing program 3: recvmsg(0xffffffffffffffff, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x700}], 0x0, &(0x7f0000001400)=""/123, 0x7b}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RLOCK(r1, &(0x7f0000000100)={0xfffffd3b, 0x35, 0x1, 0x1}, 0xffffffffffffff0e) r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x1ff, 0x101000) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000040)={0x6, 0x4000000000400}, 0x2) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x20007ffc) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@dev={0xfe, 0x80, [], 0xd}, 0x59a, 0x1, 0xff, 0x3, 0x4000000000000004, 0x8, 0x4}, 0x20) 07:38:24 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2, 0x11, r2, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, &(0x7f0000000000)={0x1}) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000040)={'veth1\x00', {0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:38:24 executing program 4: clock_gettime(0x0, &(0x7f00000004c0)={0x0, 0x0}) clock_nanosleep(0x800000000002, 0x0, &(0x7f0000000140)={0x0, r0+30000000}, &(0x7f0000000100)) r1 = gettid() clock_nanosleep(0x2, 0x1, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000180)) timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) syz_mount_image$reiserfs(&(0x7f00000001c0)='reiserfs\x00', &(0x7f0000000240)='./file0\x00', 0x100000001, 0x4, &(0x7f0000000500)=[{&(0x7f0000000280)="396bb6d97c5aea3b78bbd78f26512f2d8622a6c1e7f6d0dd6f9d8c79", 0x1c, 0xff}, {&(0x7f00000002c0)="405330f66121ccbaf552a1dd60b3fd7251cfa61f38324fc69a75cf890f4469f52d4300621169e8163896c8cbe9e83022e2ec803e8e48e35dfd6897e1bac0320268cf187aac60bd3f54f9cb18f993833fb049ad5c33d20987f28d83260a8ddf26ec464a803ab1af581c14835753a8ecfe8fcf9ee3834dbdad772d12aa9a2cc328dde9a464b5f64b4d3b0e7f88a0f2c0d2d3617156bfe02451452a2e16b696", 0x9e, 0xfffffffffffff800}, {&(0x7f0000000380)="518d2131c08b7393c2c691d641cc7940b53af1c230c158081cfff5a2c50681c5d601845aa8fb47f9", 0x28, 0x9}, {&(0x7f00000003c0)="47e64da8587529763bab52bd136237dc930133f4dc0b8041eeb04c9886628e035f4550a83a4932aa6911252f009d2219f32dbd4df64ae6c1918924fdc92e434d91551c68c08a2a8dd982616639618b8e267ccd760d5cf6e0a85738da474f0f4796150209fbf9434214e2e1be65524e912fa7ebcfb1b667ffdd85e1466e61ef6f5c0a4885eb6828a4c4c35ad1a1b9bbfbf118e28ee9c2565ec483bee321dc1de12f04d2b0bbbcb48fe7f400a0a60b91876abb03d771e83749ba7f951a6a12a8b699cb508526d017ca16cc4bc90de716cebdcf99a51159ab7d7d0653acd63b68cb6771dda51b7be6add1da0e279d3464243718705bf5d88cac144f22a5fa", 0xfd}], 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="6a710300000000000000302c7573726a71756f74612c6e6f746f2c7573726a71756f74613d73797a2c757365725f78617474722c64e374613d6f7264657265642c75737229956a71756f74612c0016fdc40c6d0e20341d38a6f11645de269d54f43ccea754805866a95bf316c5131ec9a6d67b4c8cffd96076e8c8d76e8c7e"]) clock_nanosleep(0x2, 0xb8ef9e4c5c28237b, &(0x7f0000000000)={0x77359400}, &(0x7f0000000040)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x31, 0xffffffffffffffff, 0x0) tkill(r1, 0x1000000000014) 07:38:24 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$inet6(0xa, 0x3fffffffffff, 0x0) bind$inet6(r1, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f0000000100), 0xfffffffffffffffb, 0x2000000c, &(0x7f0000001680)={0xa, 0x4e20}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000dafff7)='net/tcp6\x00') sendfile(r0, r2, &(0x7f0000000040)=0xc000000, 0x1000000400000ff) 07:38:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x48, &(0x7f0000000400)}) 07:38:24 executing program 5: socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000100), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) r3 = getpid() sched_setattr(r3, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r4 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r4, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r2, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r4) close(r0) 07:38:24 executing program 0: capset(&(0x7f00000fc000)={0x19980330}, &(0x7f000047efe8)) clock_nanosleep(0x9, 0x0, &(0x7f0000000580)={0x0, 0x1c9c380}, &(0x7f00000000c0)) r0 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, @dev}, &(0x7f0000000100)=0x1c, 0x800) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x10) mmap(&(0x7f0000fec000/0x12000)=nil, 0x12000, 0x4, 0x20810, r0, 0x0) [ 654.556596] binder: 10750:10752 unknown command 0 07:38:24 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000100)=0x87, 0x4) setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000000040)=0xb0a, 0x4) sendto$unix(r0, &(0x7f00000001c0)="8bcb1d585d8f28b13a8e3a05c02b9b734c91ac19d4e5739ea47229d11d7d66bf8482aff8147e3b020000045f", 0x2c, 0x0, &(0x7f0000000d00)=@abs, 0x6e) 07:38:24 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") request_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000000100)={0x73, 0x79, 0x2e}, &(0x7f0000000140)='#keyring%loselinux&cpuset*\x00', 0x0) 07:38:24 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000001540)=ANY=[@ANYRES32=r1, @ANYBLOB="6b661fe4797274a0f29d5ca0a43aba21ba316197f93f6e724d6849db2a4fa90e5e7b1f1650b5d3554153477e57d5417916aa81232fbe887c88189c2834ecb226e0fa78e567dd2988480d18086e5ab34a33ee11c5f7bc0bf3161da485bb0a26defdeaa7aeb6be7e3688986e85aadcd8377a90eab87dcf2d", @ANYRESHEX=r0, @ANYPTR64=&(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f00000002c0)=ANY=[@ANYRESOCT, @ANYRES32=r0, @ANYRES64=r2, @ANYPTR64, @ANYRESHEX=r2, @ANYPTR64], @ANYRESHEX, @ANYBLOB="a58d054a16af4de27d500e22f6ac304040d32e5d9173fc85b6bcd52802b1d8c1542bc022ee94ffb133f92f75c2a2deeadccc160291e63444e1ba36c1c7d968d937882cc0592d6ad8775f96096c67a7f10d0a73795322ed21475fd894d4b60f43aa66ee12346a4f3c9b08b35c4d8b1e7b884dcbdfbe0fc4de083a36192b86291f12e76ad1e997262f91e63799ecd51d181b20a2b879cabc13169d8c4f747ca08cd65afd9d2b58200c641cd5588a63c1384c7b7273f8033c1480db1a2a9c5b8ba4ffb8a3a7b762d0c04de173b73797f586abe4f35fd3fca6218bb3466ea86125e2d6c73950d69396b00f97a4a11d6489face3a40c90b5ec8dbc9a1c6a4c7bc14b896cf15a5317e5a1409f42d174c1e618a648a47821643f9455ccb620f28ddf6c22016cfdac196f5657e9599182c33e6a0002abfd9e9c92c7a2a3e9070f720f8621616190f2681e7f0e36af9de5560d523939fbdee5671e78750b5bd91941efdc7de4f67d6df6f6b01f41830e1d439c76b365156f34def0180c9929ad8b3d9dedb9dee49d41bfb1ecadfcda4c9282fca018592cbaba34c567ae62d59aa91b411d9bd1d79e430620b5dec87514020b8883faeda43bfd99c161d03d67f3544a69062ba09f2ddd918e8b586f47c0cc7f8fb30debada5ed918fac9ffbb54c12081721fd554f252daf313f6d75e0887c1f0e07cb7184050fb57b6c56f98142db9ba8cbde6816120c3844430b8f22a0eb1e0c583124a1a4994434452d115e84334f1a31c948b69446cbef2b004da02eba79662a19ff94d4a6bab4f7334ab71f9c2fe6414300d0ae521a3d0aa9be5019cffaa8faccb408f25a8323e1e5409e454bd62977bb199e9d39ea45365d85fd7b33dc55e3d9b0cacf94adbf521bec9413392acfb1c97f77345884ca13479f8075c7b92c4baa7b4f0dbbb4f400084168f6ba290090289b15324d90d24ceda7d36c51239a51ee33197cd061d8353bcc41b26f630fb32a59cec772929d8b225b633ccc1632218b085e9b0ec9ef6f0f0bc0da793f0170e17488cc3f5ff488bb0365541963d9a8e40770d6c1c9606299363ae7d04627db6d7b4b56ca91b641be144f09e907bf3d93958f459240098c40bd21dc66a3c84c53bb6f2d1ac6403913444cd20da29774f0088ea3c4112e07e634a48ab4dcc783969d94923dd015b5f0ad94c8f5d4cf8334e70d61544e97e994c6189c9591462257ce0e6c1a403464813812131721fecfb05f81b001797eaaf313b6eff9034877f546be76d903f4073b758e16d66794dfb4757d15d0fb4c6cb720969ff7d73f4dad0c1c3175da240246a7ef5e4cb78b39da247a0aa96c0957583970ecbe30f01836d4b08763c711f786ceca6ef60be9c3284fb9039662aa9a144c08ee7a69f3ec007fa5a04ac0b68d6be948635d65ef29da1e3f42f104c792eb809e1e6f5a81657acb95c3dce28f4f3b0e5a4cf358ca12b911a738f09bf3867f26079354521deaee32b36cd720cb51eb988dfe4bf666d637f1514cbeaa62e034d8806eda14d494da3f3dac4305409b7dd6bd20a9b2d493052aa29447b94c6cbf71f06064aea0adfb4b0919a9a8819368c77703baa1f97747096297a04e855185dfbc45522163c81876e3d88bf0a47ee8a33271595f3d62778a1b55219dfb2751e2951a46ccb8e7e09513df200df5f61b074a669a90c20bf1b60e66c499bc1942d4fd3b34762f365368b1b3e4ee9266ed45a4b4c90424d9c901a4452523193de42ad1f399c5bdb3429f8411886075e229a4c1c09796a59e674f7d61554ec0bedec4d0029c6e0617c4ff407cd3d341a54acefcef3209bc7fa894386625b527cb0b8cc0b9bff31bf46c87d919db8e1725e1d252d3b9867398e34ccdc236b68fda6dbc72f73d4d77484ab0bd90acb3332de3aa2c99c2b3cdb89c5b060f65b367e9c1b8be8d66c18e420e40716d260dfafa80fe7bd97813dc34338a80ab59a324d2509a93eda782ee4d32a6268d5df0879895c2b1c9f7f9a653d0971ab7e9b9f88ab39d2de74e20e2c3f00c2c59353753ebd4e6ab8aef065feddeedf6781db7e79acc33a3d007d0c319da002218b7090e4d4164e8145d2335ef85d518b32d5389957a9435adb8018c1a1087788d49293a54a36231b86b3ea56228bfa5550cc4cd2d12c034c997d6e452aa7380f33b89510766ce232cca17a7d03c3ef9e9d8ed3aa9debbabbb203211f354691b9c3d47acbe89d5ebb6c5a9c63434258b7f7c76283b71eac0dd4dad62840888ed1892ed43ebb3b62fd06d1c77516679f3be9564561ebe71b88bf454194874321ed2f1e4f292e82c05a1e630d44753a589720929847a109891c03b85feba66f6f757cc2505107ade88efe40e59164e83f2e537c0e0bc6116319beecc9e70830e336dcd3a45665160cdc7aa12c3e7ee9290741271a4035dd55710398fb44b28d8079010af5b506243375e7201480a233ca7c2574c5a842d0daa4a45c0eb4e6679ada4a3d1d27238ad059efcf563f3943bdcaa1b44408c37387c8875141686073c8ec562f2cae8345d36df5a59e2d618a8ea559cf7a2a3ec53f95792e94dfb38ede2eed87b4417ff736074cf450beaf4f8ae30bf568580d96bd9858c735d08d3b83703dff25851d033bb6863f34bd9c385fa425753ac22b083b8bc3e63343c40b6f6d791e70990ddbb60fa85a0c3b1dcaca8449829a00e2fb8d5b5a4f22540cf3ccf54f0105f765c736c4b46bf2ee1f734b92e1e4c0f62dcedd5c62d5b5693d70c249f986afed4568db0044fac752acb990da9112514171f1ffe34893864d238600fc6720d7c3501d9bedf3405c3e7d5a97361434581bbeb0620eed1604e7ab049ca05c2ded4f056dec79243ec24cbe57131875e9c6c861f669443cfefb953ffb08511e16f202572e2c36b8ed4f1e573fda4ac8d4a9d972bd83d4ea01d73bce63ab1a15eab34f408d468568ac8d8d3c051a110425200ceac251128765b6f2c627d85f759f9ab38f31b2444c421e575c8891d43d8ad1f7b12150d533f5845e65d547925dbb86b02f0e3a072d3d633606b4a90dfb4cc80d85c8976912ca794181ae848d59c34d839e40b7f9b6f7b3669664aac3bdb285bc1511d40b9f8b933377ae44d4c1b6237b328fcbe32e2a4acbd1ddabab9f3fe79ad561f19a45858e4e96cea7c0f8e13c80c3314c1e4656d7fb887c1d208fff6879ccd9399ea5522c02adecd013f864855fc8a63e614fd2a869d0eb33ef1c6b39b4616887aa66ed26cb7ca18eefec1a402bdf6dd2e3e6683d7a7f69024979385627dfad9f30ceb33101acd7b9dc55bd89affda6336bf4fe827a6f98e0d18edb93f61f1b32eae2776173f5d7df654e214c4497bb1c41e1dea4ef3584f17913baa75e2616f93a958eab7ecb2574e7046939553d858e467bd222e5e9f37aa162d7e5c5766ea3b436c21d16c5e4e29794b08d4705bbcfe35e628829910c929083c11c5b195cd90fc1ebc740a11ad5e8c2e337a3c051c75b4ad349306bd6536a4afc794f846d1b8fc9616d0fd6404a25ca0fd9f5758b709af451c1ac196052f04293e21e7b518da66d69aae3ee54726d2195f7cd40039eee0998414c76f97fb2f8b85ab32ea602a136043ce5d992342d75cb587f1d3c68cba52d3fd3840d7c20023d5bb21ddf501b766cb660017f66696a50fca7447b9a92712af2af5c430ecd10add8486060b52082f8e62e7e0b393cff7c2b98630c945629a4c320cb09ef544f14eaad3a00005840dd74e4eb3ed50f9006bdff8c534db227e4ac03bea66f3dbcad43ab13c1597947530ef149950e908b16262553bdf40c61c450591ce0f6e7bcb5bc780a56ce574814554e51696c082f1e74ab8ccba02552df4224c833ef127294dae9c41026fb50ce32ae05b368b026d1aca85dbf7549cc2d9773c4804d4571931c5ebe0cf583646e93435b9eeeabb48f16805f324b439d21cf414899172f1fa7510dde150e3e7a9ccbb8fabace41681b348c43f98930cb81d00dc3853ed46c5d662de00fd6ae51337cd5a12ccd74013fbd1ee469fd97724e683edd1e9ff669d2c9c9817e1940e59d2d9f9c2c570631960da1ee9ec104f32a62b619b2fb55a738318c01eab7fb444f6f40c259f8dc6e9040ca1b0ce4e6c17d58f34eed874f48e72e9dac2b831b6559e659db7882c5fb465d4051462c4e78cacd7d8a29669c6b1e0c464186a8d683c2384530fb45440809f953342698af36ed038ad243e380c3d77c9bc2850535b3fe5e0e493d1bf37cabea176e5356a2ce73b41ba28054cb880b9722170173ac0bea445d58a617e1f5ffda211a8ef053e6ed982450ed2e716dd0ea2fdc39420c2f6562715c1d81da12574a125ea6715811c3cc378e4e25183de16bb8fa5f8953923890a74d0daa08e34553dcb951a9cb0013e09636f41c1007e45d397072106a001c3157924f8cc18b61a00acc1f6d23d826eaa3991cde4fbf8c493b47f13ff70930103b494edf702100b74ec96ab65d288323f34e3e7afb19ca425da96c285b5377dd5973b457f29f458e721847bef4465708439ce9459272d48ebda00667af475ef94c89c366661996b77053d5ddd17a47e3034e20509559f3b73353347ed88caad2eec8a853738680d608ef0f372c1a60011cb4b97bd7a0bf57fdd8c8cd9ef5dc65fdb0b010e0e1af31eae00b0dd4705b43603d4e8dd497b178e578e8e539673b3be98ebdf65e8fe17b76fb7c5e95ec72892aa44b30f46fed400f2285a2c2274472d2ebf7fe4be9ea8ac97870a855802aac54289b531c9c00a411e9aed50e3a93573b3424a0d09f1d64bd6cbbb5ae8cd05e79f0aa7eac68dc6e7f20db5ee7bfa4dee45e675d476bf3198d35d1220b79da3dd3c088234bcd882d985ea0180790a559c41f1cb27b3ad7e926c7a6049aa9bcb6ba7813aac1c5690e0ff13287a39274f7a46ff3ef77297f757d5c610b5ad9a91513fe84190e9e4a23b85b0bd12121e987a55d47fcbf259abdd240381b4055e59e20dc50f79b5ab41e8334722a9d8501b9dc94367e761efe00a84305164569c259ef27174d7cfeeef5727188e29197a9a1745b839396dd9005ac0b11981b276bc60e2c713db9350b7d3dfc00b212934b80d368bf3eada05904af6379277136dc5f14523fc28657810ca1caeb1cb33fc48705fb3f7d491b7622be9fd901bbfbd2b8a72963960da18a4d41f6afc8e413ee41ba9772859103b3eecc26913470ab8cdb6d32847f9b29d6ac13ecbe24b4440a818be16a9107912064e6ea086b191a703c90b93c2cba5f98105998d71105b7db13480a05d535226574da2f5e5560ca7c1790c04e43af0472bbbd6f9c59158beae45e62ddf43a0e5699ec231168f9a545ddd5e3d743168967f8663f69946fb7333e11d5344397e1e92737cbf26771f58e4456c5dac9f14aacbca0afaab45da3620ee3b28d7d6613b55e49484e5a5cd87aadef95ac18ed8a94c359e18ae924c6f95a8eb77fe5c43a0c146c4d342dcc739568348de397df6cf756dd7830181c4d9bda10c56320a435896bedadd8c08d0f8324c454891414fb945c9ba7851369f737bc47651fc125ef1c0149bd5544b4579d19e606c767f47e44c21152c8535cb41d5ec76431cf6985b39f24849414a5def15fa92734872d0836324d95c016a5ad72ac70b4590dcbd8c4557c144e859dd5155504f389b13e1291e594b58d451505a96176f71e96aea31dfff08e91a7d3efc9bda4e68529c2c23beff78c3c19f99ffe09fdf195537ded728ebf0c43043d2b6eeeb72580f60901eff819695296fae5ed33b44a", @ANYRES32, @ANYPTR64=&(0x7f0000000340)=ANY=[@ANYRESHEX=r0, @ANYRES64=r0, @ANYRES32=r1, @ANYRESHEX=0x0, @ANYPTR64, @ANYRESDEC=r2, @ANYRESOCT=r1, @ANYPTR64], @ANYRESDEC=r2], @ANYRES32=r2, @ANYRES64=r2, @ANYBLOB="af1b4079599049df78d1b3cd2d71fc6b0b59b5de6ca099e38e7581dfa78a012712e01e922bfbdc758f6a5836b0f88048e820f1a4004067ac3fa13ad4bd45e9b9a3d9f7316c5afd4a6f67d800d77181a64574074d83f4258a793a8a381431b10627b826ea92556a10a047546966f65be9a47da2a32af5d226977b11786519d5d44a66ae5626054b2bdd33998b17d0ec77781ab5f1015d0b25eafdf1a1e11694fa77b9bf845031ecaeb346ecdd70549f0f778cbbe32722d9fff855346adb8fc33a1d50b315fdcc27971e48bb193eb7f8bcfab5196e75c92777bfb36176fd7ef4", @ANYRES32=r0, @ANYPTR=&(0x7f0000001400)=ANY=[@ANYRES64=r2, @ANYBLOB="17d8e95c06a9724b2391cbbd1314c0243603e27aa9f5a580aea66d256b82734876f06b2346fc29a1905b3c47e9c742128337d735fca4629a0d4f4398ec19e4ed8a3d8ea579f4d4f075442bcfec43d3e39f8e2c60d6aa86685922f2966467342f4cfd699e67140346d9a732773cda6d680cfe653d25e1ffa4616c55a29687251224f61527cbeeaf567f0242d12d56d88e2b4ae5fdb8783700c69c573a00724834ad7ff5957056ca576fc2a070928a37a5fdd6b4de6d99fab312afd47946b20e00a87bc5cae13f732475b580c35825dd3c1a7bd396a594f11574b899169d02a6164c431c47e928776a7ae176", @ANYRES64=0x0, @ANYRESOCT=r0, @ANYRES32=r1, @ANYRESDEC=r2, @ANYRES16=r0, @ANYRES16]], 0x9) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f0000000280)='./file0\x00') r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) ioctl$fiemap(r2, 0xc020660b, &(0x7f0000000100)={0x6, 0xd2e9, 0x3, 0x30000000}) close(r1) [ 654.579318] binder: 10750:10752 ioctl c0306201 20000080 returned -22 [ 654.590823] binder: BINDER_SET_CONTEXT_MGR already set 07:38:24 executing program 6: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000004c0)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[]}, 0x1}, 0x0) r1 = mq_open(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x100000001, 0x0, 0x7fff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000300)='afid') preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000009f7c)=""/132, 0x84}, {&(0x7f0000012000)=""/252, 0xfc}, {&(0x7f0000012000)=""/155, 0x9b}, {&(0x7f00000001c0)=""/11, 0xb}, {&(0x7f0000000000)=""/102, 0xfffffffffffffef8}], 0x5, 0x0) dup2(r1, r0) mount$9p_xen(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='9p\x00', 0x8, &(0x7f00000002c0)={'trans=xen,', {[{@afid={'afid', 0x3d, 0x5}, 0x2c}]}}) ioctl(r0, 0xc2604110, &(0x7f0000000000)) 07:38:24 executing program 7: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) r1 = accept$inet6(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, @mcast1}, &(0x7f0000000200)=0x1c) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f00000002c0)=0xc) r3 = getpid() sendmsg$nl_generic(r0, &(0x7f0000000600)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000300)={0x2a0, 0x2a, 0x200, 0x70bd2b, 0x25dfdbfe, {0x4}, [@nested={0xf4, 0x8, [@generic="ac3993fcbced2698af6ecc23edb883a1e09f110a8743a993870c018948421f66cc40c31e208af307c25d972978e120b2461fc522a50e2c620158367b", @typed={0x8, 0x75, @pid=r2}, @typed={0x8, 0x2, @ipv4=@dev={0xac, 0x14, 0x14, 0x1f}}, @typed={0x4, 0x74}, @generic="ebfba5aaf7a5815ee2b9e85f2af0df39468e99fbfe53d8460f35c218", @generic="e9fd3d5e30900171cdd82263fe560f4a3554e7f03bc1c944c80e4f2e11b4c9bbe43345ef08c39b3df92f57a34a447f6da692cc74d4b193b33aa0d7d15919c947fdb55d31c31da8", @generic="c6ea0af8af10179e76b0d0a36d36a66b8d936e9b49a10c0bcb5202fd5d6b", @typed={0x8, 0x31, @pid=r3}, @typed={0x14, 0x93, @ipv6=@loopback={0x0, 0x1}}]}, @generic="e89d534ae69ab54d2cc18bd3408ff12fcaac06b0f8836d523df0aba565f0bec9a81039dc19dff89af2590903b6154ffd5b98f782f09beae7d9a3dcf54275e0d6438aa1858f04fdf0b283d7e0e0eed3054ff6fb78acf4787274e1bae2dff114b2317a0042c856157180e9062298df45a1608cfdebf010221e702d76e4a45aca", @generic="462765577d67dd5cac53a73fb13b0e88a8f3b4", @nested={0x18, 0x69, [@typed={0x14, 0x7c, @ipv6}]}, @generic="afe5d38e815ef546c2c62344a1bab9d0ff2ef500882bbf4772b5c74012293f3ae34cca92a8a978589b8a17b2161ff40a81300a923f88719abd634c47fc5fdf9507e5ed04411c863fe955327eb3fbd95a7f7b65eacc797fabaf8de3100ebe2043192dff683300041258c5c94c1da35a6d6f9f41b0e6fe05ebba8b15f0fe87edafd027ede74c16788d7393834cb827bacd597aae788667f7ca4ba5d7f4ee7174e3706dfccebb8e13efc435824bf2238862f1a304cea657a72f950c8333382105fcedbc6b28333319febac360e9e0097943469e4c11c06653a6abc30d961e4e817286ad609909f3add9e81a3310"]}, 0x2a0}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000000c0)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000140)={r4, 0x1, 0x2}, &(0x7f0000000180)=0x8) r5 = socket$rds(0x15, 0x5, 0x0) getsockopt$sock_int(r5, 0x1, 0x2f, &(0x7f0000000000), &(0x7f0000000040)=0x4) 07:38:24 executing program 3: r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x2) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x8f, 0xff, 0xa5ca, 0x4}, {0x4, 0x5ab, 0x101, 0x4}]}) ioctl$int_in(r0, 0x80000040045010, &(0x7f0000000000)) ioctl$int_in(r0, 0x80000040045010, &(0x7f0000000000)) 07:38:24 executing program 0: pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x84800) ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f0000000040)={0x1000, 0x9, 0x1, 0x200}) 07:38:24 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) read(r1, &(0x7f0000000100)=""/114, 0x72) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0xc008240a, &(0x7f0000000040)={r0}) close(r1) ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000c22ff0)={&(0x7f000001d000/0xc00000)=nil, 0xc00000}) [ 654.634448] binder: 10750:10752 ioctl 40046207 0 returned -16 [ 654.661481] binder: 10750:10767 unknown command 0 [ 654.672293] binder: 10750:10767 ioctl c0306201 20000080 returned -22 [ 655.390000] REISERFS warning (device loop4): super-6502 reiserfs_getopt: unknown mount option "jq" [ 655.488053] FAULT_FLAG_ALLOW_RETRY missing 30 [ 655.492620] CPU: 0 PID: 10763 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 655.501094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 655.510427] Call Trace: [ 655.513002] dump_stack+0x1c9/0x2b4 [ 655.516614] ? dump_stack_print_info.cold.2+0x52/0x52 [ 655.521788] ? rb_erase+0x3550/0x3550 [ 655.525581] handle_userfault.cold.33+0x47/0x62 [ 655.530241] ? plist_check_list+0x7e/0xa0 [ 655.534380] ? plist_check_list+0xa0/0xa0 [ 655.538518] ? lock_acquire+0x1e4/0x540 [ 655.542489] ? userfaultfd_ioctl+0x5430/0x5430 [ 655.547062] ? trace_hardirqs_on+0x10/0x10 [ 655.551289] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 655.556637] ? plist_del+0x4a1/0x9d0 [ 655.560356] ? perf_event_update_userpage+0xd30/0xd30 [ 655.560821] REISERFS warning (device loop4): super-6502 reiserfs_getopt: unknown mount option "jq" [ 655.565554] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 655.565572] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 655.565590] ? cgroup_rstat_updated+0xe6/0x470 [ 655.590014] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 655.594413] ? update_curr+0x200/0xc00 [ 655.598290] ? reweight_entity+0x1100/0x1100 [ 655.602689] ? trace_hardirqs_on+0x10/0x10 [ 655.606907] ? kasan_check_read+0x11/0x20 [ 655.611042] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 655.615606] ? compat_start_thread+0x80/0x80 [ 655.620015] ? lock_acquire+0x1e4/0x540 [ 655.623980] ? __handle_mm_fault+0x3a38/0x44a0 [ 655.628553] ? lock_downgrade+0x8f0/0x8f0 [ 655.632690] ? kasan_check_read+0x11/0x20 [ 655.636817] ? do_raw_spin_unlock+0xa7/0x2f0 [ 655.641209] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 655.645776] ? kasan_check_write+0x14/0x20 [ 655.649991] ? do_raw_spin_lock+0xc1/0x200 [ 655.654216] __handle_mm_fault+0x3a45/0x44a0 [ 655.658620] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 655.663441] ? __sched_text_start+0x8/0x8 [ 655.667579] ? retint_kernel+0x10/0x10 [ 655.671461] ? lock_acquire+0x1e4/0x540 [ 655.675426] ? handle_mm_fault+0x417/0xc80 [ 655.679648] ? lock_downgrade+0x8f0/0x8f0 [ 655.683779] ? lock_release+0xa30/0xa30 [ 655.687736] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 655.693180] ? mem_cgroup_from_task+0xcb/0x1f0 [ 655.697749] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 655.702486] handle_mm_fault+0x53e/0xc80 [ 655.706528] ? __handle_mm_fault+0x44a0/0x44a0 [ 655.711090] ? find_vma+0x34/0x190 [ 655.714616] __do_page_fault+0x620/0xe50 [ 655.718670] ? mm_fault_error+0x380/0x380 [ 655.722797] do_page_fault+0xf6/0x8c0 [ 655.726575] ? vmalloc_sync_all+0x30/0x30 [ 655.730705] ? schedule+0xfb/0x450 [ 655.734229] ? lock_acquire+0x1e4/0x540 [ 655.738192] ? __might_fault+0x12b/0x1e0 [ 655.742246] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 655.747087] page_fault+0x1e/0x30 [ 655.750532] RIP: 0010:__get_user_4+0x21/0x30 [ 655.754931] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 655.774069] RSP: 0018:ffff8801965cf538 EFLAGS: 00010202 [ 655.779415] RAX: 0000000020013e98 RBX: 1ffff10032cb9eae RCX: ffffc90005630000 [ 655.786678] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 655.793945] RBP: ffff8801965cfcb8 R08: 1ffff10032cb9e84 R09: 0000000000000000 [ 655.801199] R10: ffffed0038d4cdc1 R11: ffff8801c6a66e0b R12: ffff8801c6a66d80 [ 655.808452] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 655.815738] ? __might_fault+0x1a3/0x1e0 [ 655.819789] ? sctp_setsockopt+0x1e13/0x6db0 [ 655.824185] ? get_futex_value_locked+0xcb/0xf0 [ 655.828859] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 655.834564] ? trace_hardirqs_on+0x10/0x10 [ 655.838783] ? futex_wake+0x760/0x760 [ 655.842567] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 655.847739] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 655.853269] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 655.858352] ? futex_wait+0x5d2/0xa20 [ 655.862135] ? futex_wait_setup+0x410/0x410 [ 655.866441] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 655.871624] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 655.877143] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 655.882242] ? futex_wake+0x304/0x760 [ 655.886052] ? lock_acquire+0x1e4/0x540 [ 655.890014] ? percpu_ref_put_many+0x119/0x240 [ 655.894578] ? lock_downgrade+0x8f0/0x8f0 [ 655.898708] ? lock_acquire+0x1e4/0x540 [ 655.902666] ? __fget+0x4ac/0x740 [ 655.906103] ? lock_downgrade+0x8f0/0x8f0 [ 655.910250] ? lock_release+0xa30/0xa30 [ 655.914209] ? lockdep_init_map+0x9/0x10 [ 655.918254] ? exit_robust_list+0x290/0x290 [ 655.922555] ? __mutex_init+0x1f7/0x290 [ 655.926509] ? __ia32_sys_membarrier+0x150/0x150 [ 655.931244] ? kasan_unpoison_shadow+0x35/0x50 [ 655.935804] ? __fget+0x4d5/0x740 [ 655.939235] ? ksys_dup3+0x690/0x690 [ 655.942929] ? lock_acquire+0x1e4/0x540 [ 655.946884] ? __fd_install+0x2b2/0x880 [ 655.950848] ? lock_downgrade+0x8f0/0x8f0 [ 655.954975] ? select_collect+0x610/0x610 [ 655.959105] ? lock_release+0xa30/0xa30 [ 655.963069] ? __fget_light+0x2f7/0x440 [ 655.967023] ? fget_raw+0x20/0x20 [ 655.970456] ? get_unused_fd_flags+0x1a0/0x1a0 [ 655.975020] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 655.980549] ? alloc_file_pseudo+0x281/0x3f0 [ 655.984951] ? alloc_file+0x430/0x430 [ 655.988736] sock_common_setsockopt+0x9a/0xe0 [ 655.993210] __sys_setsockopt+0x1c5/0x3b0 [ 655.997345] ? kernel_accept+0x310/0x310 [ 656.001390] ? do_futex+0x27d0/0x27d0 [ 656.005175] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 656.010701] ? fput+0x130/0x1a0 [ 656.013963] __x64_sys_setsockopt+0xbe/0x150 [ 656.018355] do_syscall_64+0x1b9/0x820 [ 656.022224] ? finish_task_switch+0x1d3/0x870 [ 656.026697] ? syscall_return_slowpath+0x5e0/0x5e0 [ 656.031617] ? syscall_return_slowpath+0x31d/0x5e0 [ 656.036538] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 656.041537] ? prepare_exit_to_usermode+0x291/0x3b0 [ 656.046536] ? perf_trace_sys_enter+0xb10/0xb10 [ 656.051199] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 656.056026] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 656.061194] RIP: 0033:0x455ab9 [ 656.064359] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 656.083504] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 656.091194] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 656.098444] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 656.105690] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 656.112940] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 656.120191] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:26 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) r8 = add_key(&(0x7f0000000140)='id_resolver\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000002c0)="bd11473311ef9f8758a846d0b476ad20f5bac733ec6f8502aa16593bcc6407829c099037184afac5281ba8fecf68c5c049b84125083cbf22b546ea8b9def2cbdbff8e5ce68a14bd6e9838cbc424b8537daeeff83d40ed9fe3069a66815ed470cc42fe3da4657b9e8e51af0fe52116b703e8d7dea7369d90fedf3b8959cdc05eebe054f4710e14d88e4fd5ce9c78ad3376e49ee5b209cf39c549b705c528b68928b50b3162282a55ecbf27779cbd9074e021bc10d60ea32fa0a1d8c1e441cf5d63b01dabbeb30e668c58e964d3a2647d46bf71f05089e", 0xd6, 0xfffffffffffffffa) keyctl$read(0xb, r8, &(0x7f00000003c0)=""/65, 0x41) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:26 executing program 7: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x40500, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x8, 0x800000000004, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0xfffffffffffffffc}, 0x2c) sync_file_range(r0, 0x401, 0x5, 0x6) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000400), &(0x7f0000000080), 0xffffffffffffffff}, 0x20) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000001200)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r1, &(0x7f0000000200)="b8c4fc032b69d181cd4a07f1d8397ac96863391615750354b684f2837b493bdf85729b750e14a850eb1833f449df227ce3858922fe4059c7250e315fa02a125fe92ebae167d8ea8b16e35d9af61eac1edee39037289c0a7d863db861b6a1732161f6a3836c223750dc32b83a4f14d6f81eeb07d69ea0d8dfd085661d25f6a3ef7a6f335e9efd012afc11ea4ea42b663aaacf38991fe514353233f5fd7103addf8e8ff0867612b1a153ac29f2dc4452dad4a35883d3638247fcb39b0f1cff4a289c5ff77df8f25d67c822416f4d7d4f5f771f3100bfc51cb8742cd9ac9481fa895cc450c14280ebb54e5418acdfb8b30268da8422abcf82b601ab177094b85486b831cafb9c2e5b8e54923f813c976f3a850f4264e1881625290cfb430061e26e7e35f1815dc2f2a02dbb95ccb6476ee57e0566afd7fac38e247a9a91e990a2e8a0272643dbce3f88bc25965c1fe79dc8262a41e320a2bc3656a98c06124eb9373691f9af2c321d3b88187d40d3515ed76ea8f2026201291d3ee174d4c18efd2b2a9d9e03b0f81f5444bb51df9dd0a630d38a7df27fe1162e296544eb53b6832b03f7eddcf38c54b477e219f3025cbe39f57e8d787425e2d98e3bf9406b69b7e55e205c803da0bcfdf675390206e64aef00904d69f2dc62ca6397decf823c4284e2c311558922b7bfbc42d33053c417060c90fd72c63f6ea72077884cc5dd72776352bb8d9bee152002126c7dc33b6417944e50197c0eb508eeee9c322f167f896e951c85a9b81b552bd05286421011b246cd038fb1303056a42668d37f77e7f2542f2f4c2a6b648e60f3aec7e78459c3907d532728847f77fe40bf1a853307558d232d6c4df22489805d9b65408d18229b6fa80f253087d4c07b9bf88a0e30e349091e00170b52153571d5beb4e40be0b1b4bf9c4309bf4462751bf10aaf308f5f8d6ce5ca696d2c1187ff3b09ffd4620f942f1678fe09daf22f43cf95767e1f2f9801fa9bab76bf0b477548544162d6d066f7fa2016808d825c925ef9aad6c45f34efeb66f3065fdc4de682fbe876ed531a5c303b9d57e9f2b23f443400a4a596fc16738478e0c1544a69649117b8471abcd58ef01e3612d39e22887c0d6400778ccc490bda767e2b2f5de9b07e76f7a8a095db4bc5719081047ce6073d9a6d77978e450f9ce57faabdd2488b327950ccd851da1bad21653a776343803c0b12f55b79f0568312d40a3dc2fbb1f56d8c65cf880ff464174e967ca09bc623fb97588cf105d118d0b48f55475240f8f4afe9afb8f5fbda99768fd003be4e56ccac08d8f89b6b82917c6af9d23ad9a77856b9a0718d8886a0c3d69d8e128ac3370af309445b49963a92f36f701621f44decc7229b64fbc4c8b5a0801c37d7516c8d736f69a7f2406ac549d43c302f9fdaa94fdc276fcd7c2130c421393a387e147ae440f650bc8f51cfcc0ba542a0f23a992423758a9867516ffc4d8ad4ce49fc1767763c132fad1c2d880da1296ec6fd6591c4f5bf256ea5da1609ffe026f30258babaf51efd02852dd25534cfab1e44a6fd740a55847e4406f733099725fda9dca38766edc931cd2478a6f4277ee453a0614575f6ff0b8c01c2a770f112317edc21815431c810b9421ee803e3acd8d542645b1ca235026e74dbf828c6c928ea48de18fbe3605f69fa6a3e98eb43a71a5d295cff201febf98fbd2913576de0fd057ae70dbf7fac1021217102cea0a3e5d27a9b18698bd06afa0d8f68fa2552d796f5e623b2704edafe27753ed11be3321e41330cacb0b284cd3a64c546e0602f3a36bbc1f1d83ba933b7c45c42390de1240f13566f4ec66a43fe0fdb3ab81e116932261d10350f265db77295df15301fcd7d5f715d2aaf3a9e8a1b6c9bd3448b5c9980b05cb22bcd8128fd8cfac99de0557217ea30bb55eb78df129969d04fc4daa314e78ecd653f985161979bafde44c4997816560bff43a1c39a2e7134e3e4cb2c2d8e81d07589b8312091216f8829277db75c9ff739a03b479acf0a2146464cdaf3a02c3f1b821932ad40b4f94379b7212ff2169182c5a371ce8218274eb90fb9a24c56a432bf04cd7f25c54cdb6c62d502f6022397faa79ec20cc9f29c3a3e5e6ca1ea825c85fa5054e2a9f21901c146aedb1f8d0ac56acf2a348c28e88f3bf639ce782f422fefc60c9f9eee58b7e9daa848497879ff7fd045d6e7057018d42d536f9f0588595eb36e26fc2e060ad98cce8a19d5fec4c7ddd3a96d3082bd933de606639d95748373c64b9c3baeedda39c0f07dd9d45b92a36137c479dd18c4966967a7c00d24b78385543a5b0ae9e8fe189e80f61ed53be5dc3566e4acf5ac3bd58c4503282dccaf64c39d383248768f22ecb4ef754fa0c13000b71472e0e4e172d55aa17c6773907b6a7b2965ec44c0e44825aa8422794c3b4566b1a3201c3f881cbc475fa63e4966f500fd7bee1a552e984b61313482ab3e7138f6cbb88ee42934be12dcda1990a1a6b8a2c7df9f997a0fd6ecf0d160f2781babd1dd62dfd941923c7ff60430a8671677344245b997f65aee6329d2ec19da640d7feb5d31d0e768c8f6889a20f0d314768aeb43937046bdfb70708366ed1c694c4e069d00c0b081fb68affceb3c1ba4c55063a1ffc74993b6162262afe8380d2bfc6ae82495fbb2c8b98207125600a370d25a0227d8edd8b66e2b5122c75fc00d596d741c0e1c28d48f1d7b8cae7bbb4b96037a730bac32b6f43ec7b7e71bff97e1c38fe1f73f7e9fdfbdf7779d4d2aca54f5c753fbcca391af8df4478529e53acaed409058a873158ae91c73dae3d6f544f667b99455de28bb8b006ad878d72ae4e2461b48e4b069c1ebe965a33c60e0c020f3354540c92bf7b31721b35facc7ffe814b9923aa64ef26e09030e332d14ef4a94840ecc5823be449a75fe2b803dc5ee52ff5be34cfe21232da06c3e9fb1e8eb4e3234c7e98b5ff12f38e3fd9d0612c529a1ff11304057f56bd3bbcfc55b6650c8e3af9bcf0e052d19cb1671a8ccade09f973995c1c2f9451129bc87d7fb83b353c2cdde452a41b802d8582de7a9e1ea2f307b478dde3fc7890491ee5cef13644700ea9936fdd354e4586057e9ecce5497b7591210d04b69c23a7d32b73b45cf9dc8a2e7bd58733a509ad9d412a4a86dba5ebc6373649fd34478ccda644044b3d53fa8f7286a335f25024f1049baa13aa3a38f219ae250e958afce9c150f5d2c58d63e3598a0de108bab95a4f47552a104d5a81a9b6ba85f27a89c1ddbd52dec2cd59eda5f51d314e7553e5499dfb70f66d40c2b88a0826582e4dbf42c7db9b409a72ef42fae3055a5d9dfde77967da179325c6885fc68390abfd989b63fcef165c31c0ee81d3028555e4cd77b9638c82fa12542d84f05095dc2332ce8dd0ff399368e938425ebcb322a03219457e7e1e524aa35a63bb3dcd9f3ac6ca37295247e9f763943fd4fc22d7720fa3aabf5b16407b16b949eadd03f2174051c394f6f545e01edc926f2ae18aa738b5eb3a52df433c454af76db7b4da79b7c44e5feaa94924b9519e18ff0f60cd88ce7bdaeb9cfe45cd1cbb887aeecd37e0a5ce0be1badaf4fc1d78f2017a03fcbce33f7d3ec0d4f16bcd4775dd68828f9c06e496a1af400a14bac4af99da6acd28158a5c26e7c847d12f0e93af088c2391549ded51fc9fb29eb54442c83cf5b5cb31e1060ffd0528bde5df09a19ba49163fbf37b671d6be7326947db0805abd1f8550b528e2abf7fdc35dda8b3a2b649179eb6be1cd4d3d6e7e659694a07f5cedb369aecb61f2f51ada92a548196c9f69a3d27d42351419eb94c1052de314bcf14a73b637bfc67db1a7799af2ba96e946e556a0fbbe9414a3817a99ccc69c55921cd2c919ef078df3c3b0c26c04d7d4314a86e267f9efc111097ff12fdd53a6d4822626d02eda10dad87358a818f488fa347cfb21f6baba7e92cf9f0c6b074d2b67f62a3555d307c2609223f8e3511e72820979c671b5b036d31548b2ae7161fd0b6516b62479b16315af4b1d3d16728636c29c5998ad257ba67c234960f2d7d283d0eb1979c2581cc4cda52d84339ef871c37b3cb8d50e87247e3c0126c450ed0ab512d8bb467fd90e913cdcd728f7dbfa5b7ea154b749d25d1430ef73906ab82b58a37a47a15a69f61fe8fc17845b5019312263d40920e94a89c2faeef34b7de039501ebc6771817191293e37a2ee46a78941a89c82e38c99c4aac24818e2c0c27c8f692a5fba567bd080a32a89cf827af9e2bdb325952078e89c8e9e2fdbf5c6a16ec34c1e9af7b84532ce08d1ff1378f5bc4b4ecd514a1dd6c31bd68f148335e072ac86fe6b2612317c6f4c8c7b5247a1469a89b3d4f58b8784d1118dc5a9d136afa6bba47905e64af0c300550cde42f163c04bb7c5467cf73f3b144aeeff6ef47156297d0af6475e03d2363471e22e648f06c729121af453eebccec4fe6c2c6996684a08ebcb5c9bdc13894fbd115b541f2dccbbe7cb85588ada8384fa7933a01eec1ed9355cc2464f207735c980010a2ec34343cb45bd3b4b6bcc72e10e6f299122332694ff473a23dcb537098a3c18f0c1f57bda9715ee42a999f5c274975db124539480a6e97450e4eeacaa5bac2d5d5db768ce38bc12642022867682ec29c543afa84070b31d31b6fa3e997fc843e4a3d865092eb8bd7215e2c5c249862e2c7b12cb7ff8c3b8c87db1bfd6fad9d6dc30419aa1eca1acfe430ba21f982511bb35a216a797a54ef389a9e6bf0f2fb39ea8967cb68384d87ace16a6298f0568c1929a5c929dbad5a0572f9c44237b6a156810e4fb9cc5e66b6eda835fd9d95999e4d9ceeb73ac174cd10eec378176a530071dfa3fbfe0a54e8a84eb4cc976710a44a67e1ffd7ad076c8f0f50b313cd0fab79a4354dbd8e690b0134f084d51ec24a8869c5f8f126269d09e6a6b53d1eb654af742aeb87e843c49a10625143f4ef0ac077455e92952cb19d290d1bdcf15ff06db9d67ddbb1a63c3745865d6b44fa8a4ff11d2c557a40e7ba57dd790b40f8c9a4cd0928af9761820a945bc7ab91961a10b4ae77bc0e1fcaab8d10b69d3c8d7c9fef55719bd6e7a119693809976693f068ffbf11dbd214f28ccda249a9207ce6e5b38371f7f41dc92b884dc85b19e77eac730746fc8b7a6829f16baa284c1b40f5feca6b0747df076e7441f7903ee169c667b0a0ece4256b8fb55d5a77a20f42398aec476fa31e85d5fd39508b8254bebac97ff250ad0684fe091ca8ebbda3256fb6bc49bf4b90c8b13def57925ad262334a43a9c3adbb9c6e4853237b1e0f3ebd199b653e3011f37959dd797bc6853af52e30d0b545a98c6995f1780685f7bbd67ef3fda41b42c4e9ecd09045eee021ddf10f92a240a3adbf93ed966e1e213ece7ca568f00a310daee868c46ba4531c0c1e1cfd9c51d52cd58b2d0f892a9da561ce6e2fd6a028b959f7b45a2c785ec2a5d7e9b418d0e5268be41ef2cc7d3c6f76f5d33ad2f214272af435d11c3584a7e169ca8eb3db1f8d7d15104a4c996415050d15f2c2c3bcd8948626040d0b13cc6dbdfe56a683dfba236bd3ef94fdf1e58360868abbbcc85615a1aeefab936569739404569c4edba91431fe3c5bb56cee268631a83fe849e7ff50a21cff77c6cccb28e097f7194113b27570171e33b15360830410083a64a9349445e0b904bc5cdbabc0c626b2fd22e23cc1f4d3dec6f71aa91a2eeb0a3e51db1e5298ef173a3223c86edbaabb87d1c44a9fe45d558a59c6134ecd110b5ba4e2a018b2a53058a9a884759", &(0x7f0000000080)="6a73ae4559d95d3120902902709a4d5e0167f4d37dc710478355e2cb71cf0b50361c5d26703915b8c68bc7c8c55c565bf1d2c7c12318a37c6f78c50841238b513e9de7ef86d4112050f2974ea927a26155d1a11d8dccbdbd2a374c9a374c1f0d29e6855b53cc3308a87a3bbb33f8a2d8e24e9235b657b5638fe6ad53282525cc0bf5513b7fb4810288a4b1cf715fc5aba18072161fa5956332419512dcd2e33ba5073e96afaca590ab8cccb9583e7dfd620bf88047d1055ffad77bb2123f1042d95e45e91fecd92b856e5e7b7e330693538d3202b9d4d77388d71c08a9b7acbf18f2c6ae7c73e46823c99f8d0022e174b743"}, 0x20) 07:38:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x2000000000000000, &(0x7f0000000400)}) 07:38:26 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000474fec)={0x1, 0x800000000000003b, 0x7, 0x4}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f000077cfe0)={r0, &(0x7f0000ab2000), &(0x7f0000da1000)}, 0x20) r1 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x40) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000040)=0x2, 0x4) ioctl$KVM_PPC_GET_PVINFO(r2, 0x4080aea1, &(0x7f0000000200)=""/97) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00004f1ff0)={r0, &(0x7f00000000c0)}, 0x10) 07:38:26 executing program 0: r0 = socket(0xd, 0x7, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f0000000000), 0x142, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000), 0x1e6}], 0x1) getsockname$packet(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x14) close(r0) 07:38:26 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x80000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x3]}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4020aea5, &(0x7f00000002c0)) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x10400, 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, &(0x7f0000000140)=0x5, 0x4) getsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 07:38:26 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x400, 0x0) ioctl$KVM_SET_DEBUGREGS(r0, 0x4080aea2, &(0x7f0000000040)={[0x10000, 0x0, 0x6000, 0x1], 0x5, 0x90, 0x1a}) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000000c0)={'ip6gretap0\x00', {0x2, 0x4e20, @rand_addr=0x4}}) rt_sigaction(0x3f, &(0x7f0000000100)={0x9, {}, 0x5, 0x1ff}, &(0x7f0000000140), 0x8, &(0x7f0000000180)) sendmmsg(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000001c0)="7bbce76432e4be0974d8204a503fcaab4e557d95776a1be9d845c126293763395da4f399f65775197bbf8df12872ce8e99cf69dec681b8b2e1e4909d6d9f72b9703c2d0c495ea304ba627190daf1f9dc44e372fcd9286052ea75d6b5e6dc846d8fe826343a4a450ab76283d071b3c2ee19c77123eb0d878f3d79475fd150f67640c2f00be7a32c1e1aca3e5202fc7c9f5f2f40a504f51166aff47fd4c2b575150cc9a6dc3aa56911ae9fbf151c326a8412e31a5af5528527106fce769e6bd3e9770d05c974b15cb419dbf56751ac4626c975788f64bab25466597fc0265156a35e029d4e8b034f186a182ec0b4545279f10094f850f3cb", 0xf7}, {&(0x7f00000002c0)="cb4f3963bccaba7ea0c73c3e7076c98155976a22d552807d5d0356c522541b13bd5e0bb379e38e6ea8271f4e32650c01bbd3abe87f9627bc1b8714761439a41e4e7048addc01b6839a7010e95808226de4bb0186a5e92d380557981ef2153ccf0be89761f2bc0fa98fac7fe3eff61e21841be70e915a0174e394fd6fa216ac7b94079e4c586193c928ef0f585031bfa8aed43c385efd0ac66368eaf9f4", 0x9d}, {&(0x7f0000000380)="549c25a7abec808d3efa96124675bb35f63aac45a19822705d4c31d0830b347a065ddfb24b97b8702ea5f9e6150b504a337e7defabbca37adb8d53e4ef120650f1", 0x41}], 0x3, &(0x7f0000000440)=[{0x50, 0x10e, 0x1, "a38383592ae2a60bbfffb1cc8b27da0bdb0ab0bbe2a429dfe949b6e9fbc593597b18bfeaabd9208862e323b3904777567f005c9472f25c5defb715a3fb43"}, {0x70, 0x103, 0x1, "84d47d5584c684d39fe04020b0c4b413311dba1a5ee16e1c6c98649c02ea5bb7e9d05378c1c05a8792f4843272eb26502a54289d65e9206a897dddfb8a15f05638d72b9d0a65262423e9ffd8cf63e3ab441f72cab7a6677d8b"}, {0x110, 0x103, 0x790, "633306b590100212a4384b42dcab176d47f470b2499df8cda4c52dff99a4c8c470b0f66f3aa7c7a6abcdef93212606b15884806b1ac916ebdc8a2e50660e86d138a0c8e5f39d9b8dc37add4f3fa132e43dcb993a881b30211b303a8546644a711fc2619034b4e9324da9b668c13515bd96320415b1451b5f5aa2ba451254cec9cd151f88ac013fcf59794fbef436cd9ac19611ec07dbb5766f6859ae0935dede1874d2f8346edc99ebb2d37fd62a20b48763d25ea22f588ac8f274c8866f340b5f76666d6063e83ace39941aa59a0df6618796c6036a4eb3c8829073ffa7a91ac3ec7630acd2f90e4774fc0ab2baba0cb38c4573564f0cda8a378e"}, {0x108, 0x0, 0x9, "a08e89dae0dc51330c13d16995d443f00e983370f76039d2e7c5d850729e8c8fa55fdac8d98c5d8ff256b472541d30da5f31c5e92ac7b4fe247c287b95ec82f00e3075927fe4287aa9c7a150f927af2135245d433c98b715ae3cabf948a6b6932f9b5d84bd40d7e571c6f2886bb5d5a805efeae06cfaef5701e3a5720ac7028821e5c022bd395406ddcac4fc6ec6fb3594fc4b724dd768fa7a97b0a928147a00fe0e2ba65df2b241581b25609ba4b2757bb7c7077b91bd927f88f7acdb626fae6853eb3b2ff2d25e123d592fd1f2cfe2851f4e9413efc1f6fec94d9e3ed9de15c65fffc0a625e07f2a154ba45d566632b9df63"}, {0x98, 0x0, 0x8001, "2b25b47600d08e9e68ab4ede157cf5ef9a14573c91743597c5218684d491c41c663874400b1e96488a8efa852bc170dc27096ca0eaf0b830c534bb8f61199879411ad9370129ccd50bd470ef33cee31277d7d5cac2e19b05143a958fc20584ffdd3f313837017c88da93c1c6a9f3edb858003028690249eb40718a3a8b623962250f50cd9595ad"}, {0xb0, 0x13f, 0x4, "aceb8abb14649cfc9d37acefd22f8a0eed2b27a89cad7cee74c14f031c2f2f47d79777f8a6a38d4422fc35e72a64e915b131f97fc894458ddee07720f484b245dde938e4b3e0062745f07b7ce3c4eea70d62adb62dcc630e344fc5e6f17bd56e28ffd3e9b508f36419304f9aa095794fdef51fcffba8bbc7e463e6ce550d01c9c20367ef1b83ea74f25c5cfa7840765fadc9b26bbc947b35195ae269a3"}, {0xe8, 0x13f, 0xff, "dc66af3164b43a77ee759c15a5ddec976ae5128b615b6ad08a0a7706fc5f0517665ea4a2bdec39204d67f958d9c7f0ebd864a82f62b65ac25899161c917a47fd600bf0438fa67a32c83facdf7f6a3c844115b6c05c625ab28da6832aea787a414cc7ca5181d5653383b5b595244c58e1143072c6a7a441d5e548a7c5942b557e9e7ab3ed88af7de9bf982cf9faf8a53ad714445610a089fa626e065055e0699806b4a7707f32ef16ae77dd75ee41260f782e373c7f765d284dde758b22af50c3f41d223361db412c05da688e09cba5ca51679d"}, {0x68, 0x114, 0xffffffff, "124e21404830bb9461792c75b3bb67c23ee219c6d4894f6fc0b1340932ba0ef770a9c9a2839af981a7e69f8148fd451519c6b33f92d1d25d85c27f2ef62c9cd103a00d6ab5a02aca06b8aea0866cf596745d54"}, {0x38, 0x0, 0x8, "f8bd753fff642be3833f78ec445547835b87f9b983b49e4afba97355db35c22959"}, {0xe0, 0x112, 0xffffffff, "a1c074663c6250500c0ea965569510fac346ba3995018c8a1a4b32ef4e8137029b8f3b947dec2c86a6077cfdd8c92008234bfb655b1f08f5086caaf2b29db10702f86cfdda88fdbbd0d751545b0aed037a4a747aac9a30f93e023d2568a61ff9d6caccea4d72b26df22464f9cbd8d3e8cf921f8b8b3eb3d02f3b7d4f26da1b50339d803278a07306d3d4862619f3791459329cf8ace23e22a7086ee2ecfc25ed7e9718670ad4dd61259f11ab99cc6a5cef93e5612d94b0b95c2c8f71c7f22c816a3af5da90829f58ad0f34"}], 0x688, 0x20040000}, 0x10001}, {{&(0x7f0000000b00)=@pptp={0x18, 0x2, {0x3, @dev={0xac, 0x14, 0x14, 0x14}}}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000b80)="246634777af9e7720a6e068d5f1a4d7b5f5eaeccc9ab5e3efe224558effccecea0de0038c1d518c670c6427ab6aeb1b167528fb65d61bd9e940085ed64efc37b94a5a944909cb2abcc0ec5ea8c91974a0ba453fbe848cf2b7bd098a3490bbf2d07540c503ead8622567555ca4a839a29d22ac03d71b82fe099c6057c4429b1c9e4c9aa7c04427d8f6016a2f050e7a611eca849c19381fb8b198331798ae473918defb0d57ebe39edd513e1397aba7a4405590809288c36", 0xb7}, {&(0x7f0000000c40)="3ad2f1b750de45ed594a2573cbf4233b165a98d27e48d37286dbf870375822ee2dd35e0221f9216f0d4f918473bed11e2ea3d1c099f63fef0d050ae598ef537b3b0834abb27255a6f0659e22d486db650988017245aabab0a50d1b16fc41e4b71f87cd409fad1f4ebde3704cf8a28bdacf26e66659b16ef96be5b9e7615c85bc073a9fcfae818bebea60", 0x8a}, {&(0x7f0000000d00)="7e5a7b13d300ea18477202f381e9fe8c14f739a585927a88d68c41bd607f89be12a114833c55ae5f8c4b42c3708ad7f1ff22ec5fb8c6a5d6592dff7f683abb01b77369769b528f96905ba0186601ac17937d120d4d4228975864a3", 0x5b}, {&(0x7f0000000d80)="c952e5df7c61e6388b2781f78f66442ba1b8d7762a36c85e119c09520ccf9f0f470c847201b054246bcb30b98e04ad937844fc3e98de70adc8c78bf6e2419e4a5ac3c80256e4ad2de0a38d3d9e49474929a0c421f4f149bfa1a9a495201d59e3861a641834e8ff5e7a2adbb3205542a316531dbaecede539e7e926125656537d106a0aaae1a3124bcf40296c2e1ee641ea64da86ed7d1c5d6f7f94768e2a138b2408f57f76d64f0e98263d9a050230d8d82ba37dd5", 0xb5}], 0x4, 0x0, 0x0, 0x15}}], 0x2, 0x8800) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0xca) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000001840)=@broute={'broute\x00', 0x20, 0x4, 0x8e8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000f40], 0x0, &(0x7f0000000f00), &(0x7f0000000f40)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x3, 0x1, 0xdbf7, 'yam0\x00', 'syzkaller0\x00', 'bond_slave_0\x00', 'bridge0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0xff, 0xff, 0x0, 0x0, 0xff, 0xff], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0xff, 0x0, 0x0, 0xff], 0xb8, 0xf0, 0x120, [@ip={'ip\x00', 0x20, {{@rand_addr, @local={0xac, 0x14, 0x14, 0xaa}, 0x0, 0xffffffff, 0x2, 0x7f, 0x31, 0x0, 0x4e22, 0x4e21, 0x4e21, 0x4e21}}}]}, [@common=@mark={'mark\x00', 0x10, {{0xffffffe0, 0xffffffffffffffff}}}]}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x1}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x2, [{{{0x11, 0x40, 0x88f8, 'dummy0\x00', 'dummy0\x00', 'yam0\x00', 'lo\x00', @random="f39577fa002a", [0x0, 0xff, 0x0, 0xff, 0x0, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0x0, 0xff, 0xff, 0x0, 0xff], 0x1e0, 0x348, 0x3c0, [@limit={'limit\x00', 0x20, {{0x1, 0x7fff, 0xffffffff80000001, 0xffff, 0x8001, 0x2}}}, @comment={'comment\x00', 0x100}]}, [@common=@dnat={'dnat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2}, 0xfffffffffffffffd}}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x3227, 'system_u:object_r:init_exec_t:s0\x00'}}}]}, @common=@nflog={'nflog\x00', 0x50, {{0x3, 0x4, 0x10000, 0x0, 0x0, "11038ddb47373b357113d5f184b43af1cdc12675a8f306286218671357dab0f61e8a35d72816c8026e71ef7935bd6e7121a84b15e48e9d80eb0abea6a128d1c5"}}}}, {{{0x11, 0x12, 0x5, 'nr0\x00', 'bridge_slave_0\x00', 'ip6gre0\x00', 'bond_slave_0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0xff, 0x0, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0x0, 0xff, 0xff, 0xff, 0xff], 0x120, 0x180, 0x1f8, [@stp={'stp\x00', 0x48, {{0x302, {0x400, 0x9, 0xdc, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], 0x1, 0xf8f, 0x4, 0x4, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0x0, 0xff, 0xff, 0xff, 0x0, 0xff], 0x4e20, 0x4e20, 0x6, 0x9, 0x4, 0x3ff, 0xd3e, 0xffffffffffffffff, 0x3, 0x7fff}, 0x14, 0x7e}}}, @devgroup={'devgroup\x00', 0x18, {{0xf, 0x44e, 0x1, 0x7, 0x101}}}]}, [@common=@STANDARD={'\x00', 0x8, {0xffffffffffffffff}}, @common=@STANDARD={'\x00', 0x8, {0xfffffffffffffffb}}]}, @common=@nflog={'nflog\x00', 0x50, {{0x101, 0x0, 0x3, 0x0, 0x0, "b70ef5cf28a9bec87585b057e215f338d275ec2f8dddccda4652df2e50265be94049f6b3ccadc33a6a77f5f1056b62d8093439238d98dd92a87751d336414b5e"}}}}]}, {0x0, '\x00', 0x3, 0xffffffffffffffff, 0x1, [{{{0xd, 0x40, 0x8917, 'nr0\x00', 'bond0\x00', 'syz_tun\x00', 'veth0_to_team\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0xff, 0x0, 0xff], @empty, [0x0, 0xff, 0x0, 0xff, 0xff, 0xff], 0x70, 0xd8, 0x150}, [@common=@dnat={'dnat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 0xfffffffffffffffc}}}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x2}}}]}, @common=@nflog={'nflog\x00', 0x50, {{0x3, 0x7, 0x9, 0x0, 0x0, "10f4f829860fa260cb7f2ba1f3857f7efd1cbfca77bfa895c6d73ee21894dce1bf8f83dff8797e4121aa089797a9dd91de5cbf96e1ebea86a3c7b7b16c192668"}}}}]}]}, 0x960) r1 = socket$inet6(0xa, 0x80002, 0x2) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000018c0)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}, &(0x7f0000001900)=0x10) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000001940)={0x0, 0x1000, "baf16ce635c02dd6c2db07cc468e9bb9eed34c34c413da0f1bb83138ce71f65248abf3fa836a7b717a60778027fcca2a3b4c3895bbb7f03dbc9c5162c1e8b7e7fd5a0c4ac9df84b9866ddacc9814027600a3397de0b1731a8dd46936cf9fc4fd0addd8a36fe34050f4f23342eb70bdb6abf92ae721931b67f763b83fb99b4bb342d3d6e6173fefffe732dfaaaecb04360ec04dcb22ae67dbbd51cb07a97b207723930c6c4d81d8d4b67bb6ccb1827a946c993506dbc358583a9451d4cbac6d101b7d6cc18fcaf3175215e504c6a267ffbcd384198523965b82ea1ef26f7c435ed13d317fd14cd9384da0e461e0a659b47eefa7b100d7f04de01fe132256fc9cbb6bc7e728c97aa58ead6058b1a1559073fb9ca5dedea80466aca829ae2630ce1d05bd4343bb3897ddc9c68b64c7dc32a1519704059107d2f733bb1d0bc27818239301b603f797f66c36df43478b5208a5ce9899a2796b9ca0c659b2af3f3fd43bff656052ba3ecde9283c56ea23278cd324400653c4d76e9c846c56a8336cec57c142d31f8e34045a93644c1666e8526235cc3719b78e75ae1c9e526d9cbbdb1968d193a17d4a68499c6e0c03bc5df1cb7cfcfe1e1a066cf7ae28c26329e629c5597502275922ae599d333f0851100286042b3b6a627e7eae9388228443f2fbfbb3bb66924dc7f9a343946ea646799e006290795286f9b804841980ee7f049b980fe1b48a485576e4bfddfacaae5175e918dfb608b21738b177a59e48394939b28e9c161f497c71124c689187ccd4d9284981385a154d9f25e2c1660b65dde9f97e7eca263a0f2667b06c98eccc3746f0d0c5e93984af77cd66bf319e9de35db7bc9cfbf5a546d7ba61332e1b98eadeb170c2a1b1905b20796c3bc94df9885c079253e84cfb7bef04940c7ed664e610911b4aae9e8e920fde2fa9806a91d55828130a78d501f316ec7bb967d3bdc41bd54cf0bf9eb8bee345902fdaf5f00c3eafa8f733ec522f15bc1ad257796ef550d95807e72b591f921495112ec8bd0c543fb3628caf59626cf1cc9e330f449763d7f0907d9188bb83dec0040ef6685debd7313965516014352fcff0d4a916285b653b604f60cfdde91029cd2aa5918f632dcfe4f8a2b7e38c6a0fd7f2087ea93506fac0347858af24afb42b9f995bf2b1fd0b617e4d27a8d2692438ef60710125d8f3e99ec7a53eed3855d39effd958f2a2b8b7feb2a42a3e152dbf70d2e42e575944526bda9da9ad74628ae1445c66f7e47eb4065cea2838fa4ff7a0812a3c39adaea6698944de7322cfb108414e7d19a3a2d14ea62684fe46ad62e10bbcaa7b16b0bcacf2409ea3dd462e68971381f01b4abd5379cd86981b71e70a0e1d8cef52efbf5af8b3b0cb9a18717a8ae65b4d222c3b27755f5d6a3588e12795a11f7e9a0bfa8c443dcf0089801f0bcfbb1fa0cca98441fadbe105104ccc17cb446a2958c43f577f67cd1bd3588253fe9f3feda4da3d87a8836e37765358c58bc5940567490b4f6b1126822fe2225c35fb6aa4f8c2516272405242784422d1e602fa03248d84b40536efad5682b5275e751c9935bab873e72d1c139d1650ae4d415f421b826ec0a0d9ecdbb5cacc07ba2c2de0e5e56a71a5471ecbf9ed0412ae29359f4165a71e1baa894e2bcba603066f0435a82c68cca3987b36239f58add478856dfa799c1ad3459e426505def17eff1a5227b3bca2523928591510644a0171e24370ddec6ee3d4fdf004573b350386798471b6d7fc5674a2c55f969747df70f6fc687ccac9a6076f3b99df094bc96af937919474df8e4754ab8c42e7f2b983d6f4edbd69130aa9cf36953027b217d77309d250082ba9ae8d8926b5a00bc2f3f01935acc168e0c82582cc978221828829c3c8d9d5ba98dd8e185ebe153190cd5f32a5994ff2eb3dd431027c43193a43fec1445df2d624297c0f7d57575e4d86c071d4960a2933b5062c4d6a41063fccb48d11f07b1178945656eb8dbcc476535134dbb629e2da547bbe80158c9d6ea0db229ab2e3f435c47cf27254ab16740784ed3991bb3071d285b39c072e48872d7b2826a2685ecefd73b3701476b1e5ad5663a68a2f973ffbe6accb9001b8a66879d6c224e449591c0de8300bf7cc5f3fc017331810614124e7c58510aed8865c8aaa9f39cb60f03af5b5d8fcc0150863d61ff84e4167102ceb31f1aabb8f164b83e23fab00d2e08141eaa88c4a25df94b6d5f981aaf0df6a6a179198203af21e41123570c436c84e326b0badcf17c29206b3dfb35619f867ee17a87db9e4fcb06e2bec39db3adedc42e47dce841e6d947d479573b5724df1355f67ffbb55fd8d64754c022db2aca1ec8c7f963fcccbd3c21bd61d4fe632af2686391de9f2cfd10859f73d28ac232c96e3f2a2f762a068a3ffb01f76f93b1561d375278c098b80a0baa7e205925d8de622c9fca57b99e67f96aa95731928abd9398e4c2c20de039e3c59010bd4ee5ec7d089cfb2bfd1dbf7cb4c79430ff3d26a29a3d60efe2b636568339be4b409cc6b1b54ddbe83510bca75143b449eb69e8d6abba7fe4f0422c60dd3b4e093a04876005265f4bd01089ef4c02c19f4b7de715631e3b15dbc4929388cd18df175822fc9be28e00fabf91aa98ef03a7a3e2779cc4a14f99872cbd998484482d4514d136a5a90706378c3a55be9454ce5e4ae12d824a5809be5e0ae4fa79d9f5f10cb7a6c05180b7e49ed96aa120d7b0e7ad234b923f1c7c244e5978af5abd7d8b3b0b775345e4f7ab02f03ade3372013e9f76da96045bc21b69f29e85da2f59b12a724ef2adc85d9805c028540b20b495763aa238d0af2e5384e63818725a6ebad8ef2b4b73b00a2843f3869f282e3d6295a0d47f6165d2160bd0e927e206d78c460d4dc8e4efc7305a0409f09fecc56968f7ff722832645b0cc33e1277c8a038c3a520d8f3259d3fc5a966c87f34c208f96e53190641eab157adf5129a4756300b5b6b15229a0108d7c605c40ad32df166d47a4da6cf1666c3693a9e34a613ab533ed42b90a2a020c48ebd1e689bba3014c8f0515162f86bf0ca5e4f6ea283d673688bb547ecb6030acb697c1429e7eb97ae31bf43542fd9c9affcc1ae644335cbd4d4066f3098a545b99774e4bc5c03091d86ff2fe433c3b1e4affd7ce71fef02cebeb67f46419c623e6cf6c0315339c48069ceee6227356e4c15e876e64b7fb33e029c9bcc7beb90a6a49aec70be98ac4053bd2913dc0739c893fa71b2f1702c04e0feaed88fd8a04bcbea1e519a89e363449f41a487803b66af8811f8129e48ca249e3c7fec02c2052ee869a95a2bf6563d049ab6337e78a96ef7d93c82a7f57777ef14313f0771d461bca6ca469456adf6a975127db73f2e4a3f835613c9b7178ac8298e0527226bba7d537e917c9429e98fab7593e24c256bf86d72d6beb774cd16b19c3208f4e01660100eed00be88cbaaf15cc77b959d533695f4413f0d9349144e444fee6a7348ecc5560725ac6798755509b8c563df3e1bbd120171d43fc33006361bc0fe07a243524a456ad03050080f8904a0a74638e6cfb6235ff16a40ba4ea647c50ed8ee35bf27cef9a3fed142b818f1ca450955ff576afcfaa4249499a221bedef873a6c76d72f090e6069be55a71f3f8cb3fd0a6197803c4fc3156f1689e3d8d4063bbbaa8c68d88d9ea03f54e6bd371e8fb1ea043d863331b22a2b1b5a4de7672ff489626169e1748c9f7d855e6474ad85afc44c37e578ca1a476da983d43d8bc491ee92c48bf7cc0b78ab3fb8dea11ea617e3146f3b65422b402ddb549b4598bb3eeeb2c2f7bcf2d0b8ed3589b4e8ab5e9f2b1a7673ef95b2a9dee44f2659e419b615d0ac2e5a71488e1f0e464aa1357a5127d92d8015b6481932818f6297d5420fda7b778421639c4911492fea10b8a5c5611e6d521b8d25be698f4c58c0f6b10c34c10b7a2ba0d222a830f7e8010750b9a9d99035c99cd7704417351be3783dc7d3abbb46d05172b23c37dd5e470c3a77022ae8c61f35fa4bd1a2b9c0e5636373691d86cb2c74566ff45538fd3abda554c32a1f44641c6db879fc2c95663178c950b11017110746fdfcbc492ac173e06f9b9491787ca1c28c8a6b0e4bfe895a4451b965d083af0e644b77f20bd7e3e6bd12fe23ee70746e556c633e78fac171849e7dba11fadab5fb99c93e8c82d02faaac727aed77047a4fba20597a2c05e17a6997beefc95a751d31301c2aaa5cc8cdae5b31d8b9dbf9f510b7fe98bcc7e122365fb245595854d103e9eabd875a2bf186a198d37fa8a07db42b0c40795eca1bd671fd4d5df419e05d7f4bb4122acbe47584151f7af4e573678c75f6cea84bdf75ff3a128080165ed5a4a2b172116c2f83b4dbd254245da5b2afa9895e37766ebc36df4f73123afaccca4303cb59d6e1e0548fbcca33285214eeb9a54e184c88b0c5970ede940981e40b7b4949b6c6d8ced750dfb1634080881ed8371a58be5cd662c39a86dd1b70d2317a4dd8a28664b5e939922056c47d7ac55bcaefee2f9257af670c6c0f24adaa432065878a735b98dc03ed43bcf4d116e41725f3b2c4a91d1ddc6c620393e7c50894de27b1a5a5b6918d37a9e3a1d2c6c50449a66eeeb75072d72994c5549524c9869fa762dfc446a59b179774a872ac6875304642990aa449a945d640618da33ddff4ebc7fdf5265cf5ece3109df8d4aca5a5a83bd0e1b511b26f90b3830471bdc7272c490963a8a38f5fd8c8a948e065073a86b421369afb38fd35e07d6eeed299ba4203fce77d2988eadc98d0948a192313fa7c660bb2ebdeab6d9c65c0930cc6babc9ec1f65250fb509ba6144d9919275eb1778eaa847a1e312134158cc8657d2f3344dfc087cf38d2d07128ed239bf26fa13c15ef823cb4661676b6b8c2b3b286888542f2bc66f3cb18d9c7ae99d6e886a70053d41ca8e324f48aaae19d500ed8a9e412604dae86490e24802e42d354835771f5f75f2c7200d6b847ed5ac8d0ec3d8d1c01a5845157ae031ab1086332816128f77e41f0b785f24d70323bdaf5080075fd357d2f37104a40801bbe0ca80bfadd42578ce53cbf47583ddf28e0d74ff260f98f3cf6ea6c4b8aa893bc704683ef1d7b4fb35ae8e8b82da9ad32cb229e94a2b5a7d823dea8a5e66e2199fb2303191c2fd3697a76e6dee6893e13c5cd453eb660db9fc80b49a0530fdd5d09039562f87e47e59c738be0b204f9f23bca99701da7025f504c72658ed9c83c61fedb56b9a39bf7571eabf50b7be5b7669fcdc9782e064401f97ea93ec8cb978c6900aed51df3b85365c25f226babaa1510224d7de912bb6d78a488451b32f0659719315830f8d301491d2629a5625fcd112d35ede6abe098ce92679b25b2a2a693b0da6d2f63b10c80cd56c2a0b50428d8ca1bd484804a55ee0b32e72e872652f0e8bad51f0a53598b9913ee38552452dacfbd9072f8f91a1ce6a2f93b04a43d2a7daee11859f214208f21901fdd6d430fedf6cee1b1e54e72706d50905615a7fb78e12dbd59f17169a4f90774015f69e00ecb170156205f575a077cdf5deab96b75710fa815ed42379bfd2367818b24303fde7c5c16eb74ec4c5489fae55f0976415d915431fd985d8252d2fdc8aac62c30df53a120b58031eb44c59ff60eea8a8a3a2f73e0e212bd670b0f0f5bd85e3715af70cb6054b3b40178737ff4b4d163c1a9cc186d9cc9aea9d89dd1e3986d84ca6e0118c8c81be4199e5f06d90e423cb2694bcd78e894fed5091e53f876653d1c361d5febdaa"}, &(0x7f0000002980)=0x1008) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000029c0)={r2, 0x74f, 0x1000, "fca7fb891293d7ad285edc8bbe7353b9acccd456cb8e9a299cda40c8b2878e63241b397d2256b1af39eead685cd7529580acaf2cdde536bce923c5128409fc46116ee3d33a29cd464cddd92dc310ab00beede633a793891a3f58913221e0775daec1d7e9e3b6d1eaea2355c083eb2096de66a8ed51cd7be8316a5c713f1c1a81f5d49bc0f61d45d946a0e372db071980af403492c55cc40f368b10487c3ddc9455d0f270a9b2c6710c1cdf3a3cbcc2fb9409afb13b8fd5c5dba1aec5c64ebe39a0e1db8b10cc84f94b37d6d62307f6ad3ef40de77bde93c0428b2660e458748db84119d101fd6c7d9250a44ce3f9e0ff62a9752018ad2139813d1e9eb74df65dbf14411183f307726cc12ba1b5fac1efceda382640e91d20317a110c9118e5e6cf30dc6186e01f6d8b373165c4849a61c10386f786ae40d728ec4ad892c5125f3b52a2ea3da5f10c29142f165411969e0459b6e77998098074bec64b92f31e36ad10de8b68404d1b5823dee4784f8d7337b5f0667a85843b197ed39f045693fb84f0eb470f93d66d0233683245701bfaede3f0ba15de444caf50a545cd5abfa8938b16d4aadbf7139fadcc263f1b3dc945c5e555769f2866e9da12bee6d374190c8f8b0e865f0895981219c6770951bc2165a249425e904942ebe62bc6ba6c0c8753372cc001b6b9ee7268b10c471c8183f2532529041b21c9eb50043a8ca284a25ae78442438391ea7133dc249bbe5154cbcb465cbe341efaa3c177eecc36db8c906112f3dbd3bba90e984a936a658bc6e1bc68e34421b9527ca4c149e84fc1f67dda1481d69b91690d2cd13ee597d6c111515f958a1f8c7d0f28d8d51f08924500e2c87a504532df514985bfe5adcb028166aa1a0369e9f698eb916b06b2b18e703213bd2c34be2ac7e6307656ec13a7331cc92d454fbf91c745ec3c42b72c68d0b72ae3e224912a887d6855785b7d967abebe6734f6376c31e0ee06b778ec8a1caec90b488a138a3e9a95a906695280b57ddcdb01473a00f58359e3928b4691bc2699678838d7ea265ec233e03b1c4cbbe6fd898410ed45febae5eee8db71527563fcd7f075273da9268cc0fd87378e510c231318095f339836fa2ae3d55f323057db13e0b88056d079e47ee57a74d09977dcf0879b1647d06e7da307f71dcde0b2be654fc1b309f6c888bb2ae7b26a6b9ef2c2a20f1cce88ace41e354357ea0222d4539cfd8c4ea9b1ded2960fd76d7e2623b2987077adf05ddb9da4cc7cfcdfe3ec8a3970f42127feb015066873b51568b9c1fd045daa749f79f689b628664a1e5a6e1f5179d3c1dd9afdd3e0bc861fb830c2ed63994ff0d4105b74af088d740627feb44f4f5b4a15593d942ab0a17b83284e9083a3915edd9eeb3c01ee426cfc8c70b26f4a6e6928c9c9ff8c792a81763b78acd4e7278f6b2b1df288cfa7628f90d98198b09b1225fa002cb2203637cbd99c00575e014f670c60351793c71a6092821cada2724d5fae047ca0f6c4d57a9a3aa42afa6b3dfc409febf101c808c638dea6408a88b0817bc4bf897b0f2005dcc280708b9f5afa03145eaf890c52efe0364634fa8e0264d17fdd879822b6497f9288bbf72f0f209fab08729c67ce9019fe86541a86453bf1450230935db947c631acf2c371c5e9479864c75ff18f29ea8f5d8f6d6bd745de5f8d5f7839b7a9b3e58eabcf89fc99b3ba066526bc69e83381082042eb997693f60940b28af41e202b679e45e846db8160ef46b921d48e4154834eae6a778e54f5d850a8215e352ad2c0710012b355650c812cf54ae1ac5a1e9c3dfe70a5f8c1a478701e496520f7c4cfb904e27c002cb179183c3de500d6212613e29d9ce51112c987984844f73c93ca56ae97f5a6434090c232b3eb6fe122727b1421c9ff2f20db073dbcae0550bdee948689439570639f31dbf0721dddcd38a8ae35c5e7bb009b963edb197503f83fa66793c4fd8fb4543cb9c87a925d604a0811c8a9f39f84257d4336dfab80a09a9d9cebf5c3def83d20fd731077ad16f360fcb93a4da572801731ca8f82eb8d9f7a5ef618bb6414a2e4497b5b8bfd4fe21af9793adb6b4ac9ddd2a4e28c9accf280ce3249741438c2853d916de1a95a9c5cbf6ce6f7f087c863fbce898d503f58e1f9220af084ddac00b6f23fb9a449243945c1f04d5338ed3db21402116f4881368def44b654355380fd934f8d1eac131e144ff7d53ec0dc29bab7c00d4f67a5caa4407b3bd14e14b8c90445d067ee0315c417bfbf7042cc09edb32a27e78df75aa3a48df51c22a9aaaea04c3eded1559f3099ae3e959c16c06812bc4cb9dd2597aafe9dd147f0182f5d593babf81fa6e118b4f272010b554a018f4214cc018a45734ec4e9938b7527454bfc178927e124254c6d70879e81b8301d79ed3a2d877eff56b43d6103220a2484ba70b832c19908605ae93a419b3a0700c4db1e850ada4a089ad98674bc6645a134fc8b21200c06146e3ab9176855e3f6d83412554c5fcd85562e8f554e27558bf7741dadcec64cd068e950123c25396d9cf39e33f4f3c2415ba308599e13fa1bfc36937769c3212666d8ac5d76060af2b270b8864b59075a2a79352e06954a8e460162d2b553351bcecf31a99ebcd9283a6fa328600327786c25ccf16ec153ce60854584caf6ca499c4e9a9492c7f414c14403ae8b5a81ac9adaef0eb452fd4d13936de0f0073547e4afe41177b078a150783fc37554790d5b35b391cd87feecfe23373f7c9f663d4df30a6f92b3e3f4504dd478bb67ad69e1ddd427cf5da9a23b57ba72d636b4c53d6f3efd9a60e53df9be69f8d8292ccd5de99e8f7d55038192223b688d1ca2f3fc3a5eabf2009c244cb49c25bebcf8fbd74c32f63765c9f36d854b05b5491907d2fba0106c80f2e40de301bc282cbc648ccdfdf2f786a095f99a43814dee6dfc1cc6edd13771b8dca8960285f738f66a9b7b106fe2b39778d35bca54e20bc6ed521b00fe910163d41c9640bbb3ae763f0c53acdeaa54af19e1deb8c761a5c517c6c05db92f20d555e0cfcdc7ba57e60ffff184ee14905b44a2dff017cd9fa97982d89acb386e09be5b62fa13aa9548b082b6fdf8c940b4be72b86642d83a6b39cdcb77809bba3b2814e5b02e9a2043f4336a15b319405430322f1f2a17eb015ba77779eae7386f65eff434e00a813551978560562cf7ba21e8f2dd0fdaf0de1f405ff4f3da7ee445965f23c6ad016b66dd90c5d4d2384b993cd5dc7e4ae408656b5febb4ae678242e0a7b3d284b4a0cd4533ffc31a9004ad55c616c256308d174ec70f982dfe866571171f4e5c98f707d6a33baa377c12ecd933b82392fd4c64a4549278c4c6a970ace6b017b4b0901c1be1704f26e68c5b483a440f82007fdf285c65e903e4c24c0d7f12adbb24e721bace1afbcd293cd28b7347378bdc7e4de8ac4efaf41f820db45a663b70d4fad4f2b706a06082fd50c0be34af67dfb0167fb3609bb5a369ef2e15e0c746ffb2d85e99bde641ee899bad5a697b256469e042cdfea77b0e55157436ddaa8498989b3597862e3ce58582f85dd525e73fc819007b96d806a5990a9a28b6536453fe3955f3f1c27bd86be269cd9ea065143fb85ae7ff5788b62c9ce6104d97e5f84eea423f86ba11580abd999b1a8a09397ade3d83319a2400cdfe6bbfbeeeec83feeb00ed568cee31801887ac80ad6afe8bf441354e2daad4a05ea1755977df8af824b1d74bcadd8eb917f5f7eb6560cdb76218bcf2ddd018cb9a3f49f76c3b3f650bac264f5c6fa379bce650015f9c282104e7a7a0516d8506e4698ef93e6f824619c8f91b31ad8b9755687eaf484636c14ceff3b698a2c4571ae60179e85ede1fbd6a2c910af064bc4acee7dc426c0c177898bc53ed0617446a6a7b2124d20c7469d1c7bc1337d652f7f5644daa492d111a73d063be9d46a3e1e4f2707fba2fef4acffe745f19bb630bc3006a8f8dcf8ccb04cc738c7db60080c81afc38c0a9087222709b1998dce75fcb063b6483e754f561bc296ef281bdfab2ce7b250b3e8a11639eda5d91de21b6f148ce99decaa23e4af5e0310bd2761678aa722dafd565698506092165f56ddd347df3a45ce8ef64839c8cfa3260d19abfa9ca701a019bfd96187f0c6ed5c62160550c4d9dc956b4d2bbbf7d5bf609ead3069e5df7942ff8a72351d7cd7f72df1721b18b3cbce7eb6e5a71e0f757fb443b189563f9d653dd2e6043dc7e2f1f9f542b10fce9ddbd471ad01695eeb3b0c9cae0949767542dd147b3b7211742e9d0deb1b2ad0051595c1520c1b032bae306525ba0bd7e440103d27a71c4419b96639f19a2d85f6b466ffe2f99290282aa9120a4c8b18f40a8eb65c2b3b57b0752adda3195219d2a894b4021181627edf15b95a9b0bffd1c828a8ce7ea66547804b65788f46365d3578b8dfa76e0032be9bbdea79b33ecdc03f8313cb85b0977b5e0e3164bd842ee8ec050845e91d8929254ee8215d99caad332a30a579d523c1e6b36da33d3a994dfd880c7b3a40c3bd331e01f43f9d19bb457a12948adaedc0f909753b4095c8389712df650fbac6ede14557198911535e098c3b9254f6eb16ef13b277ef631b1396c99203d13f54aca5ee94b984c3b4fe86a6e692c8538686f971acb4031bf88581579e70424a61d27535ed7f0222f476a215630516f3cca104c8402a4e6f44090f1f78812138898b57d65190200b67e29b19c90398a8ebfcc7978fde734bda6b941a7b9afb9cdbf71bc28fc56682e12935a12fc3450ec7ae5e6c0e254faed0e36f65aefa688acf759e9a8c807af93551e278901598f9c6636adbc4936290279a808c4a4c935120af77dfadf4f0b814a61b130eb9ef66ebff15e5a29e799c0f09f35eecd794a1f1036d139b1ff3f1234a543765b2544822ef2c57aafb822c374daff4c825a547f25f2873b098163dec1ec0e783617b6f1194b12924915f47a059964344fb457b03f4b2d9b069898f7ccaecf84192dabe8bb6b2ab4f69935159103bb252de7887c4252429db82838c6ef80ff38cabfd2a419fd3f740f622ddf1633d87cc71049c6380e4b651a669dbd471dbe513a659043a73809a97515ebdd73c64381b225283d3f8996590d944e88eb7700f45fdac6fcb68f4f6edba956b9876fa87bd3ad660ad080374161a0d23eef120970cbb3e723435bf9034ba0671bdac41c57232b5c1147f7575184fac569ab640ecb775a443c64b8d2af8f01ed360a96a1d24802c5e45f1b86070ae8e4b5437a2c1cd934cdc223c68e592e15641269c0323dec3c28706cead06c16e2a5ffc76c0b3b05de63cc3405d69e86e2c3526d813d92d6c8ef48836d3994a723b19f4d373d6e8ced0794cfaa8108cfda422dd7a42f9737bd39e7bced4b4af7ef6bd1c9e8a4e46eda95648bd3ea9651c284bb4f60adf589c66b41822d53b00da17862c0aff692a1177ffa352a4a73e310974ef6b3b7df8f4d5ada0d06225541c1503ac6dd34adae385e90acd6a362993f54d6e100f0e7f88481e42309ee265ffed99d23a9c5d8cc43e9301a1d053ae6489413cfe0099282df3c80d8c1c012054b56e5448b61ad90aeb91bddc0705439b9b76c22ec0bc87a312703ae21e1ce05f73000c965a89e0798ef3fc946dc685b05d5f3ec39d51cc361e1c41c0d6f5661dda9b931914a34977cd88fa619a619a33fe51ea8cf31b0053af06ec4b2ffb6ee92630eb31eb12931cc36af39e2c8627b41e4a23e82260be7d60c17cba0e433070eec76d21b1b8abc7c4068d981"}, 0x1008) r3 = epoll_create1(0x80000) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000003a00)=0x0) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000003a40)=r4) accept$packet(r1, &(0x7f0000003a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000003ac0)=0x14) sendmmsg(r1, &(0x7f0000004040)=[{{&(0x7f0000003b00)=@can={0x1d, r5}, 0x80, &(0x7f0000003d40)=[{&(0x7f0000003b80)="ba18ef77d7e23e8103619436b4a0e3ef735c8ad1054457e038bba6cb289be2637efe898cdef0d1fc258de9160a223e668220a08305dc308d", 0x38}, {&(0x7f0000003bc0)="f71322e4b8e26a3628f129caac880c13d2b9ecf9a474197de98742a2e322e06aa2412ede93fd90bd785bb1b76f71e07c4b6da2c0c001883d092e44c406f5a9a0d0ab8424", 0x44}, {&(0x7f0000003c40)="10baf6c8f9837e4ee86e5ff38d1f87fe6b2b1369a9", 0x15}, {&(0x7f0000003c80)="b79ba90a4977552696618fb8dcc86da455f1fa2bf6b196cbc0ead34b60f6271d6b9fff3fb59930dd59fa13496c215537055908c6e5ecac52aaee7edda8187b4cb7053a04a28f8fbf2eb295d6db080ec8e5f0afadfd883cf2c62a67bf77a168b53a9470334e8d976ac86b952a4ea9e0082b5d708e4623f3039182b2085a49a1cbe26572", 0x83}], 0x4, &(0x7f0000003d80)=[{0x28, 0xbf, 0xffffffffffffffae, "0cabc835138c9f01ef9e9fc78ec7a56911"}, {0xa0, 0x29, 0xfffffffffffffffc, "e76dc29152ee30eada37acf7792cefa7e036ba4c314998cf48d6b3bc3e5e23a3d40ad8ef242652e88124efbb52f9d561354aadbf359ebcddc53c6e859d4113a510882c800c2b5ce6e12816054cae3e0edffb791c190e6bdff752a4e4cbd5cb7c8e7f16db314c267607656686e8dc91d34df3f8921a367bdda72845d82153e260f28763602079b53d4caf5bf0f22652"}, {0xd0, 0x10f, 0x100000000, "c3c7c14b7d680a75f5105341bfe4a02839eabb2d7a0e217ce4acc21eba29a5a8a31ae0ebdb457b463f6558374efc73a316c57cfb24b51aedceaefd746b8c86ccbc39f46a0109a43597e5f25482c19d7abf5635b17ee9e3013a96994089d2d98eba7eebc3830ed5c06d2857a312d9e5e3399bcec3c8b879fec8693468a5f32623cf5b6a70ab42cbf100d12c8843a46184c182b604db90b0a317bf09b56680ad7c9942cad187c234c3ca57dd2260e6dcf18b7972a1d754803fa3f0e43f51"}, {0x48, 0x119, 0x7, "0812b3e0f9753c2c276eb8ee5df922570910e02307c4dec138a04c03b4c93f6634daf67c65e431741ce559d80a93570ee545"}, {0xe0, 0x112, 0x7f, "f098e412befb913124d7fa67534a78e6277253ed4a37eaa24e9d7cf0a78f111e743a182d7b7782088d75069fcb374b8adb8531df7043b1316145e0c46cfc81552c7cffd97b00a762e96a2ee53786ac703c0e47c526a4210618977982cd1e1aa22e96e08a77885f6af092512f23342557f341234d0492200fa703348d19a4fa213846c021bb6dc6eb57fc816c70274dd61e7ff58d4145f90e09c371111627bbdb9d12c2b0c2883fc9f21faf6b38e2925f4e679dd50aa466fcc61614c38809590e99e6d32dd3dbbf77fd0fc9331dbe3b"}], 0x2c0}, 0x3}], 0x1, 0x10) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000004080)=0xfff) fcntl$setpipe(r3, 0x407, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000040c0)=r4) lstat(&(0x7f0000004100)='./file0\x00', &(0x7f0000004140)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000041c0)='./file0\x00', &(0x7f0000004200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f0000004280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(r0, &(0x7f0000004300)={0x84, 0x7d, 0x1, {{0x0, 0x5d, 0x6, 0x1, {0x48, 0x0, 0x3}, 0x10100000, 0x9, 0x1ff, 0x3ff, 0x8, 'SECMARK\x00', 0x13, ',#self-$proc\\system', 0x3, 'ip\x00', 0xc, 'CONNSECMARK\x00'}, 0x12, 'vboxnet0keyring--)', r6, r7, r8}}, 0x84) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000043c0)=@int=0xf5, 0x4) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000004400)={{0xa, 0x4e24, 0x7, @remote={0xfe, 0x80, [], 0xbb}}, {0xa, 0x4e21, 0x8, @empty, 0x2}, 0x1e10cb0c, [0x6, 0x1f, 0x9, 0x7fffffff, 0x5, 0x1, 0x91, 0x8]}, 0x5c) ioctl$TUNSETOWNER(r0, 0x400454cc, r6) setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f0000004480)={0xc4, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x10}}}, {{0x2, 0x4e22, @multicast1=0xe0000001}}}, 0x108) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000045c0)={0xfffffffffffffffd, 0x8000, 0x1, 0x9}, 0x8) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000004600)={0x5, 0x70, 0x10440e7c, 0x0, 0x100000001, 0x0, 0x0, 0x1fa7, 0x1, 0x2, 0xa3f, 0x802000, 0x4, 0x9, 0x800, 0xbb, 0x9, 0x8, 0xfffffffffffffff9, 0x4, 0x0, 0x5, 0x4, 0x8000, 0x7f, 0xff, 0x800000000, 0x0, 0x293, 0x1ff, 0x48f, 0x7, 0xc00000, 0x3, 0x5, 0x8, 0x7, 0x7, 0x0, 0x4, 0x4, @perf_config_ext={0xc8ec, 0x8}, 0x20080, 0x7, 0x7f, 0x5, 0x81, 0x7, 0x8}) getsockopt$inet6_dccp_buf(r0, 0x21, 0xc, &(0x7f0000004680)=""/125, &(0x7f0000004700)=0x7d) 07:38:26 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = getpgid(0x0) fcntl$setown(r0, 0x8, r1) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r2) 07:38:26 executing program 7: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x101000, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000004c0)={0x53, 0xfffffffffffffffd, 0x9a, 0x6, @buffer={0x0, 0xcb, &(0x7f0000000140)=""/203}, &(0x7f0000000240)="8af9868f5c60905fd1232e61198b6d7bcc8e575110b4781e82ecbfb3232a54ee855e67988154337c35b62198bf8501a1f693b9f5d2d8ba577485b12b4b0dd425e21e882a87560b87d555460f7da495999078d94c06bb4e775c9c76a37851c41ac46e2ca48291677208ff1f082f4fa0f6f07d56cd7168ab9ec2a6baf90441b6be4121e57d530e841abefadcc83ab960d71aa50f811ca89ec1e8f8", &(0x7f0000000400)=""/77, 0x9, 0x10020, 0x3, &(0x7f0000000480)}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000680)={0x0, 0x5}, &(0x7f00000006c0)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000700)={r1, 0x3, 0x5, [0x5, 0x2, 0x7ff, 0x1, 0x101]}, 0x12) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ptmx\x00', 0x2100, 0x0) dup2(r0, r0) r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000540)='/dev/autofs\x00', 0x2af3fe7b925526c6, 0x0) ioctl$SG_IO(r2, 0x2284, &(0x7f0000000080)={0x4, 0x0, 0x0, 0x0, @buffer={0x0, 0xd7, &(0x7f0000000300)=""/215}, &(0x7f0000000200), &(0x7f0000001400)=""/71}) ioctl(r2, 0x3f, &(0x7f0000000580)="d014ac193fa1066c3d41c5d46b6a2e8235f57974affe2b918e1379e67c79efa214e57d44bec5f8ca3e99c96329764befa956459fc493ff361be5f7cd92c5deff1129e5a7eac8c48da1105fe547d9feaee77a1324136ce1ed27a7f7a71bfecde2bc7a4dc6028885ec3df6e6f63ab6ae5945bd9b9d16add07683f20d30ecc95f8d01f08f972e122694e4") 07:38:26 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffbde}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x1, 0x7, 0x2000000000b, 0x3}, 0x1fd) [ 656.394210] binder: 10834:10835 unknown command 0 [ 656.408794] binder: 10834:10835 ioctl c0306201 20000080 returned -22 07:38:26 executing program 3: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x5, 0x10000) ioctl$KVM_SET_CLOCK(r0, 0x4030ae7b, &(0x7f0000000080)={0x8, 0x8}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) fcntl$setown(r0, 0x8, r1) r2 = semget$private(0x0, 0x5, 0x0) semop(r2, &(0x7f00000000c0)=[{0x0, 0xd70b}, {}], 0x2) semctl$GETNCNT(r2, 0x1, 0xe, &(0x7f00000001c0)=""/22) 07:38:26 executing program 0: setrlimit(0x7, &(0x7f0000000040)={0x14, 0x87}) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x102, 0x4) [ 656.439920] binder: BINDER_SET_CONTEXT_MGR already set [ 656.446615] binder: 10834:10835 ioctl 40046207 0 returned -16 [ 656.471010] binder: 10834:10854 unknown command 0 07:38:26 executing program 7: mremap(&(0x7f0000001000/0x1000)=nil, 0x7ffffffff000, 0x1000, 0x0, &(0x7f0000000000/0x1000)=nil) mlock(&(0x7f0000000000/0x3000)=nil, 0x3000) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400000, 0x0) connect$unix(r0, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e22}, 0x6e) epoll_create1(0x80000) epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x8) 07:38:26 executing program 0: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0)}, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = accept4(0xffffffffffffff9c, &(0x7f0000000000)=@ax25, &(0x7f0000000080)=0x80, 0x80800) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0x3ff, 0x6, 0x2, 0x100000001, 0x9af}, &(0x7f0000000100)=0x14) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000280)={r1, @in6={{0xa, 0x4e21, 0x7, @empty, 0x9}}, 0x7, 0x6}, 0x90) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000140)={'lo\x00', 0x444}) accept4$unix(r0, &(0x7f0000000340), &(0x7f0000000180)=0x6e, 0x80000) 07:38:26 executing program 6: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x80000, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000340)={0x8, 0x7, 0x1ff, 0xfffffffffffffff8, 0x1, 0x7fffffff, 0x7, 0x3, 0xff, 0x101}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r3 = request_key(&(0x7f0000000140)='id_resolver\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000240)='\\md5sumvmnet1lo\x00', 0xfffffffffffffffa) keyctl$revoke(0x3, r3) syz_extract_tcp_res$synack(&(0x7f0000000080), 0x1, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000000000010000000000000018000000ff"]) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"]) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f00000001c0)={0x2, 0x0, [0x48b, 0x0, 0x4b564d02]}) [ 656.486808] binder: 10834:10854 ioctl c0306201 20000080 returned -22 07:38:26 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init() r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x20002, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000200)={0x0, 0xc5, "16681a31a6e3a643202489454b7f8b2d7fb72c765a24327d9bd960c00d72e7279363e20215396940a95e11417f1c3ca82e6eb6d89a827b9afc68daee2a7441e0dc1499d518df5de4b3e65089d2cba2e92b7dc4d3c69fd87dd2dbd4354fbab973e680e5270c2787f3890a591bca2394689452f005c7af92979b82323ce733e7b63ef73b9fe1cd432d758e98d0ca1133c33dbc655a7a0cc477329ed10cf9af6a56b68385644100a5745764f5a18469dc9de187e155e5955597ccdf04b255d1a8bde891cbc49f"}, &(0x7f0000000300)=0xcd) r3 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0x0) keyctl$set_timeout(0xf, r3, 0x0) ftruncate(r1, 0xfffffffffffffff7) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000340)={r2, 0x4, "4d56f947"}, &(0x7f0000000380)=0xc) inotify_rm_watch(r0, 0x0) [ 657.275571] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 657.275571] The task syz-executor3 (10896) triggered the difference, watch for misbehavior. [ 657.413128] FAULT_FLAG_ALLOW_RETRY missing 30 [ 657.417743] CPU: 1 PID: 10842 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 657.426213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 657.435556] Call Trace: [ 657.438143] dump_stack+0x1c9/0x2b4 [ 657.441782] ? dump_stack_print_info.cold.2+0x52/0x52 [ 657.446967] ? kasan_check_write+0x14/0x20 [ 657.451186] ? do_raw_spin_lock+0xc1/0x200 [ 657.455423] handle_userfault.cold.33+0x47/0x62 [ 657.460082] ? userfaultfd_ioctl+0x5430/0x5430 [ 657.464647] ? trace_hardirqs_on+0x10/0x10 [ 657.468871] ? trace_hardirqs_on+0x10/0x10 [ 657.473095] ? update_load_avg+0x389/0x27d0 [ 657.477397] ? trace_hardirqs_on+0x10/0x10 [ 657.481614] ? userfaultfd_ctx_put+0x810/0x810 [ 657.486191] ? rb_erase_cached+0xc82/0x32c0 [ 657.490510] ? trace_hardirqs_on+0x10/0x10 [ 657.494747] ? trace_hardirqs_on_caller+0x540/0x5c0 [ 657.499759] ? rb_next+0x140/0x140 [ 657.503284] ? rb_erase+0x3550/0x3550 [ 657.507077] ? rb_erase_cached+0xc82/0x32c0 [ 657.511405] ? trace_hardirqs_on+0x10/0x10 [ 657.515636] ? cpuacct_charge+0x2eb/0x5d0 [ 657.519773] ? lock_acquire+0x1e4/0x540 [ 657.523731] ? __handle_mm_fault+0x3a38/0x44a0 [ 657.528291] ? lock_downgrade+0x8f0/0x8f0 [ 657.532461] ? kasan_check_read+0x11/0x20 [ 657.536630] ? do_raw_spin_unlock+0xa7/0x2f0 [ 657.541031] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 657.545595] ? kasan_check_write+0x14/0x20 [ 657.549812] ? do_raw_spin_lock+0xc1/0x200 [ 657.554040] __handle_mm_fault+0x3a45/0x44a0 [ 657.558440] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 657.563281] ? reweight_entity+0x7ed/0x1100 [ 657.567596] ? lock_release+0xa30/0xa30 [ 657.571552] ? lock_acquire+0x1e4/0x540 [ 657.575504] ? handle_mm_fault+0x417/0xc80 [ 657.579728] ? lock_downgrade+0x8f0/0x8f0 [ 657.583865] ? lock_release+0xa30/0xa30 [ 657.587825] ? rcu_note_context_switch+0x730/0x730 [ 657.592734] ? mem_cgroup_from_task+0xcb/0x1f0 [ 657.597294] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 657.602031] handle_mm_fault+0x53e/0xc80 [ 657.606074] ? __handle_mm_fault+0x44a0/0x44a0 [ 657.610648] ? find_vma+0x34/0x190 [ 657.614175] __do_page_fault+0x620/0xe50 [ 657.618218] ? mm_fault_error+0x380/0x380 [ 657.622357] do_page_fault+0xf6/0x8c0 [ 657.626141] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 657.631583] ? vmalloc_sync_all+0x30/0x30 [ 657.635714] ? lock_acquire+0x1e4/0x540 [ 657.639665] ? __might_fault+0x12b/0x1e0 [ 657.643718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 657.648540] page_fault+0x1e/0x30 [ 657.651973] RIP: 0010:__get_user_4+0x21/0x30 [ 657.656361] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 657.675481] RSP: 0018:ffff880191087538 EFLAGS: 00010202 [ 657.680822] RAX: 0000000020013e98 RBX: 1ffff10032210eae RCX: ffffc90005630000 [ 657.688504] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 657.695751] RBP: ffff880191087cb8 R08: 1ffff10032210e84 R09: 0000000000000000 [ 657.703001] R10: ffffed00390144c9 R11: ffff8801c80a264b R12: ffff8801c80a25c0 [ 657.710252] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 657.717508] ? __might_fault+0x1a3/0x1e0 [ 657.721552] ? sctp_setsockopt+0x1e13/0x6db0 [ 657.725940] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 657.731631] ? migrate_swap_stop+0x850/0x850 [ 657.736032] ? kasan_check_write+0x14/0x20 [ 657.740259] ? trace_hardirqs_on+0x10/0x10 [ 657.744476] ? __account_cfs_rq_runtime+0x770/0x770 [ 657.749473] ? set_next_entity+0x2dd/0xb00 [ 657.753687] ? trace_hardirqs_on+0x10/0x10 [ 657.757917] ? update_load_avg+0x27d0/0x27d0 [ 657.762325] ? __enqueue_entity+0x10d/0x1f0 [ 657.766648] ? __unqueue_futex+0x2e0/0x2e0 [ 657.770891] ? pick_next_task_fair+0x999/0x16e0 [ 657.775561] ? kasan_kmalloc+0xc4/0xe0 [ 657.779473] ? alloc_empty_file+0x72/0x170 [ 657.783711] ? run_rebalance_domains+0x4c0/0x4c0 [ 657.788462] ? finish_task_switch+0x1d3/0x870 [ 657.792938] ? lock_downgrade+0x8f0/0x8f0 [ 657.797063] ? finish_task_switch+0x18a/0x870 [ 657.801541] ? lock_acquire+0x1e4/0x540 [ 657.805493] ? __fget+0x4ac/0x740 [ 657.808925] ? lock_downgrade+0x8f0/0x8f0 [ 657.813153] ? lock_release+0xa30/0xa30 [ 657.817114] ? trace_hardirqs_on+0xd/0x10 [ 657.821252] ? _raw_spin_unlock_irq+0x27/0x70 [ 657.825734] ? finish_task_switch+0x18a/0x870 [ 657.830212] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 657.835651] ? __fget+0x4d5/0x740 [ 657.839086] ? ksys_dup3+0x690/0x690 [ 657.842800] ? __schedule+0x884/0x1ea0 [ 657.846671] ? __fget_light+0x2f7/0x440 [ 657.850628] ? fget_raw+0x20/0x20 [ 657.854061] ? get_unused_fd_flags+0x1a0/0x1a0 [ 657.858624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 657.864239] ? schedule+0xfb/0x450 [ 657.867759] ? alloc_file+0x430/0x430 [ 657.871541] sock_common_setsockopt+0x9a/0xe0 [ 657.876028] __sys_setsockopt+0x1c5/0x3b0 [ 657.880162] ? kernel_accept+0x310/0x310 [ 657.884217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.889737] ? syscall_slow_exit_work+0x500/0x500 [ 657.894570] __x64_sys_setsockopt+0xbe/0x150 [ 657.898959] do_syscall_64+0x1b9/0x820 [ 657.902828] ? syscall_slow_exit_work+0x500/0x500 [ 657.907662] ? syscall_return_slowpath+0x5e0/0x5e0 [ 657.912571] ? syscall_return_slowpath+0x31d/0x5e0 [ 657.917480] ? prepare_exit_to_usermode+0x291/0x3b0 [ 657.922475] ? perf_trace_sys_enter+0xb10/0xb10 [ 657.927129] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 657.931955] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 657.937127] RIP: 0033:0x455ab9 [ 657.940309] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 657.959430] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 657.967126] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 657.974376] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 657.981634] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 657.988894] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 657.996144] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:28 executing program 6: r0 = socket$inet6(0xa, 0x80005, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") read$eventfd(r1, &(0x7f0000000100), 0x8) ioctl(r1, 0x2, &(0x7f0000000080)="c904481bb4eeea765718463c13c31556e07b3eef789e807121bc36d4b7ebd314bf0e6ac4db28edd1779a9823130a38caa7f1dd1a6edb629b66cd6468e4f95ea2ec79d307956efaf5b9a6af8471d8a557971108b434b88769721cfdf25678a8") socket$pptp(0x18, 0x1, 0x2) 07:38:28 executing program 7: r0 = socket(0x10, 0x803, 0x1) write(r0, &(0x7f00000000c0)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") setsockopt$sock_int(r1, 0x1, 0xa0000000000008, &(0x7f0000000040), 0x4) mq_notify(0xffffffffffffffff, &(0x7f0000000240)={0x20000000, 0x8000000000013, 0x2, @thr={&(0x7f0000000080), &(0x7f0000000100)}}) clone(0x0, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000080), &(0x7f0000000140)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x102, 0x0) ioctl$RTC_VL_CLR(r2, 0x7014) r3 = socket$inet6(0xa, 0x1, 0x0) dup3(r3, r0, 0x0) 07:38:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x300, &(0x7f0000000400)}) 07:38:28 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x2) r1 = socket$unix(0x1, 0x7, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r3 = socket$unix(0x1, 0x10000000002, 0x0) r4 = dup3(r3, r2, 0x80000) ioctl$KVM_GET_TSC_KHZ(r4, 0xaea3) r5 = dup3(r4, r0, 0x80000) ioctl$SG_SET_COMMAND_Q(r5, 0x2271, &(0x7f0000000180)=0x1) ioctl$VT_OPENQRY(r4, 0x5600, &(0x7f0000000140)) ioctl$sock_inet_udp_SIOCINQ(r4, 0x5411, &(0x7f00000000c0)) pread64(r1, &(0x7f0000000040)=""/27, 0x1b, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000001c0)={r1, 0x0, 0x3, 0x401}) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000100)=0x2, 0x4) 07:38:28 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f0000000140)={0x10, 0x0, [0x40000002]}) r4 = open(&(0x7f0000000040)='./file0\x00', 0x14142, 0x20) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r4, 0x80045400, &(0x7f0000000080)) 07:38:28 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7e, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f0000000040)={0x1ff, 0x7f, 0x81, 'queue0\x00'}) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000740)=@nat={'nat\x00', 0x19, 0x3, 0x3e0, [0x20000dc0, 0x0, 0x0, 0x20000df0, 0x20001038], 0x0, &(0x7f0000000700), &(0x7f0000000dc0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x5, 0x0, 0x0, 'ipddp0\x00', 'ip6_vti0\x00', 'ipddp0\x00', 'dummy0\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x13}, [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0xf0, 0xf0, 0x128, [@helper={'helper\x00', 0x28, {{0x0, 'sip-20000\x00'}}}, @state={'state\x00', 0x8}]}}, @snat={'snat\x00', 0x10, {{@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}}}}, {{{0x11, 0x0, 0x0, 'ip_vti0\x00', 'bond_slave_0\x00', 'bond_slave_0\x00', 'team_slave_0\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0xb8, 0xb8, 0xf0, [@ip={'ip\x00', 0x20, {{@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}}}}]}}, @arpreply={'arpreply\x00', 0x10}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'syzkaller1\x00', 'ip6gretap0\x00', 'bond_slave_0\x00', 'rose0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], 0x70, 0xf0, 0x138}, [@common=@NFQUEUE0={'NFQUEUE\x00', 0x8}, @common=@log={'log\x00', 0x28, {{0x0, "db4a5fba094ac2ac05a304d7b73b2427adfe7bdf9e15cd157aded7884b0e"}}}]}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00'}}}}]}]}, 0x458) 07:38:28 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, r0, 0x0) sendmsg(r0, &(0x7f0000000480)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0xffffffff, @host=0x2}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000280)="40bbe9716397f061009c70612c48ec21bafaadd241cfb475c6cded2a286d648cb3100a4827f3d25afaf20929c12b2b42aaca5e9a", 0x34}, {&(0x7f00000002c0)="a3f3eed721989e5ef2ed6ceb1ebcd56ecc4f662bac84dee16d938fb81f042b0a07de65770abff3034e9f3d44fbcb24752eb014", 0x33}, {&(0x7f0000000300)="f5455d19ab33f492ac", 0x9}], 0x3, &(0x7f0000000380)=[{0x90, 0x0, 0x5, "786773dcf874d5308e1d6622ce8ca2c32555b93208489262a827a31b29e6bb1ceed99d290e037ec640b2afa27df1ccd1c88e8556c817c28bd3970420503949bfe7e79b4f15271668c0eb208e83f53f4e7db6a6bea9b64735a25bb9239c2329c9075f2f6ab3ae769a216c6eedcc59c059a551cac071480d30ae"}, {0x50, 0x119, 0x0, "43a82318208fa28e5c46e8e90d94345bd7d9322d7cd5a85abc96267a9bbdb64931b96134b8cd3369ca5b52808e99e126686cdad9a0deea32e44e0f"}], 0xe0, 0x4}, 0x8804) r1 = userfaultfd(0x0) fadvise64(r0, 0x0, 0x1f, 0x5) r2 = syz_open_dev$midi(&(0x7f00000004c0)='/dev/midi#\x00', 0x1, 0x2001) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000500)) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:28 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000440)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) getsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000280), &(0x7f00000002c0)=0xb) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) symlinkat(&(0x7f0000000300)='./control\x00', r6, &(0x7f0000000340)='./control\x00') write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000012000/0x1000)=nil, 0x1000}, 0x3}) getdents(r7, &(0x7f0000000180)=""/239, 0xef) write$P9_RGETLOCK(r6, &(0x7f0000000380)={0x1e, 0x37, 0x1, {0x1, 0xd533, 0x0, r4}}, 0x1e) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) [ 658.191131] binder: 10917:10920 unknown command 0 07:38:28 executing program 3: r0 = socket$kcm(0x29, 0x2, 0x0) r1 = socket$unix(0x1, 0x3, 0x0) close(r0) bind$unix(r1, &(0x7f000094cff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0x0, 0x10000) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f00005c8ff8)) sendmmsg$unix(r1, &(0x7f0000000640)=[{&(0x7f0000000000)=@file={0x1, "e91f7189591e9233614b00"}, 0x6e, &(0x7f0000000080), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000006100000001000000", @ANYRES32=r0, @ANYBLOB="00000000142656b7567d5537df4859a80ecbe7f9527af2d3"], 0x18}], 0x1, 0x0) 07:38:28 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="025cc83d6d345f8f762070") r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x500, 0x0) symlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00') getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000240)={r2, 0x7f, 0x4f, "ff659e29199e43979b9d41c0fd749be550e83a00ee45578ba74b22cd3e6af06af278df95f8ac978580e7acc72a3eb1fb9509240c8f5ae1907318ca61abe6333cc5824838ebb8cb81bf965b95c9f6a5"}, 0x57) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000080)={0x8, 0x43b3efe2dba11233, 0x4}) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) sendto$inet(r3, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendto$inet(r3, &(0x7f0000000000)="a4", 0x1, 0x20040004, &(0x7f0000000140)={0x2, 0x0, @rand_addr}, 0x15f) 07:38:28 executing program 0: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in=@remote={0xac, 0x14, 0x14, 0xbb}, @in=@multicast1=0xe0000001, 0x4e21, 0xff, 0x4e21, 0xfff, 0x2, 0xa0, 0x80, 0x7f, 0x0, r1}, {0x100, 0x100000001, 0x101, 0x1, 0x7, 0x80, 0x200, 0x1}, {0x40, 0x3f2bca88, 0x7ff, 0x3}, 0xeb2, 0x6e6bbb, 0x0, 0x1, 0x2, 0x2}, {{@in6=@loopback={0x0, 0x1}, 0x4d2, 0xff}, 0x2, @in=@broadcast=0xffffffff, 0x34ff, 0x1, 0x0, 0xffffffff, 0x9, 0x2, 0x5}}, 0xe8) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x100004, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r3 = memfd_create(&(0x7f0000000180)="2df188a80ba116a8db8ba30f436c4e8dae0e32772865c0b60fb6bfc4f11c05e8970122dc649f8aff519c90197f30329b26d2680f21b038521045", 0x0) pwritev(r3, &(0x7f0000000000)=[{&(0x7f0000012000)="ca", 0x1}], 0x1, 0x0) lseek(r3, 0xffffffff00000000, 0x4) close(r2) [ 658.225551] xt_helper: cannot load conntrack support for proto=7 [ 658.227255] binder: 10917:10920 ioctl c0306201 20000080 returned -22 07:38:28 executing program 7: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r1}, 0x10) r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$can_raw(r0, &(0x7f00000001c0)={0x1d}, 0x10) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 07:38:28 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) capset(&(0x7f00001e8ff8)={0x19980330}, &(0x7f0000032fe8)={0x0, 0x0, 0x0, 0x0, 0x100000000}) getpeername$inet(r0, &(0x7f0000000000)={0x0, 0x0, @dev}, &(0x7f0000000040)=0x10) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000640)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000700000004000000a0040000600100007802000060010000b8030000b8030000b803000004000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000e700000000000000000000000000000000000000000000"], @ANYBLOB="ac1414aaac1414bb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aaaaaaaaaa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000626f6e645f736c6176655f3100000000726f736530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0006001000000000000000000000000000000000000000000000000000070004e464c4f4700000000000000000000000000000000000000000000000000000000000000000000000000042fd94c273aba5e601573e4fce4f3d5d3bba611e0b9a970cfab8d1c707e6fd027e816385272bd971bd1a65457a259a07f504d250bde6449521d29bc6cb317e500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f000180100000000000000000000000000000000000000000000000000002800434c41535349465900000000000000000000000000000000000000000000000000000000000000000000e00000010000000000000000ffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006772653000000000000000000000000076657468315f746f5f626f6e6400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0004001000000000000000000000000000000000000000000000000000050006d616e676c650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e8000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x3) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000100)={r0, 0x0, 0xfffffffffffffffa, 0x3, 0xa685}) prctl$setendian(0x14, 0x200000002) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000b40)={'filter\x00', 0x7, 0x4, 0x570, 0x270, 0x270, 0x270, 0x488, 0x488, 0x488, 0x4, &(0x7f0000000080), {[{{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @remote={0xac, 0x14, 0x14, 0xbb}, @broadcast=0xffffffff, 0x0, 0x1}}}, {{@uncond, 0xf0, 0x130}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x800, 0x7, 0x7fffffff}}}, {{@uncond, 0xf0, 0x218}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x6, 0x5, 'system_u:object_r:checkpolicy_exec_t:s0\x00'}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x5c0) [ 658.278430] binder: BINDER_SET_CONTEXT_MGR already set [ 658.295345] binder: 10917:10920 ioctl 40046207 0 returned -16 [ 658.311436] binder: 10917:10944 unknown command 0 [ 658.315229] binder: 10917:10939 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 07:38:28 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0) bind$bt_sco(r1, &(0x7f0000000140)={0x1f, {0x10000, 0x6, 0x1, 0x8d, 0x9, 0x10001}}, 0x8) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') openat$random(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x10000, 0x0) mmap(&(0x7f0000000000/0xae0000)=nil, 0xae0000, 0x0, 0x4d031, 0xffffffffffffffff, 0x0) pread64(r2, &(0x7f0000e3e000)=""/8, 0x8, 0x100000) 07:38:28 executing program 6: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x501000, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x78ee2283}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={r1, 0x4, 0x30}, 0xc) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) ioctl(r4, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000000)={0x40, 0x3, 0x401, 0xf588fbc}, 0x8) r5 = mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x51, r2, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000480)={0x14, 0x0, &(0x7f0000000040)=[@acquire_done={0x40106309, r5}], 0x0, 0x0, &(0x7f0000000280)}) [ 658.324091] binder: 10917:10944 ioctl c0306201 20000080 returned -22 07:38:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xb038030000000000, &(0x7f0000000400)}) 07:38:28 executing program 4: r0 = socket$xdp(0x2c, 0x3, 0x0) socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000200)=0x8, 0x1) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x100000000) 07:38:28 executing program 7: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)={0xaa, 0xfffffffffffffffd}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000240)='./control/file0\x00') rmdir(&(0x7f00000000c0)='./control\x00') umount2(&(0x7f0000000040)='./control/file1\x00', 0x0) syz_mount_image$nfs4(&(0x7f0000000080)='nfs4\x00', &(0x7f0000000100)='./control/file1\x00', 0x0, 0x0, &(0x7f0000001540), 0x0, &(0x7f0000000280)='\x00') close(r0) socket$packet(0x11, 0x2, 0x300) [ 658.392554] binder: 10965:10966 unknown command 0 07:38:28 executing program 6: modify_ldt$write2(0x11, &(0x7f0000000080)={0x8001, 0x0, 0x2000, 0xac72, 0x5, 0x2, 0xfeb, 0x1, 0x12, 0x1ff}, 0x10) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000002c0)="025cc83d6d345f8f762070") r1 = memfd_create(&(0x7f0000033ff3)='\x00', 0x0) r2 = syz_open_dev$sndseq(&(0x7f0000027ff3)='/dev/snd/seq\x00', 0x0, 0x20005) r3 = dup2(r2, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000037000)={0x0, 0x0, 0x0, "9ede7a8c5ae95e4800800000000000604f13eeab65c0322901dc6bd36cde2c39f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa0500000074dbcfa6dc4d"}) write$sndseq(r1, &(0x7f000000a000)=[{0x7, 0x3, 0x0, 0x0, @tick=0xfffffffffffffffd, {}, {}, @ext={0x0, &(0x7f0000038ffe)}}], 0x30) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000000)={0x3f}) 07:38:28 executing program 3: syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x40000) openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x40, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800470000600000000000009078ac141400ac1414aa4404f800440400000420880b0000000000000800000086dd080088be00000000100000000100000000000000080022eb000000002000000002000000000000000000000008006558000000000307623ffecb02ce1f80b2707391b753c53c7fcd34a88e0b0b4f6befe43cf5da3502e3f340aac6b9a3cb94a767364b05cecb29ce238c775e4989c7a465ced115aa8ddf884bb7e6ec9cf187620f346cd73ac7f7573b97706e3d645ab696c51dd28b119f9d662bb0f9d64947a1295e2e3a1db6285f2efc5469ed93dea9e49630b29dc7ec8ad84ee2d9a1e0d0fdde1be4c5cb994870d44498287eae90eb74abe16b022a7623bc86acfdef24a14a65c649807a7561c12c16ac94d0c6695144181ff27cf9c1f2499e06aba076581d6ddd3adc8f5c5e592129959793498e6e9bb5f77e4c1d"], 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) 07:38:28 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000080)=0xfffe, 0x3e4) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x1, &(0x7f0000000000)="025cc875cf98c98f762078") bind$unix(r1, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e22}, 0x6e) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x80000, 0x0) ioctl$KDSETMODE(r3, 0x4b3a, 0x2) listen(r0, 0x80009) connect$unix(r1, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e22}, 0xfffffffffffffe8f) [ 658.413916] binder: 10965:10966 ioctl c0306201 20000080 returned -22 [ 658.431199] binder: BINDER_SET_CONTEXT_MGR already set [ 658.443623] binder: 10965:10966 ioctl 40046207 0 returned -16 07:38:28 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x111400, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000580)=0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000040)=0x80000000001, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10) write$binfmt_elf64(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="7f454c4602050107934700000000000003000000060000005902000000000000400000000000000067010000000000000700000000083800010008000300ff000400000008000000f9ffffffffffffff06000000000000000300000000000000020000000000000001000080000000000010000000000000502b13b7a162b1970636e6c9fc66074a1ed2c336661705e1482b383395db74fa285bc1c9360186dcc5d3b3496a95e924ebe01abedea8585dc51d6048fdd893865bc4571dc66e34c9f21bf70612b8a2f1c55f143883631296fe0ec08780813590a434448bda9f7bf7b4020a8032352e4b36de64508828fd2053e477d056d07205fb4b0930e0c41966d2accf64cbaf6b9d16629c8a164645603426a74b3826f5274d673b9e074f49075825fc64d91f0f1c9cff7853d15fd1d3d3aa48c618828b78b42f0b9fb68d60cb09981d4581d27901b2dd0686d9433926e1dac8fb08dc4f590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008956000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007fbe85e8bc937088b0ff19ae492e78916b4a4a99dbca8210206c2942f1d826fe653383c6aa91e8633492d87b5ab1c03eafbfd0e3bacd43fabb134a2d0c1ebcc3575d46bc42cc2c65f494b04746b766f26f892a368d4591ab60ba7d1d8386caef6cf43a27c763723ca41477e774816b6a8a8ca824b7b99cacd5af8af2cf3a4d8630f3fee89be650e1e5e721fea9958a8e96de331f3c560c2122e5ed236bf6c7af24e8b4c2518ac9bfb9bd4f07708bb55c"], 0x6c1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendto$inet(r0, &(0x7f0000000240)="8e", 0x1, 0x0, &(0x7f0000000280)={0x2, 0x0, @multicast2=0xe0000002}, 0x10) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000140)) [ 658.464758] binder: 10965:10973 unknown command 0 [ 658.470905] binder: 10965:10973 ioctl c0306201 20000080 returned -22 [ 659.294848] FAULT_FLAG_ALLOW_RETRY missing 30 [ 659.299402] CPU: 1 PID: 10934 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 659.307868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.317208] Call Trace: [ 659.319785] dump_stack+0x1c9/0x2b4 [ 659.323410] ? dump_stack_print_info.cold.2+0x52/0x52 [ 659.328579] ? rb_erase+0x3550/0x3550 [ 659.332366] handle_userfault.cold.33+0x47/0x62 [ 659.337021] ? plist_check_list+0x7e/0xa0 [ 659.341166] ? plist_check_list+0xa0/0xa0 [ 659.345299] ? lock_acquire+0x1e4/0x540 [ 659.349256] ? userfaultfd_ioctl+0x5430/0x5430 [ 659.353827] ? trace_hardirqs_on+0x10/0x10 [ 659.358052] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 659.363393] ? plist_del+0x4a1/0x9d0 [ 659.367092] ? perf_event_update_userpage+0xd30/0xd30 [ 659.372267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.377783] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 659.382953] ? cgroup_rstat_updated+0xe6/0x470 [ 659.387532] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 659.391941] ? update_curr+0x200/0xc00 [ 659.395827] ? trace_hardirqs_on+0x10/0x10 [ 659.400049] ? trace_hardirqs_on+0x10/0x10 [ 659.404266] ? kasan_check_read+0x11/0x20 [ 659.408397] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 659.412959] ? compat_start_thread+0x80/0x80 [ 659.417357] ? lock_acquire+0x1e4/0x540 [ 659.421316] ? __handle_mm_fault+0x3a38/0x44a0 [ 659.425880] ? lock_downgrade+0x8f0/0x8f0 [ 659.430013] ? kasan_check_read+0x11/0x20 [ 659.434158] ? do_raw_spin_unlock+0xa7/0x2f0 [ 659.438556] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 659.443132] ? kasan_check_write+0x14/0x20 [ 659.447357] ? do_raw_spin_lock+0xc1/0x200 [ 659.451575] __handle_mm_fault+0x3a45/0x44a0 [ 659.455980] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 659.460802] ? __sched_text_start+0x8/0x8 [ 659.464931] ? reweight_entity+0x7ed/0x1100 [ 659.469233] ? lock_release+0xa30/0xa30 [ 659.473192] ? lock_acquire+0x1e4/0x540 [ 659.477163] ? handle_mm_fault+0x417/0xc80 [ 659.481388] ? lock_downgrade+0x8f0/0x8f0 [ 659.485518] ? lock_release+0xa30/0xa30 [ 659.489476] ? mem_cgroup_from_task+0xcb/0x1f0 [ 659.494046] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 659.498784] handle_mm_fault+0x53e/0xc80 [ 659.502844] ? __handle_mm_fault+0x44a0/0x44a0 [ 659.507422] ? find_vma+0x34/0x190 [ 659.510944] __do_page_fault+0x620/0xe50 [ 659.514988] ? mm_fault_error+0x380/0x380 [ 659.519117] ? reweight_entity+0x1100/0x1100 [ 659.523505] do_page_fault+0xf6/0x8c0 [ 659.527287] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 659.532714] ? vmalloc_sync_all+0x30/0x30 [ 659.536847] ? lock_acquire+0x1e4/0x540 [ 659.540800] ? __might_fault+0x12b/0x1e0 [ 659.544861] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 659.549688] page_fault+0x1e/0x30 [ 659.553125] RIP: 0010:__get_user_4+0x21/0x30 [ 659.557505] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 659.576624] RSP: 0018:ffff8801b1877538 EFLAGS: 00010202 [ 659.581969] RAX: 0000000020013e98 RBX: 1ffff1003630eeae RCX: ffffc90005630000 [ 659.589216] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 659.596466] RBP: ffff8801b1877cb8 R08: 1ffff1003630ee84 R09: 0000000000000000 [ 659.603713] R10: ffffed0032041e91 R11: ffff88019020f48b R12: ffff88019020f400 [ 659.610962] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 659.618219] ? __might_fault+0x1a3/0x1e0 [ 659.622264] ? sctp_setsockopt+0x1e13/0x6db0 [ 659.626657] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 659.632347] ? migrate_swap_stop+0x850/0x850 [ 659.636734] ? kasan_check_write+0x14/0x20 [ 659.640950] ? trace_hardirqs_on+0x10/0x10 [ 659.645175] ? __account_cfs_rq_runtime+0x770/0x770 [ 659.650183] ? set_next_entity+0x2dd/0xb00 [ 659.654403] ? trace_hardirqs_on+0x10/0x10 [ 659.658619] ? update_load_avg+0x27d0/0x27d0 [ 659.663006] ? __enqueue_entity+0x10d/0x1f0 [ 659.667309] ? __unqueue_futex+0x2e0/0x2e0 [ 659.671528] ? pick_next_task_fair+0x999/0x16e0 [ 659.676184] ? run_rebalance_domains+0x4c0/0x4c0 [ 659.680920] ? finish_task_switch+0x1d3/0x870 [ 659.685393] ? lock_downgrade+0x8f0/0x8f0 [ 659.689519] ? finish_task_switch+0x18a/0x870 [ 659.693993] ? lock_acquire+0x1e4/0x540 [ 659.697947] ? __fget+0x4ac/0x740 [ 659.701380] ? lock_downgrade+0x8f0/0x8f0 [ 659.705520] ? lock_release+0xa30/0xa30 [ 659.709474] ? trace_hardirqs_on+0xd/0x10 [ 659.713604] ? _raw_spin_unlock_irq+0x27/0x70 [ 659.718077] ? finish_task_switch+0x18a/0x870 [ 659.722554] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 659.727997] ? __fget+0x4d5/0x740 [ 659.731429] ? ksys_dup3+0x690/0x690 [ 659.735125] ? __schedule+0x884/0x1ea0 [ 659.738999] ? __fget_light+0x2f7/0x440 [ 659.742954] ? fget_raw+0x20/0x20 [ 659.746388] ? get_unused_fd_flags+0x1a0/0x1a0 [ 659.750955] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 659.756472] ? schedule+0xfb/0x450 [ 659.760004] ? alloc_file+0x430/0x430 [ 659.763787] sock_common_setsockopt+0x9a/0xe0 [ 659.768266] __sys_setsockopt+0x1c5/0x3b0 [ 659.772392] ? kernel_accept+0x310/0x310 [ 659.776441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.781960] ? syscall_slow_exit_work+0x500/0x500 [ 659.786784] __x64_sys_setsockopt+0xbe/0x150 [ 659.791179] do_syscall_64+0x1b9/0x820 [ 659.795050] ? finish_task_switch+0x1d3/0x870 [ 659.799524] ? syscall_return_slowpath+0x5e0/0x5e0 [ 659.804437] ? syscall_return_slowpath+0x31d/0x5e0 [ 659.809355] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 659.814354] ? prepare_exit_to_usermode+0x291/0x3b0 [ 659.819351] ? perf_trace_sys_enter+0xb10/0xb10 [ 659.824002] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 659.828829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.833999] RIP: 0033:0x455ab9 [ 659.837167] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 659.856309] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 659.863995] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 659.871242] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 659.878492] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 659.885739] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 659.892991] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:30 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x2080003) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000140)) setsockopt$inet6_MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x4e21, 0x7fffffff, @local={0xfe, 0x80, [], 0xaa}, 0x3135}, {0xa, 0x4e22, 0x8000, @loopback={0x0, 0x1}, 0x3e}, 0x40, [0x0, 0x17, 0x2, 0x1, 0x1, 0x80, 0x40, 0xaf1d]}, 0x5c) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xffffff7f00000000, &(0x7f0000000400)}) 07:38:30 executing program 4: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000000)={0x62, 0x1, 0x100000000, 0x100000000}, 0x10) setfsuid(r1) setfsuid(r1) 07:38:30 executing program 6: r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x2) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000000c0), &(0x7f0000000140)=0x8) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)=0xffffffffffffffff) write$P9_RFSYNC(r0, &(0x7f0000000040)={0x7, 0x33, 0x2}, 0x7) write$vnet(r0, &(0x7f0000002440)={0x1, {&(0x7f00000025c0)=""/246, 0xf6, &(0x7f0000002340)=""/201}}, 0x68) 07:38:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000967918eb551279da000000000000020000"], 0x20}, 0x1}, 0x0) 07:38:30 executing program 7: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0xc000, 0x0) ioctl$void(r0, 0x0) socketpair(0x3, 0x80000, 0x8, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) timer_create(0x0, &(0x7f0000000180)={0x0, 0x38}, &(0x7f0000000140)) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$inet6_tcp_buf(r2, 0x6, 0x1f, &(0x7f0000000040)="0e66434ff8a8bbe650efea6180ee69524088ad6f64e9f7f70202d9805d74e761d9711573998464ef3e1a1bb92599fe6ab4afe88b8f2b9affe4eef8aac3841029f2c6d4166060db2bfccf3822372e0bff869a8276af0fc98d326935708263769afd3712c68515b565a88645003ef0245226708a873d2488faccaa88554d489611cf76fbc33432f4dce88a5546090055446fa769e49d1dfe", 0x97) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) 07:38:30 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x890f, &(0x7f0000000280)="024000d20d000000000000") r1 = userfaultfd(0x0) socket(0xf, 0x1, 0x9) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) ioctl$SG_EMULATED_HOST(r3, 0x2203, &(0x7f0000000040)) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) eventfd2(0x5, 0x80800) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000100)="9af5cf446d44000fc5dab032889a77f04966baf80cb8f842488fef66bafc0cb079ee0f20c035200000000f22c0b9aa0a0000b848000000ba000000000f3066ba2100ecb805000000b9000000000f01c1b918020000b806a7c364bac7a653380f3066b808018ec0", 0x67}], 0x1, 0x0, &(0x7f0000000200), 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001440)={0x5, 0x0, [{0x3004, 0x90, &(0x7f00000002c0)=""/144}, {0x3001, 0xa, &(0x7f0000000080)=""/10}, {0xd000, 0x1000, &(0x7f0000000380)=""/4096}, {0x2, 0xa3, &(0x7f0000001380)=""/163}, {0x10002, 0x53, &(0x7f0000000200)=""/83}]}) 07:38:30 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x8, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000012000/0x1000)=nil, 0x1000}, 0x1}) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x3}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) close(r6) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r2) 07:38:30 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x200000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000200)={0x1, 0xe64, 0xffffffff00000000, 'queue1\x00'}) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x3, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x80000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x106, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000180)={0x10, 0xa, 0xfa00, {&(0x7f00000000c0), 0x1, {0xa, 0x4e20, 0x7fff, @loopback={0x0, 0x1}, 0xbf2d}, r2}}, 0x38) 07:38:30 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)="025cc83d6d345f8f7620708e07416a8970dec9e1f49a4692fad230a1f14640e1deab6d965bd8ef1d3545696976fbad6ab9cdf9d3428adac0c675ac7ad7a7200002f8865862802941a9e1c8f338ad9b2f90412064f5e61b9a95e2c7f4af72a924b4636b29d996bdd118faf5fbf9cbf1821f6fb0e2c51092300bfaca78c0e48d49eeed55f06dbb48a64e53dd01587c1d3cda13f9d7b7f2529b4a06a6b4bf073db6c18645f092a381087d1796e4d92aa66b5aa0b3cef1d16c9203d42ce5aa22bbc061af741ecfb4061913492b268fa782a8d1c8cf") r1 = socket(0x10, 0x80002, 0x0) fsync(r0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000001000010000000000000000000a0000000000000000320000"], 0x1c}, 0x1}, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000580)={0x0, 0x84a, 0x61f98474714abd53, 0x80, 0x7ff}, &(0x7f00000005c0)=0x18) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000600)={r2, 0x1da6}, 0xfffffffffffffe37) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000000c0)="c3895c8dc58461e2c78a04ad1471cb0dd18c4a27df47f150096bc53e2ca62a4f671e249a167b337645b47b28f8e3f57978afef9a4cb9a300502add23a2e497a67e4790dcb8cb48082bd54b", 0x4b}, {&(0x7f0000000300)="6dbbe76d1ad2b5c2433e5098808cf67b91cdf471e7e4e80870f85bffd8e5d596e1abcad91c0ccf430fb17718d6de41ef56e89fc035f4d5457041049f35b18dffd0914e143539e022fdf9b3f3b9d276d99b1f81a2857846c3bd31a0e50c6434504a6a67da776d631607a6131cc050f26d793ab4846e7b8c88cf909c905e1e2267eb2cc0516cc8673755a9bfa860e14c9665e86e9ed20c89e1e270b2d84536065b827de30fa6503e3cd27be9a84ba239a8a9bd8de1d3b24a6db373070cbcc6d1a0e4778ffb58232e1b983a0f06983fd0", 0xcf}, {&(0x7f0000000400)="adba1b8fb34224fd41d2259c6b47f4a31049e41ceac064c62d70cb19f962d292ae9d7928f45f122ac5d22a6c2cd1ec86c3f2", 0x32}, {&(0x7f0000000440)="6de7f96257ceb3bded4749379b53e07b8365e76142efdea0c1f680ec6f96d666822b7b034329fcf01f25b7758d186035f4fbec79551ae18ed28baca924e27203c0cf960be6ed7e77ddd18e02c817a677b56321ccdfc2a72c676ea66adc3fe6986c94e1599ff994947e0e5905add591b30d2b352e029b0e158b42748ce8eb96497f0ebd93ca5a155142ac6b55d981b1bf28110d85a987c001dcfe897079e24556c55f252ce91766984c73bc1d09c2d4a149d247b9e911cd827648a40349705cd2a41fdc7087a0edb6df81910294ecaecb0c2a472fe265359640c178dffb7d5ee0f70fecb763a1", 0xe6}], 0x4, &(0x7f0000000100)}], 0x1, 0x0) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000640)=0x0) timer_create(0x7, &(0x7f0000000680)={0x0, 0x2e, 0x2, @tid=r3}, &(0x7f00000006c0)) ioctl(r1, 0x6, &(0x7f0000000700)="ca807505dab49fd1796a15ef04cf86f19d82513be6a55a72ed577b985d2ba9218b") [ 660.070573] binder: 11020:11022 unknown command 0 [ 660.088823] binder: 11020:11022 ioctl c0306201 20000080 returned -22 [ 660.107344] binder: BINDER_SET_CONTEXT_MGR already set [ 660.113329] binder: 11020:11022 ioctl 40046207 0 returned -16 07:38:30 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0x0, 0x0}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x800, 0x0) write$P9_RREADDIR(r1, &(0x7f0000000140)={0xa6, 0x29, 0x2, {0x2, [{{0x80, 0x0, 0x3}, 0x20, 0x2, 0x7, './file0'}, {{0x2, 0x1, 0x6}, 0x4, 0x8000, 0x7, './file0'}, {{0x2, 0x0, 0x3}, 0x10001, 0x1, 0x7, './file0'}, {{0x0, 0x2, 0x7}, 0x5, 0x1, 0x7, './file0'}, {{0x4, 0x2, 0x2}, 0x9, 0x5d8b, 0x7, './file0'}]}}, 0xa6) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f00000000c0)}}, {{&(0x7f0000000080)=@nfc={0x27}, 0x80, &(0x7f0000007380), 0x0, &(0x7f0000000000)=[{0x18, 0x1, 0x1, "03"}], 0x18}}], 0x2, 0x0) 07:38:30 executing program 7: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x80000101005, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x800, 0x0, 0x8, 'queue1\x00', 0x85}) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000000)=0x717dc3d4) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f00000001c0)=0x534efde5d2bae475) pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000140)="80fd02090040", 0x6}], 0x1, 0x0) 07:38:30 executing program 0: r0 = socket$packet(0x11, 0x2000000002, 0x300) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) dup3(r1, r0, 0x0) 07:38:30 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000280)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') fstat(r2, &(0x7f00000002c0)) r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_RX_RING(r5, 0x10e, 0x6, &(0x7f0000000100)={0x8, 0x3ff, 0x100000001, 0x100000000}, 0x10) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) close(r1) mmap(&(0x7f0000011000/0x1000)=nil, 0x1000, 0x2, 0x10010, r1, 0x0) [ 660.128521] binder: 11020:11043 unknown command 0 [ 660.138900] binder: 11020:11043 ioctl c0306201 20000080 returned -22 07:38:30 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp\x00') r2 = socket$inet(0x2, 0x802, 0x0) sendfile(r2, r1, &(0x7f0000000040)=0x42020, 0x80000003) accept4$packet(r1, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000580)=0x14, 0x0) recvfrom(r2, &(0x7f0000000000)=""/17, 0x11, 0x40000021, &(0x7f00000005c0)=@xdp={0x2c, 0x0, r3, 0x20}, 0x80) 07:38:30 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x3000007, 0x32, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000040)=0x2, 0x4, 0x0, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000100)=0x2, 0x2) pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = userfaultfd(0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xac, r3, 0xc00, 0x70bd2a, 0x25dfdbff, {0xe}, [@IPVS_CMD_ATTR_SERVICE={0x5c, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local={0xfe, 0x80, [], 0xaa}}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xbe}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bond\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x800}, 0x20000090) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080)={0xaa}) fcntl$setstatus(r0, 0x4, 0x400000000002001) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000340)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x81020200}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r4, 0x200, 0x70bd2a, 0x25dfdbff, {0x3}, [@FOU_ATTR_TYPE={0x8, 0x4, 0x3}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e20}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) dup2(r1, r0) dup2(r0, r2) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x8, 0x4, 0x81, 0x7, 0x80000000}) 07:38:31 executing program 1: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x20000, 0x0) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f00000004c0)=""/204) r1 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000000400)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) setgid(r9) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000380), &(0x7f00000003c0)=0x6) close(r1) close(r2) 07:38:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x1063084000000000, &(0x7f0000000400)}) 07:38:31 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x101100) ioctl$TIOCCONS(r1, 0x541d) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) read(r2, &(0x7f0000000000)=""/250, 0xfa) 07:38:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f000055a000)={{0x2, 0x0, @loopback=0x7f000001}, {0x0, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}}, 0xfffffffffffffffa, {0x2, 0x0, @rand_addr}}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x400000, 0x0) openat(r1, &(0x7f0000000080)='./file0\x00', 0x14000, 0x80) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)=0x100000001) 07:38:31 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) socketpair(0x7, 0xa, 0x2, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000340)) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f0000000480)='./control\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) prlimit64(r5, 0x5, &(0x7f0000000100)={0x7, 0x5c06}, &(0x7f0000000140)) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) ioctl$KVM_GET_MSRS(r6, 0xc008ae88, &(0x7f0000000280)={0x4, 0x0, [{}, {}, {}, {}]}) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000380)=ANY=[@ANYBLOB="0600000000000000000000405f0200000200000005000000030000000000000008000000000000000000000000000000000000c0010000000700000004000000ea0000000800000003000000000000000000000000000000070000c001000000020000000000d5ad16f9230000260e0000000000000000ffff000000000000000000000000000000c005000000050000000600000000100000ff0000006900000000000000000000000000000004000000090000000000000001000000609e000003000000000000070100000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000"]) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:31 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) socket$inet6(0xa, 0x6, 0x2) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$netlink(r1, 0x10e, 0x5, &(0x7f00008f9000)=""/12, &(0x7f0000000000)=0xc) r2 = dup2(r1, r0) getdents64(r2, &(0x7f0000000140)=""/243, 0xf3) ioctl(r1, 0x2de5, &(0x7f0000000040)="fb95687f28218357f2a5ce82cae2495929ab9347da31e0a075b8e2474d293ab9fdbfc8ba664032936a90f0a118bb7a56ff4d8ad4f77d348c467ca8a515ed38ff0c7862c9f2823b7a2cfe152ba94f82209eb3b5f0f189319ad80235bc42a6998eb4b5fc7cb340e04a41c1df1db2761ba3cf4a57bac9d7a6dfb1423abbb9a6defcdff7a0b62429b93dc5b80904a1081ddcae59aebb4d1f7cf1993d172c7395bc8fe6f86088d9ac5cf3e2756b5b6ef8521f50cec9c7d3e4faa38de05c73280bc3bcb927771b6a93df0e18f7ae2468d73ea85a") 07:38:31 executing program 6: r0 = dup(0xffffffffffffffff) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000780), &(0x7f00000007c0)=0x40) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005", 0x5) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f00000023c0), 0x218, &(0x7f0000000200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000000040)=@alg, 0x80, &(0x7f0000000140)=[{&(0x7f0000002840)=""/4096, 0x7ffff000}], 0x1, &(0x7f00000000c0)=""/87, 0x57}, 0x0) 07:38:31 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(cast5))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000dc1000)="71e67a15cd", 0x5) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0x407ff, &(0x7f00000000c0)=0x0) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000080)=0x68) io_submit(r2, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000340), 0x87}]) 07:38:31 executing program 0: syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000200)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0xc0185879, &(0x7f0000000000)={0x0, 0x0, 0x0, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 'veth1_to_bridge\x00'}) [ 661.267619] binder: 11095:11097 unknown command 0 [ 661.285747] binder: 11095:11097 ioctl c0306201 20000080 returned -22 [ 661.297894] binder: BINDER_SET_CONTEXT_MGR already set [ 661.304098] binder: 11095:11097 ioctl 40046207 0 returned -16 07:38:31 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) write$binfmt_elf64(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="7f44"], 0x2) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40302, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000080)=0x5, 0x4) r3 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000040)={0x7f}) 07:38:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x8631040, &(0x7f0000000400)}) [ 661.321552] binder: 11095:11111 unknown command 0 [ 661.334226] binder: 11095:11111 ioctl c0306201 20000080 returned -22 07:38:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="390000001300090468fe0700000000000700ff3f03000000450001070000001419001a000400020007000a000200000800005d14a4e91ee438", 0x39}], 0x1) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x8, 0x80000) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000080)) 07:38:31 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0xfffffd0a) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x424000, 0x0) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, &(0x7f0000000040)={0x6, 0x2}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7295df0df8217ad4000000200000000e6", 0x20) 07:38:31 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f80762070") r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x28}) r4 = getpgrp(0x0) syz_open_procfs(r4, &(0x7f0000000000)='mounts\x00') [ 661.396408] binder: 11132:11133 unknown command 0 [ 661.401773] binder: 11132:11133 ioctl c0306201 20000080 returned -22 [ 661.411698] binder: BINDER_SET_CONTEXT_MGR already set [ 661.417287] binder: 11132:11133 ioctl 40046207 0 returned -16 07:38:31 executing program 7: fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x1ff, &(0x7f00000001c0)=""/226) r1 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x4, 0x208000) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') sendmsg$FOU_CMD_GET(r1, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x204800}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r2, 0x800, 0x70bd2c, 0x25dfdbfb, {0x3}, [@FOU_ATTR_TYPE={0x8, 0x4, 0x1}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x2b}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4050) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000001c40)={0x10}, 0xc, &(0x7f0000001c80)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000102e9900110c00000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001300", @ANYRES32=0x0, @ANYBLOB="1000820002003fccbb316390dba6f6525eeef3ec5c7249204f7e46e42c0160dd1e1b045c"], 0x38}, 0x1}, 0x0) [ 661.449280] binder: 11132:11137 unknown command 0 [ 661.455730] binder: 11132:11133 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 661.464414] binder: 11132:11137 ioctl c0306201 20000080 returned -22 [ 662.242690] FAULT_FLAG_ALLOW_RETRY missing 30 [ 662.247286] CPU: 0 PID: 11103 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 662.255793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.265181] Call Trace: [ 662.267765] dump_stack+0x1c9/0x2b4 [ 662.271388] ? dump_stack_print_info.cold.2+0x52/0x52 [ 662.276569] ? rb_erase+0x3550/0x3550 [ 662.280356] handle_userfault.cold.33+0x47/0x62 [ 662.285006] ? plist_check_list+0x7e/0xa0 [ 662.289139] ? plist_check_list+0xa0/0xa0 [ 662.293285] ? lock_acquire+0x1e4/0x540 [ 662.297242] ? userfaultfd_ioctl+0x5430/0x5430 [ 662.301817] ? trace_hardirqs_on+0x10/0x10 [ 662.306033] ? plist_del+0x4a1/0x9d0 [ 662.309730] ? plist_add+0x790/0x790 [ 662.313427] ? lock_release+0xa30/0xa30 [ 662.317383] ? cpuacct_charge+0x30a/0x5d0 [ 662.321524] ? cgroup_rstat_updated+0xe6/0x470 [ 662.326103] ? do_raw_spin_lock+0xa0/0x200 [ 662.330320] ? update_curr+0x4e7/0xc00 [ 662.334193] ? trace_hardirqs_on+0x10/0x10 [ 662.338426] ? kasan_check_read+0x11/0x20 [ 662.342556] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 662.347119] ? compat_start_thread+0x80/0x80 [ 662.351510] ? lock_acquire+0x1e4/0x540 [ 662.355473] ? __handle_mm_fault+0x3a38/0x44a0 [ 662.360038] ? lock_downgrade+0x8f0/0x8f0 [ 662.364181] ? kasan_check_read+0x11/0x20 [ 662.368329] ? do_raw_spin_unlock+0xa7/0x2f0 [ 662.372730] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 662.377295] ? kasan_check_write+0x14/0x20 [ 662.381522] ? do_raw_spin_lock+0xc1/0x200 [ 662.385761] __handle_mm_fault+0x3a45/0x44a0 [ 662.390159] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 662.395007] ? __sched_text_start+0x8/0x8 [ 662.399139] ? reweight_entity+0x7ed/0x1100 [ 662.403442] ? lock_release+0xa30/0xa30 [ 662.407397] ? lock_acquire+0x1e4/0x540 [ 662.411350] ? handle_mm_fault+0x417/0xc80 [ 662.415565] ? lock_downgrade+0x8f0/0x8f0 [ 662.419699] ? lock_release+0xa30/0xa30 [ 662.423662] ? mem_cgroup_from_task+0xcb/0x1f0 [ 662.428222] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 662.432962] handle_mm_fault+0x53e/0xc80 [ 662.437003] ? __handle_mm_fault+0x44a0/0x44a0 [ 662.441566] ? find_vma+0x34/0x190 [ 662.445102] __do_page_fault+0x620/0xe50 [ 662.449170] ? mm_fault_error+0x380/0x380 [ 662.453314] do_page_fault+0xf6/0x8c0 [ 662.457101] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 662.462542] ? vmalloc_sync_all+0x30/0x30 [ 662.466675] ? lock_acquire+0x1e4/0x540 [ 662.470638] ? __might_fault+0x12b/0x1e0 [ 662.474691] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 662.479521] page_fault+0x1e/0x30 [ 662.482967] RIP: 0010:__get_user_4+0x21/0x30 [ 662.487357] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 662.506498] RSP: 0018:ffff880195f57538 EFLAGS: 00010202 [ 662.512015] RAX: 0000000020013e98 RBX: 1ffff10032beaeae RCX: ffffc90005630000 [ 662.519352] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 662.526599] RBP: ffff880195f57cb8 R08: 1ffff10032beae84 R09: 0000000000000000 [ 662.533858] R10: ffffed0038d4ccb9 R11: ffff8801c6a665cb R12: ffff8801c6a66540 [ 662.541109] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 662.548364] ? __might_fault+0x1a3/0x1e0 [ 662.552410] ? sctp_setsockopt+0x1e13/0x6db0 [ 662.556800] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 662.562492] ? migrate_swap_stop+0x850/0x850 [ 662.566881] ? kasan_check_write+0x14/0x20 [ 662.571100] ? trace_hardirqs_on+0x10/0x10 [ 662.575315] ? __account_cfs_rq_runtime+0x770/0x770 [ 662.580313] ? set_next_entity+0x2dd/0xb00 [ 662.584528] ? trace_hardirqs_on+0x10/0x10 [ 662.588741] ? update_load_avg+0x27d0/0x27d0 [ 662.593389] ? __enqueue_entity+0x10d/0x1f0 [ 662.597701] ? __unqueue_futex+0x2e0/0x2e0 [ 662.601929] ? pick_next_task_fair+0x999/0x16e0 [ 662.606587] ? kasan_kmalloc+0xc4/0xe0 [ 662.610472] ? alloc_empty_file+0x72/0x170 [ 662.614694] ? run_rebalance_domains+0x4c0/0x4c0 [ 662.619430] ? finish_task_switch+0x1d3/0x870 [ 662.623917] ? lock_downgrade+0x8f0/0x8f0 [ 662.628043] ? finish_task_switch+0x18a/0x870 [ 662.632533] ? lock_acquire+0x1e4/0x540 [ 662.636488] ? __fget+0x4ac/0x740 [ 662.639922] ? lock_downgrade+0x8f0/0x8f0 [ 662.644053] ? lock_release+0xa30/0xa30 [ 662.648022] ? trace_hardirqs_on+0xd/0x10 [ 662.652171] ? _raw_spin_unlock_irq+0x27/0x70 [ 662.656651] ? finish_task_switch+0x18a/0x870 [ 662.661128] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 662.666562] ? __fget+0x4d5/0x740 [ 662.669995] ? ksys_dup3+0x690/0x690 [ 662.673706] ? __schedule+0x884/0x1ea0 [ 662.677588] ? __fget_light+0x2f7/0x440 [ 662.681551] ? fget_raw+0x20/0x20 [ 662.684982] ? get_unused_fd_flags+0x1a0/0x1a0 [ 662.689548] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 662.695069] ? schedule+0xfb/0x450 [ 662.698612] ? alloc_file+0x430/0x430 [ 662.702398] sock_common_setsockopt+0x9a/0xe0 [ 662.706883] __sys_setsockopt+0x1c5/0x3b0 [ 662.711281] ? kernel_accept+0x310/0x310 [ 662.715325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 662.720845] ? syscall_slow_exit_work+0x500/0x500 [ 662.725669] __x64_sys_setsockopt+0xbe/0x150 [ 662.730592] do_syscall_64+0x1b9/0x820 [ 662.734458] ? finish_task_switch+0x1d3/0x870 [ 662.738931] ? syscall_return_slowpath+0x5e0/0x5e0 [ 662.743850] ? syscall_return_slowpath+0x31d/0x5e0 [ 662.748761] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 662.753761] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 662.758606] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 662.763782] RIP: 0033:0x455ab9 [ 662.766947] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 662.786084] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 662.793780] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 662.801028] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000016 [ 662.808290] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 662.815537] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 662.822786] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 [ 662.939518] FAULT_FLAG_ALLOW_RETRY missing 30 [ 662.944102] CPU: 1 PID: 11158 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 662.952577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.961919] Call Trace: [ 662.964500] dump_stack+0x1c9/0x2b4 [ 662.968111] ? dump_stack_print_info.cold.2+0x52/0x52 [ 662.973295] ? kasan_check_write+0x14/0x20 [ 662.977513] ? do_raw_spin_lock+0xc1/0x200 [ 662.981744] handle_userfault.cold.33+0x47/0x62 [ 662.986399] ? userfaultfd_ioctl+0x5430/0x5430 [ 662.990960] ? trace_hardirqs_on+0x10/0x10 [ 662.995181] ? lock_acquire+0x1e4/0x540 [ 662.999137] ? cgroup_get_e_css+0x1bf/0xb30 [ 663.003445] ? lock_downgrade+0x8f0/0x8f0 [ 663.007582] ? lock_release+0xa30/0xa30 [ 663.011540] ? cgroup_css.part.17+0x12c/0x200 [ 663.016028] ? userfaultfd_ctx_put+0x810/0x810 [ 663.020601] ? cgroup_get_e_css+0x140/0xb30 [ 663.024918] ? lock_acquire+0x1e4/0x540 [ 663.028889] ? wb_get_create+0x35e/0x1f10 [ 663.033020] ? lock_downgrade+0x8f0/0x8f0 [ 663.037153] ? trace_hardirqs_on+0x10/0x10 [ 663.041381] ? lock_acquire+0x1e4/0x540 [ 663.045346] ? __handle_mm_fault+0x3a38/0x44a0 [ 663.049928] ? lock_downgrade+0x8f0/0x8f0 [ 663.054061] ? kasan_check_read+0x11/0x20 [ 663.058196] ? do_raw_spin_unlock+0xa7/0x2f0 [ 663.062589] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 663.067158] ? kasan_check_write+0x14/0x20 [ 663.071390] ? do_raw_spin_lock+0xc1/0x200 [ 663.075607] __handle_mm_fault+0x3a45/0x44a0 [ 663.079997] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 663.084820] ? debug_check_no_obj_freed+0x30b/0x595 [ 663.089817] ? __wake_up_common_lock+0x1d0/0x330 [ 663.094557] ? lock_acquire+0x1e4/0x540 [ 663.098509] ? handle_mm_fault+0x417/0xc80 [ 663.102739] ? lock_downgrade+0x8f0/0x8f0 [ 663.106869] ? lock_release+0xa30/0xa30 [ 663.110823] ? rcu_note_context_switch+0x730/0x730 [ 663.115740] ? mem_cgroup_from_task+0xcb/0x1f0 [ 663.120303] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 663.125052] handle_mm_fault+0x53e/0xc80 [ 663.129106] ? __handle_mm_fault+0x44a0/0x44a0 [ 663.133670] ? find_vma+0x34/0x190 [ 663.137192] __do_page_fault+0x620/0xe50 [ 663.141234] ? mm_fault_error+0x380/0x380 [ 663.145362] do_page_fault+0xf6/0x8c0 [ 663.149157] ? vmalloc_sync_all+0x30/0x30 [ 663.153288] ? do_raw_spin_lock+0xc1/0x200 [ 663.157505] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 663.163030] ? __mark_inode_dirty+0x495/0x1550 [ 663.167593] ? __inode_attach_wb+0x13e0/0x13e0 [ 663.172161] ? ext4_xattr_inode_set_class+0x60/0x60 [ 663.177168] ? get_futex_value_locked+0xcb/0xf0 [ 663.181830] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 663.186663] page_fault+0x1e/0x30 [ 663.190098] RIP: 0010:iov_iter_fault_in_readable+0x1bf/0x460 [ 663.195868] Code: ff ff ff 76 17 eb 3f e8 bf f8 1a fe 49 81 c4 00 10 00 00 4c 39 a5 30 ff ff ff 72 32 e8 aa f8 1a fe 0f 1f 00 0f ae e8 45 31 ed <41> 8a 14 24 0f 1f 00 31 ff 44 89 ee 88 95 58 ff ff ff e8 9a f9 1a [ 663.215007] RSP: 0018:ffff8801bd8ff688 EFLAGS: 00010246 [ 663.220350] RAX: 0000000000040000 RBX: 1ffff10037b1fed3 RCX: ffffc90005831000 [ 663.227598] RDX: 00000000000002b6 RSI: ffffffff8361ae16 RDI: 0000000000000005 07:38:33 executing program 3: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x440, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d}, 0x2c, {'group_id', 0x3d}, 0x2c}) socketpair(0x8, 0x0, 0x3, &(0x7f0000000040)={0xffffffffffffffff}) getdents(r2, &(0x7f0000000080), 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000480)) read$FUSE(r1, &(0x7f0000001000), 0x1000) read$FUSE(r1, &(0x7f00000030c0), 0x1000) write$FUSE_LK(r1, &(0x7f0000000180)={0x28, 0x0, 0x1, {{0x7}}}, 0x28) write$FUSE_DIRENT(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="100000000000000002000000000000004bfee5fb67b717dd44bd9a968c73e2cae346dd903887767325ae94c47cc265a28c959389864d157e271d4f2eae425cea0530f58e3621abe0c20a3ad1b450a963ffb88db7bf6282a616b06c140a461c9557b6818f2c83ed2602a58e47faadc0038cf60dbfb07bccd34a9f71c857c357ff6c71393b31e7c14f45432253b8c13058f3d7f1d85ace9c1bb1de0cc37a46cf3c69a4a85b07fb658a8138925c77d59805eeba653c05595fa8"], 0xb8) [ 663.234848] RBP: ffff8801bd8ff760 R08: ffff8801b75842c0 R09: ffffed003b17c643 [ 663.242113] R10: ffffed003b17c643 R11: ffff8801d8be321b R12: 0000000020011fd2 [ 663.249465] R13: 0000000000000000 R14: 0000000000000030 R15: ffff8801bd8ffbc8 [ 663.256753] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 663.261940] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 663.267115] ? copy_page_from_iter+0x890/0x890 [ 663.271699] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 663.276720] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 663.281913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.287433] ? timespec64_trunc+0xea/0x180 [ 663.291647] ? inode_init_owner+0x340/0x340 [ 663.295953] generic_perform_write+0x21b/0x6c0 [ 663.300521] ? generic_update_time+0x26a/0x450 [ 663.305101] ? add_page_wait_queue+0x2c0/0x2c0 [ 663.309664] ? file_update_time+0xe4/0x640 [ 663.313878] ? current_time+0x1b0/0x1b0 [ 663.317837] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 663.322834] ? generic_write_checks+0x385/0x5d0 [ 663.327482] ? page_endio+0x630/0x630 [ 663.331265] ? ext4_file_write_iter+0x2a1/0x1450 [ 663.336017] __generic_file_write_iter+0x26e/0x630 [ 663.340925] ext4_file_write_iter+0x390/0x1450 [ 663.345489] ? kernel_text_address+0x79/0xf0 [ 663.349879] ? ext4_file_mmap+0x410/0x410 [ 663.354005] ? __fget+0x4d5/0x740 [ 663.357440] ? ksys_dup3+0x690/0x690 [ 663.361134] ? save_stack+0xa9/0xd0 [ 663.364745] ? save_stack+0x43/0xd0 [ 663.368350] ? __kasan_slab_free+0x11a/0x170 [ 663.372738] ? kasan_slab_free+0xe/0x10 [ 663.376690] ? kmem_cache_free+0x86/0x2d0 [ 663.380828] ? putname+0xf2/0x130 [ 663.384259] ? do_sys_open+0x569/0x720 [ 663.388130] ? do_syscall_64+0x1b9/0x820 [ 663.392183] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.397530] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 663.403052] ? iov_iter_init+0xc9/0x1f0 [ 663.407006] __vfs_write+0x6af/0x9d0 [ 663.410699] ? kernel_read+0x120/0x120 [ 663.414569] ? lock_release+0xa30/0xa30 [ 663.418524] ? check_same_owner+0x340/0x340 [ 663.422829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.428356] ? __sb_start_write+0x17f/0x300 [ 663.432655] vfs_write+0x1fc/0x560 [ 663.436179] ksys_write+0x101/0x260 [ 663.439787] ? __ia32_sys_read+0xb0/0xb0 [ 663.443824] ? filp_open+0x80/0x80 [ 663.447343] __x64_sys_write+0x73/0xb0 [ 663.451211] do_syscall_64+0x1b9/0x820 [ 663.455077] ? syscall_return_slowpath+0x5e0/0x5e0 [ 663.459984] ? syscall_return_slowpath+0x31d/0x5e0 [ 663.464899] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 663.469898] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 663.474723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.479900] RIP: 0033:0x455ab9 [ 663.483065] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 663.502199] RSP: 002b:00007f9d30fe3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 663.509898] RAX: ffffffffffffffda RBX: 00007f9d30fe46d4 RCX: 0000000000455ab9 [ 663.517149] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000019 [ 663.524415] RBP: 000000000072bf48 R08: 0000000000000000 R09: 0000000000000000 [ 663.531662] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 07:38:33 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0xffffffffffffffff) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) r8 = shmget(0x3, 0x1000, 0x10, &(0x7f0000012000/0x1000)=nil) shmctl$SHM_UNLOCK(r8, 0xc) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r7) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4b}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000280)={r9, 0x9}, &(0x7f00000002c0)=0x8) 07:38:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x4000000, &(0x7f0000000400)}) 07:38:33 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffa000/0x3000)=nil) shmctl$SHM_LOCK(r1, 0xb) ioctl(r0, 0x8912, &(0x7f0000000000)="30a95c0000080000762070") setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000001c0)={0x2, {{0xa, 0x4e21, 0xd17b, @mcast2={0xff, 0x2, [], 0x1}, 0x4}}, 0x0, 0x8, [{{0xa, 0x4e23, 0x4, @local={0xfe, 0x80, [], 0xaa}, 0x1}}, {{0xa, 0x4e20, 0xe000000000000, @mcast2={0xff, 0x2, [], 0x1}, 0x7ff}}, {{0xa, 0x4e23, 0x5406, @dev={0xfe, 0x80, [], 0x19}, 0x3}}, {{0xa, 0x4e22, 0xfffffffffffffffa, @empty, 0xff}}, {{0xa, 0x4e21, 0x4ee, @remote={0xfe, 0x80, [], 0xbb}, 0x6}}, {{0xa, 0x4e21, 0x7ff, @empty, 0x1}}, {{0xa, 0x4e21, 0x6, @local={0xfe, 0x80, [], 0xaa}, 0x5}}, {{0xa, 0x4e21, 0x9, @local={0xfe, 0x80, [], 0xaa}}}]}, 0x490) r2 = socket$netlink(0x10, 0x3, 0x4) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000000c0)=0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x2, 0x470b, 0x2, 0x7f, 0x0, 0x80, 0x6400, 0x0, 0x6, 0xffff, 0xffffffffffff7967, 0x8, 0xe19, 0x0, 0x40, 0x3ff, 0x0, 0x6, 0x5, 0x80000001, 0x20, 0x4, 0x4, 0x5870, 0x5, 0x9, 0x0, 0x0, 0x80000000, 0x575, 0x20, 0x5, 0x100000001, 0xffff, 0x0, 0x7, 0x0, 0x4, 0x0, @perf_config_ext={0x10001, 0x8}, 0x18, 0x1bf9197a, 0xcf3, 0x7, 0x8, 0x7f, 0x1}, r3, 0xd, 0xffffffffffffffff, 0x1) writev(r2, &(0x7f000051c000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560884470080ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) 07:38:33 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x44}, 0xffffffffffffffc2) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=ANY=[@ANYBLOB="1800000000000000000000000000000053cc766a0000000000000000000000009500000000000000"], &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) 07:38:33 executing program 7: r0 = getpid() r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6c}, r0, 0x0, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x40000000000000df, &(0x7f0000000200)=[r2, r3]) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf50, 0x10000}) 07:38:33 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r5, &(0x7f0000000000)=""/188, 0xbc) ioctl$sock_inet_SIOCGIFPFLAGS(r5, 0x8935, &(0x7f0000000100)={'veth1_to_bond\x00', 0x9}) close(0xffffffffffffffff) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:33 executing program 4: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xdffe, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x20008, &(0x7f0000000240)=ANY=[]) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/bnep\x00') mkdirat$cgroup(r0, &(0x7f0000000240)='syz0\x00', 0x1ff) stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0}, &(0x7f0000000480)=0xc) mount$9p_unix(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x2010060, &(0x7f0000000500)={'trans=unix,', {[{@privport='privport', 0x2c}, {@afid={'afid', 0x3d, 0x9}, 0x2c}, {@nodevmap='nodevmap', 0x2c}, {@dfltuid={'dfltuid', 0x3d, r1}, 0x2c}, {@access_uid={'access', 0x3d, r2}, 0x2c}]}}) chmod(&(0x7f0000000200)='./file0\x00', 0x8cffffff) mount$9p_xen(&(0x7f0000000040)='eth0security\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x188000, &(0x7f0000000180)={'trans=xen,', {[{@loose='loose', 0x2c}]}}) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000280)=0x1) 07:38:33 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000080)="0dd2676b33a9f6588d12e232dc0d526455a64721918e478bf5ea4a55def724dd2a73a1e21e6620bebaeb50bbd9ef166d2c182a6d232e4df455ff4a1f9367ac88b636ce02daebc7f7236eaed26419f64260990488a4f949292c8cadb0eceabf7c806f0ec973414ddd9357bce0a43d45bd4fcc794949e790b0fccf5578d0db3061f3a05404b2db06b82cb74d2faceb07060b612a72efd5f6258f202f85dc60d261120f5f0b6a3e6e47b2f93d2c0fa67cb55eec6a969f7ad8d0d8a9796ab92d87d5f2", 0xc1, 0xfffffffffffffffa) r1 = add_key(&(0x7f0000000180)='blacklist\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000200)="1826f4edc2c2547beffdebac7248174d568a5308cd06ff5f807a7699f49ac749a8352ebae67baa06ee9302b490f1310553b88dc4cae3ff3868c4154758220078a4554d0ec743d63f3b065b498c5c98f4198f82b9a97abe1f3cf5dadf5cfb13baea2c525ede2467ef9da235b5bfe00b5161401a49c59fabeccc4e6ff05ea0310a882872468f4470264f0f9791fed5c1fe11d325ec257b0f6f06ab5db1576f3c1a5d8eb516b3d59fc587dd1e7b436e31c6cc5337086070008f7d22765577a812f881054c794dd2fe27060e7b0b9fbf2262808e3d8a8b9f61de1b34", 0xda, 0x0) r2 = add_key(&(0x7f0000000300)='rxrpc_s\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000380)="4efbc8891c2a459f824d73865dbf7473589b37b7f7cf6183e2a1b10dac34e395d3acdb243c52ab3fdd647b9326bd1b3939c509670d525a41e1e408a0313314f5799ee6ff073c9dcb69629db44e88af2fc0a65c6be904b7a8b20d14409f27efbfd18f5901a85a265e14eac91737037a4a365287fd2a804d6d5e6a321fd665c4428fd50dfd2e300d981bac1c6f33b64d01c26c45926315253b5c429e96113f0452e6a1b5ab03570ff2185a90dd79383ac8b462f2c96d0c282653b71b467eb3c39a65f1f6b28f4f941a44d03098351af55d7f732dda5432859ef3e47ea42c8fbdf5e47c6c95e9de", 0xe6, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000480)={r0, r1, r2}, &(0x7f00000004c0)=""/211, 0xd3, &(0x7f0000000700)={&(0x7f00000005c0)={'sha3-256\x00'}, &(0x7f0000000600)="4a74bc4e6fb9b664c31992c62f84e98a0ba7e2da4798bc1f13b8856e905a4a997aa6b8a92e5a7003ef4fc6bccf4450246f28f1af88d3ffc37682f6b5c0873a9cc28af90bd02759b14a3e8eed82fcb441c859f48e446d25bc54f144130a70a15ca772dc120eadb8522a55cc3354c9617f08691fc625168c8c9ba92a29120e67276a540dd49634353f8508d88cda8b7e6a4821fef94542cda4f8b1720026d5c444bc056e0298f57ab6cd496702eaddbd3b94c421d584951b79f4ea06687a11776c16fce80dcd04cfb348656857214f7876ce10ab7f26060041b5d670c4c13cd3008f40d052ada3097e46972f0ebd9d0993ffb529edba", 0xf5}) [ 663.538920] R13: 00000000004c2d5c R14: 00000000004d4da0 R15: 0000000000000001 07:38:33 executing program 7: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x20000, 0x0) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f00000004c0)=""/204) r1 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000000400)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) setgid(r9) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000380), &(0x7f00000003c0)=0x6) close(r1) close(r2) 07:38:33 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x0, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x4011, r1, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r3, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000000000000000100000ddc221fe6393c35fe905e206bb2330b7c738e806b7423ef4ef366858394a84b219adc9ce38432f20d2769821fb175f203c562658262cd0d4cd47e67e68589acb80c8c2fb4488beaf41aa3d9699caf28ada3f88c91a8de3dacf75f3b5a38be7006d32f90d5e10c656f0576ffcf83d534d3b9f9ddc2af3c83dba1a3f21179587996f2e4cb7d65ef5a33ad345784a26417412a3009bfe4af6c5b83051890c4ca084af880052a4333aca3ee2a304753e35c1e3186afeb68b990d7de1f0300ada3c3dcd86082ba69069d049fb70fe9168f463e49e127d9f5a9c9aaec8550dd6ff73745fabe8f54729857e62d59d3dfe83bb3b242b630662c50a9ecbff44478c03df9be0297ca54082472a622bf9ff7122450d013752ff779cce8c144bf7ac74c74b570b7e532e846b05d959e12c1be889de9ef7eade620453398c9f45a473762d9cfd1421d4ca84b6e9c6b84ab37b6746ad347a389c114f7d22b4fab6668b055280574df3d24ef89f766ee67757cefc3b47071426b7679db95b5fd1960f182b52ad563c8b6659ac6f43edace20befa9ea954a0ff12502775e989165c5cd51497280f3bf5132ee1efbfe378d1225dfcd7a715cd8a0cd135d14d59671b1bfb61223f788eb39e49e527fec1915e701b7552067c9d877b0323db4f7913a9d094495c69d33e8ed769e582bd907e2d0c74f5318cc186c111ee81b1ceec93b67449fd6f4fd71096d9366f0408246328f201acc221e598fca30e51f51fab4405f1406cd76f2f856679faa21c714445a24f776d27bc78c0ce2ef17efc13e056999b27fc98b925de48f19ed1fa15ccd8c546f912dd6b183dc2250180e5c3273090cb87eb2822f8af79c36ffa413dd0bb9dcbc21ae360a489035fa8990379366a44ecf911880ee61b5ddf4f0aacdd92dd56ab80b2f8a73e9ad63e38d867d4311349260744744b51513d2ed698a360dd93ca35b661b3cfc5a32471a4c7b01d5cead81c7c86bb57bdf8fd1ad2b24236bc6eee1aeb7f36671322888150f921abca7345508184dddbad6f7252e8790325832648015546ad63ab0d7e98975e94ef19237345ad39cf39c7ba06c63c21c56e72dacdf6cbade0cb6e089746c49f18a4d002823c02bf5085fecdf97f5d675892243b0b05ea66fc1d9d69768e43f05be62c30cb032ce7646ef2638f5d736417540a0db06d7b10285c7b68947957bb22a3f28ccd19cfb940d7192ac59c8909a5686959f020c29a1f78f30c14a9bae9c739ff157b18830e8fa8d15c7e3647ff49611ed47d16ab81af71ee64b9340f944e45978737add2f39cb88870b822e68437043fc5be70ec8baf579304eafe33ce6acea0790a22e60b99c934a4e049613ebf170bc46044fc403b3bc8f0546384be480823c5cfef9d90aa0bcadbd8ee2c27ed60769893f45b202e227cac81c28a6e529c4bef832d15fc6eac9f90109d8a770e8867fa45c14284e0d50751b6e80c0d7f2ed59df6b957fddd594a11a6e12bec8dea363e82adb164c5cd1386390c9338a6d1b5de0baf5f36c0df5c1c40d073d6bdfc54594d4ff86e7435e5b3757def352303e7c081fa5ada6fff6d0241cae86bb357072b8edeb681eb366005ddc3ee8e2950ac7f4b409d99f94f0e69861f5bc76b1b7f9154f285aabb0879af7b6fb5440329c7a86f9503444ad54037564805f9aa0b1e6cde20c0a05ea4f65aa5b9a3cc575e44c091366c04aea7f70cc84af8850c3b8a4e34cc4dd97c3e42380488e274b7f58150a15966844f214716dfa37e318bdad58a7140a28647d8a6910a11b693fc2e73bfceab38df6b8f83a9cb686b3dcf30200615398ed9bc344fc411c5553a946b633006c257fddc9eddf46c999a5e442b8dc3a8d2388e54e07bd2a307ea5d88585d7b9f14229f30633c95d92185a65e3a080def60e5fcaa7bdcdab4d82f18c5d71fd79eea89b7983bfffc79b1afa4a3a5dea5b74d984b95ce0804490659f10093699967819e1717d9f459853b3b47205d8ba78535a789b796a874f7ca1fa7ad874c4aa481d9ea19ad7c08fcfec3dc981d377805dab53b90b63de4b0adf328adac97eb76adea017777dfcbe73ec35924b0a834f153d08b8d91b41ba68334bfbefb410566b7dadd824d9ac07e4c783bd5c6c9fe675ceb05f63d95f05adf37bc7723620d2844343f4ed0595eb3e095fd982bf42230bb26e826fe846ea7ff36c5fc7fa93a38fb4518a2e0d9301d83041451902fd384f3028329a59f3267f147e25667f14db33662d29a1fcc54c0df2fc7be0ee0f17fea3450c1ad1fbe68538fd832aa198b2b055d44a93a1bfd683f4f3d912dc165a8d17f6a9c9f9da6d475cf1ec38933c56f0f4b7594efdfaef574f2e7eb46c1ec3728e653d42b603d662863e228d62b8756d46c786913b2e9457ba0dda401d0998aace04e1fff60e176dc33f6d07fddb96260b5152afdc88faf9919b68fb4c816ca3d3fc537d78dad9fd5bcfca9d13ff3858efdc9ca8bfb3a2b024aafcb3e9ca5f7fc6295e5fbfd062023808b559d7f29937a9125db4674ec3850d8e1c78580402de8f492e4352b0f1857bced5bdcfc8568accfc5901e0b5cb9907432f186cdedf676d4b156f528ddb90007bc09d2f0d12ceb8741b460cc7ed5d622d3cd2be2629e55ccbabb40b0d66687631bf621ceaf9cb8c9afe05556db16c3815f1862a02eb4b9df0978f90e3db2cd79e399046dc827f0df4bf97a840a407ed4033a515cdca7979d906600c282a6dfc27b3038b2510069b816c700c1395eebcec21c30d41ae83cd106e435ee67c1748466a4b3d97f841464888a0ffbeaa31680e79cbf2585070aac5ad323020196099a1a49e94e3f98584447af3c3112e8cb2cdd4a2588c5293d18b56072f0f3044ab9f82717893127d1e68c4351f4fa04e40028a89d15850448a621ec192b359a3b89868e5f6106ee07fa7c0ab401123ddbb0e1adf411ede939284d674439b1dffe50332e428c34a5d154570ee1b5971a313bed82d3d1582e17f17d8f4a61175e1d92a9f73f391ab6d2850b8b049f74c6fc74fb47ea53ff6ac3a0e0ae74b3feca4d998ddec19cd92a09d281fa52292bb0c6e1cb83b8d7f2cb2a8408e198acebfb98612a7b3baf00131a7a37b032658351c6a7808a213a324b44ca79c3d6cf299ceec3f16c25bbff1045718a410033569700a2159466197250f37ef12817b6d06062255470d08494944280414aa2d1f78688e175511bd575588eac28730f69a73b4cad55a375acdf9985a581c9136c466ea5185dfa07b113de0820068ba4437bd648dad098764687f5c96dd12fa4a8dacea3f2093b46763b341ddd3253986190f7eac85ab2ddf7977ce702f2c9628e54b42a9e2b71bae8842118673a42fbe7d5caaacc918b020d74d2cf3dccb3f436a97826ff6a3f877f5703ab756940b613a7dc73e9c0d8347fbcac2a89310ea9c17d9f4e808b14acaf935ffebb2977132fe22bc882fbae748a04de427c3879be0772c22e6c2e566d9e4d55dfc525787108cc0ab4e2ada248d0c6eb04f4aacf1aa1e5fd1e4dec540c5470a8ff4efa735f3de62400f43b29f23e4173203f786bbc12074f34756fa5cdad3c2c31e2f6520d2578d7590421be136ce5df009563393438c8930a1ec9867780950c7a9c99b7b77b2dcae30bcd11d38735283290aa06778ee6925720679fce0b4d82a22430f421b64ed468ce3bf279761e8388657c6e94ab4a5c14c812703b9310c4959c6365ca5592af6e12c542fafc10660794aa9c47e5fcb9cac3652e908711cd78f129e5ef39d0d4f1ad7dc9a08e6d6efe27802d41c841838d6587c4ea2258f5d467f085385b917bff81aedda0e15564a445ca0b2cba4a1357a605cf8fdcb81ccfcffb82dac5559064d8636d8f78551feaeb503a17e5dfc88fb02a8806483b9a9bf5931f83097c3386ac2cadf0e57e7a7b71494c9c7afebd15dc77f3f1e4f96bf739210108a81d9fb05ee0ab54cdc046a669a328b790874f7ed98e42e845b82a998a5949f86dc5b766fb7aef3276a0ea8df4dd99fb1e122e6d08a0232b55d8289733b8c1cd47ef58c7bb91382452af8002e36ee3c6293cc7b5ee1f47d7fece9d3fb0d87bd83bd697097a7b882d1b3ca67a176576c210b437c7bc1cccf40eda28860e105edfc3bc3594ab6beb65187cdb2b5a10ce9eba0884d70ae8c43fdbc27b3c307b188ee2b03c5bd81865bc719f4ff8c73153139d1fbc0a1af369c625026dcbee98b5f2f274e4eff92117ccf4af775a9c83ffc9743d8c8fcf07eadcd67c0095443c064dcfb253a240886ef7b2e45623dd044ce100a8cab411b0d94d84356d3594e85c7c7e96b730018afc8e06c34bd83fa2df088b6a4c0beea54e499223a01bcbe2143183ab3c221c8bd713bf30cd1f445963ebde5ae3f5435f8743a32f902978683cd7e1421312a82292516cc908680faf64e3d49723ce37616ee5508ed162f9357c094ef085dbd79c32b4bdcddf22a2ea1cb4a0ded0a5c2f0f318c217b73303df2cf1efdba74384cde05429270cb9301487ddc65613660c3b29f6a29b1f0f5c4e4274dd8e6143030d524a5e5f4ae0a8af0fb3d93ed5046e585408dd4634dc6c2d0bb8a64c7ddecf5dee65d68b19f2767ae0abefbc3fb84517b19edec22868748263299a593f29fd98a8694a457a2815718dce9f434fb93a15728150b8b8ce14524ca8727c984c52ef51ba92e8e9a2ffa01506b691fe5d45d11ac93613930bc3b27da45e1bdf146f4c24b69eb20e8b6c05fa0a014c2afc5ca4821f5f59ccc2b253dc7d5801e19021e1406cb22d9b1162c504a7c69e57ff9a9c14875ad8b0319910b80d01744772aed2b62cb597254b0621ed0c808e7f6f6a1a84787ce867598becd28a8a5835dc20b22369c9ac95ac10adca3b041e48afe3a7f9362c51be407201e1dfcd1f1dcf07345f8c9632adf26e30146ba1a5344f625ad55118eb8f0bc924774b9a70484f7ff6857f3573b04c41e2ef1c7cee0439eb9c51ed300f012812c55aa4682550eb24308cca1bb9ed728933112d221f203a12c1d8742bb571aa932e00608edb9f17d19fd1e420a0a18fff7775e9b83e86a34fcca586bd00a4c83bb593178bab71f77e5dae1f78bd7e3f8fc38bf1d1daabae1c5a290b329f4752c76253b9bc54fe7b84bbac4503a57d99c6ff34ed1622c5f340fb3ec4921f533009cf31834e8dce698a871a2b5a96a0efd4682933774d703627ed1c585055a2f13d2a5360a7ccb08beb313e43b939f7aba2ffc8b0e56e5d893ba7f5d68969d61e144d75ab7d2730e0c2860965ff24b9cdefd6e5c676e0dd45306629b00b77a5a727ea49636c37711beb951f932ee81e21e5d5d9282a7b260b30630f5786ecb6b41b6ed4cef814218907dbe07b143cc8414caaa3110a8b9b5d164e273f652ab949c0dbb7eeab93623347750c26d376a62a49a2e1d9af53dffd703598af3a558d1dacfb201c26361d56012e228c01d6f32b432c5182d3cb63c70f3fec8cd19125f2b1f2fd165b0104a936b4b36340bcb75cc45530e30cfc1e2880f74d0cfdcc6381fc0397b759be7f18d2a2a5d1bd7bc242d01ed5f8254cdb043a9540503eeda274a2521c875f5651ef725ca3ab0a5ee10ef7372464bcd2c91d207d508d9d75fcaa0f8f6d20c2c6fe7f7a8c04a804247b48d328f54c39d516cb8ce71d543ebf5642ee97e3f73abe637c17e692ef4730c2bbd914f6d9f1dba6eb36701d8c7b86419a0eb8605370505746cd63dcc9042c98c761e5a9d8dd30b41530f1020cccd28d3a432e7a6020185a929175dabd62132d2789e5476983e"], &(0x7f0000000040)=0x1024) r4 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x100000001, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001300)={0x0, 0x1000, "7f79c09f836cf13af35c3101f358b4b276b0f38ef28c2575a8ac4b5bfbe9c13efb852eb7dadaf4c630961fd4ff5e061bee5882962d262440df87336519397345951d8a4c90dbd1d22483e43ee61faf46e499b57e63a51a1b8714af0e0b9ab4e4dd8ccc254331b1fc399446c834388ba4f6aa94096c75754850814ac33ca083e9142a70277faefaf2abb07db6b34baf49b69343ef334fa21ffd62c85aea6a267922c64c3c6c67331f489d77945c1cde982eec34a6622da3abd14e78127000e2176ab3a67013186906d1138e4e1510d6d8b08cb25e63517ca5501c348a391050bce69adbfe50d1084684527e918f77ff2d3b2f35d2bcad9aebd3dc55b0fb12bb367d4d2de2f9f53543bb083aecb454371ccd61ecb7f22f008e48aedb1cbb2a7ce829c77360c65ceeca10d7cae65038e999415410215c32acce95e398e1376033662ed08042b49d58d872a59f60a2cf76e43994e55766a33afdf253554aeff76943b230d0ea892f1ae760da23dfddcc7c3df4515d9c020a69d1bc7310bc641c2a19ce2107afe1289aa34a3ee0cd180a50c7936930741559d54518cc78f3ab196aa66e80cdf494226092936fa8132716fbf880f7cf2614cb32d4173f7083c0cc04d540ee37b4e8aae231dd60a33cafc16d9be5dc88ea5b087d98f0505202fafb4798561abaa7d1707c3936a08ad4a8f47e0324e873a3b7b4eba9310a57b69795eb6c0378fcc5158539100a2d7ae38306540e468d6efaaf21c8da76a2ae3dee39fe60332a0dc3d82402782c9c24745bb957c5cbf528c386ee83e3b71fbf8f85ca6de8d99ca2f150074e9bd8565d6884de60c18c6085a9f4e38eb6e14eb13ae3ec37f55ef93469c357de2d59235549a2a4a9e0f4a6bfc276afa5c393ac351fc99f0b77c222083776f6d09a68db470f1a6a37187150b834d605687a2a7da4f9068c50e6e41db6c14fe72cf9c8fd0b5e135a5f4e4024ff3199af3de7a7427eb4addbfbd8854c1d1357c6c76c685e08a5bc4c70fb80d5f8a32a5ef233b22824dfdc33ab82c65503089856fb28486e06054da944fe2b9a09edf6748f799cfffa753ece6da0ca7024df0bebd43347a89eb4d2752d1a58371e5ff3b8300b5f823feae4651ebfc1ecfe811219289aed05f1c44dc511aeece688711455ca529561265e84ab753e60a6f379958f34073535b04f0684f7a8180e6f5e9eeaf221772d06587b3f14dd0fba427f9e2a2749be1c3b668e1a0804574ab02799c4e626dc354010731f8dd2a76706851f6579b59a5d928658b3384dccd244656922c5667d01bd7f704ed065e9f2936cd22ededa20c9de46c97c70897bca741c648ae41e4d1d47fb557c9d127e110e8860b4969dc2cb215b812a18f02ae3e81f1dc19784df781b6cc1e6653e1c8785dacbc4013c7192f53cea2dfa3eecf6ca19616e9b13f5c161b11fb750b37ff98f9e10570722e94512228b3ac7ed989a9639aa3dbfec73b82c5f80d74b6e088fec0709d5ea0e6b02bfefac5201039b4ad65a8a8fb118ea3f07ebbf945d68c9a78d5ae1908e01f32036cf5203ae9a27d34aaa2e803966118deb47e4f2f0fa2114d484e3d8fbfc4ef2118a5fd04e5b6b7db4f2a167049eec6d592a9f8c7b3c2f640e894c9b3d13c200a99bc9cbe458c7d02a8d74a24830d459ed1750c59c11e96ec4946cb8be9dbddb69425dd1105dc56f9b874f60e4c029d204c1330172ce82af34387442b73e42a266ea9ffe5d91b83dd3843706772949f8eaebfb8ca2db12331a5f16ee5b0060278836d6f8ffd68fd4bc5bdf343f2bb9158cfcc93a14df5ca2b719018d686411001f740c7e0591d77e2a284d4d3eae6567fac0fe87134d3ab6adedff72aa284a7b5de8abf0d2cb4401321665fc089c3690e29b2258d4c7599f526fb086b8fa87f045549504938903d29484cf710a2b00ed95759dbfa4790b4bb2559502b4810fb041bebd120c49324074c73d14e35a7f8edcf6f07d8f0f4769ffc70cc901f1a3dd32a6efb13b6822b8d622de16eed275e95e2e463f0a44ffba49c01da9a97d6685a9f39c476eb42058cc637f5fd935cbc334e48172af1f1708ee3ab177a9a3dc643892db3c06c91932d7cefd5a69937382b2da092cd004f9bfc3f2e9b1bb1287dc7e439e33d96eae57988382db54d9011ea7f984a75ee8c822408e89be0e5ff5975c567839c38faad1be1ca3e5acb58158fb75f1aa9184a2e5068bdce3ea017986c37beb16773e3023d5cbae97f689a166e71fcf102fee52c9dbfedb67387a2f2bcdccc91c97c0bd23b8b4de4c9aadbbe8a2640ce6b712839270a4dbd694f471130f21af64ad3d13a1855d9355ee27393c10c195088115d81f487d9c27224f5d3e7d8948f1812b5a1ec48957bee2eb31abc9f23b4d1a040fb013b7b36d17e1f3abb8b131f5d9311849657840570fbb0b52cd8de68c418fc9f4ddb03c7a5c2828dd4d93b4cfcd1a9dccfb8fa1b6159511368fd81f5779352e28bc23693a6d2b941c1e7ba5ee8498d4234d379432e28f6c74f3ce083a45c3dd73ec053c407911b46a6004ca9405245764aa90ee6e7e3731f9598f57eb08463fde0a335e5b24ee57e8439b744e3c4ac1766a3e91540d34f96472bf088df28a714a83ebb90a9757b1299dbe18cee7bec30f24bb321b93f28fbc279607ddfcf363753db94146b0abaedb5dafe312778f91adbabef21a85f95c6bd40ea8c3b2e8f3c08f84cf3d7d39a29724bbb267d3c5160b36ad79a5c458df3fda9fe11cb8dbcaad8e740f10b869dc76ff5ef6cfd71dd7a434e228be9918cf88205570d66ee47dca9ffb7af5d91f6c4c118aa0f2d674d03dbc1ac51fd4dcb704d33d1044df15849c930759a3a7b97343dc7e895abf9cee044a9a39570de214f34b64bbaf3383531de46be13eb0481515688f1577ef661baad66b65157644d5e94fe17779b41c2d469e5c0898125a9c6a8c35cc5eb4227816ad078dc7ef97710ac24dc745523509856854ef4d66951077a710f3e1fca1e20ace06c70ee399755823226576b7afe0049dae79417b898aec12a0d0ca6da6c42191e19fedfc3204aa514e5975961a75983997a2dd1bff8020e6bf252001e20cc88b3e1cc6c71ea08ab6f4cce156268ef2091115b21ff484ac0ca4bc78dd75fe83616cc1a9bd74527edb0c45aee15aaf48490fb9bdb30a2bdfa9d0ba1e13818602273350691c125b7c0ea7922107ae9318bb5942e86f311b348d1b2f926f39344926ebc63b8fd9643c3518cca45fcf4c01bcfe085139008ecda47c5a94e04bcdb89525c2f0f9bb9be2a34e1c5707b85af95b13e5c13e9e21237c04b1459451e828d640121e2e24912b42ab8c4594e24a353a1641fbf384b48f86683b4cdd275957bcfd87d1ddd30a0445b04b39a5d914ce100a47401f9804d55dedb66a9b0f148b958c1df778ad82e37c6a8bd810ac85ce55f03cc3dc531a4745c59c96bf5890e0d6cbecb0111463f2dfee4c17ab732d8fb44548b41d78483d48cec2b39f1a35b3ad3c2da8a4afb0ab421381b86c40ea3c3ca3b271556c50af2dbf1ebc3e73086a063b293eb60f75ffed52936c0606421587f670cea2beaa8038c00f66e61ebac9c635fe07414f71f5d46f38e76d39e7c2bd36fb7fa56b50649b2ce7a3c1377381e4e5bda1690889ae221553c8795e156cb4101a9c106608ac6c4341f3ccd7f617132033ba9ef6a3f5618d48915a19ed7c302fe4bad7a2686eaacc064ce182e795cf746e4ede0877fff441186ecf30453dc29d3c371af2e873945b273b9fc183eb397520be85f58153b7d4676b87c855b2e79d252f5215170f1848c93ffb89c332d5e2b72c5b4d5edd950d0befcbc8ddf834c6185345228c0b03d3d048b88d7dfb957c532c4d93d16b5fad457a63801ed362277da8322f9cc34b13deef5f30627b1ddc91aea35917a1fd8734b4d6b30b4102a818453e362f5bbf1273954f12cfcd54a3bd38ec4348607405a2658c7510c4dbdbe71efbc5fb7d9a91e7155c6cbc482e7fdfb9f3f7e92b70e0dbc9fe717fbc919da270ab94e8327edd33664aff603ca0047936ae6be21654ff6548a160f0b2705609a2ecb92a3110901fb7cb8e621467f66b73933cde9e867670661b2e84a394d8c5a74f6cd51c7c4ed6f8b99ce9db63858e35f2b6d48bc2b1b22ef3fabadffe1f375f5ca718fe57681afcbc70f02cf3f9bb5453e3415abaa58d5d2246bffd4817deabb010dce445d059e916251f99f6bb98f5265027d1bb4e0c7522cd5c8e06ddbd73c451682e591618e089770bb3607f1ff656b412182ed7ebef9be4ffb76b5aa06d02bea15c679a1df30c6693e10cee592a59a2290f4a0c2a1e097ca284129c58dbb13581902f37b94280c128be0009848cceac713e911c4a535647a8f9ebe1f0342543a717eb8f9d193c06db86f8badc587f2094d68512493a6d8c15e73311d31cf559eb1bd763654b675c29b6e76f5d4af15dafffa049778df1b250204a637511dee3a17aca6e1a329d8faf688851792eb0d81af831cf175057cf099eeb7d219e9cfa6241cf03a47f06ea11ce0031dad555009c798ba0fa7415aaec215cd7b393f6bc52eb27c1f16fe00adb8f71b766bcb32710d0265d3f281a5b63e23732f3b2e70ec3bb2de38aab36a6b89603279b426845a52003c1819fa9df2af25085af720c6dc42b60f716e7795e17d59a2386fbba619b366a728ae9bce95fc8a824419e4ce5ad2ce21a55e2ab8777380066c9a56e82a1e03e75b11cc29e958ae67eb1b6bb6a6fbd516f0ba984b8c3c6d57c8f948e3de4a59e1f4374cd4747dd2f10ff1a8faf7c53e8f8a8984d3d5a6a8bf149bf603eba5f207ac9f1c177200592cf8d580feddb4990875fd4f9aefa7f9f291c6909c80e125ba63718a31c4c40052bc125c3990b99d56536614fb70caaa365b3d00a7e11b640344c46dff69c822409d3c68e8031ad0aab58c50378be5418c74b47d0d55ad86298270d9d64ae7067365eb52988438d1ffc56f9c50436c667c668e568bc9a856ce0127da5f185b6b53a86f8e98043fd891dbd3e109a0b1eec0cd902564dc87ed0ee55392d385c60ec78cf360c9745e007c35ca10fdc835684401a67ef74b7697bee8f77b008157e15bdd98df7d6b1fbf757563b93ce52f50a0575076bcd829e943d5ea68e83702f2075e992522f9a4c3fbc1350db602954cb883b59bcb9bfc65f1216b115efc26d07e3ccfaf5e1cee997d9bc49b3e936200f165b5b04812c6c65dadbb51ca1a8e660905e42acb0dffaa1f9c0741e7fa244fbe2834145586f90ab1f9fa4ee659f40bb7682a929f59ae91aa680b3a209ad84f18153c5243d7fd2f681384a77549908b88dd9292a714f25477ccac49c4ccc37c2e0650f8e4481755d364cadc8cfa22243886504e0cbfd6989105f1968b7bf85e78f10dbf886facf9d8392d3e8fcbb67f5a0a0d0bfa838ef40c15e354309c7cd175335825e1c676c3e46ec76fd72bebb8877f30176b22fe44c059ac61d689e18a5b00041d39cf6b4bc79f7ff1abec0a37bb97781752ff8e395ab25d705a5590a52a671a4f3ed6504bfcaa6cf393b29d2790d27883f6ae5a1e0b5f5c2388c27c2d3d0893a7d96c20d5e48f67ee749741d9fc0cd16c5743e7edb70845f6edf677e62ef24ed7f91557e19e56d8dbc665cd255fbfd13f1c1ac578953b8ece248d02a310435e2e7e355bb63e397412bc20f3f537fda63b2ff86105a555631f972d33832d4f7e2f23984abcb7e956de1e98cd262830529a89add56da93979c65d4794588f7586f83f1823e9ed5573e0f05"}, &(0x7f00000000c0)=0x1008) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000100)={r5, 0x2}, &(0x7f0000000140)=0x8) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) dup3(r1, r0, 0x0) fsetxattr(r4, &(0x7f0000000180)=@random={'user.', '\x00'}, &(0x7f00000001c0)='[\x00', 0x2, 0x2) [ 663.594024] binder: 11187:11189 unknown command 0 [ 663.602936] binder: 11187:11189 ioctl c0306201 20000080 returned -22 07:38:33 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)="025cc83d6d345f8f762070") syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000003c0)="80000000000200099f027100e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000000100)={[{@nolazytime='nolazytime', 0x2c}, {@jqfmt_vfsold='jqfmt=vfsold', 0x2c}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x6}, 0x2c}, {@orlov='orlov', 0x2c}]}) 07:38:33 executing program 4: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x40180, 0x0) bind$xdp(r0, &(0x7f00000000c0)={0x2c, 0x0, r1, 0x23, r2}, 0x10) removexattr(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)=@known='system.posix_acl_default\x00') ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r2, 0x80dc5521, &(0x7f00000001c0)=""/22) recvfrom(r2, &(0x7f0000000100)=""/53, 0x35, 0x40000002, &(0x7f0000000140)=@pppoe={0x18, 0x0, {0x2, @random="6fca910086a9", 'syzkaller0\x00'}}, 0x80) 07:38:33 executing program 6: socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000040)={0xffffffffffffffff}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in6, @in6=@ipv4={[], [], @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@dev}}, &(0x7f00000002c0)=0xe8) recvfrom$packet(r0, &(0x7f00000000c0)=""/218, 0xda, 0x40, &(0x7f0000000300)={0x11, 0x1c, r1, 0x1, 0x9, 0x6}, 0x14) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x1b, &(0x7f0000000340)={0x0, 0x2, "56fb"}, &(0x7f0000000380)=0xa) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f00000003c0)={r3, @in={{0x2, 0x4e23, @multicast2=0xe0000002}}, 0x800, 0x80000000}, 0x90) write$cgroup_int(r2, &(0x7f0000000080)=0x5, 0x12) [ 663.646527] binder: BINDER_SET_CONTEXT_MGR already set [ 663.664320] binder: 11187:11189 ioctl 40046207 0 returned -16 [ 663.681577] binder: 11187:11208 unknown command 0 07:38:33 executing program 4: getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000161000)={0x0, 0x1c, &(0x7f0000519fa8)=[@in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x4f}]}, &(0x7f0000f91ffc)=0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000003100)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) accept4$alg(r0, 0x0, 0x0, 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000a1afb8)={0x1, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000007a0a50ff00000000000000000000000095000000000000000001000000000000000000cf7982e5818a284efe443745455bb8e847745f68a08c5bf695e377aee0af1ad6b72f7c47c492e5f42133660c13ed8a01917fc50ea234495958965c21dbcdb7c92a72f1eeb31a98a82033f6fbc873d8f8469b53ebda3722651a582458e8498435424135f75f45cb974702c7b8430459b0143abdab528d9ee6e5d2a9979ca1d06c84aa73a731c0d3bd9bc52000f6461930b9541bfe9d1849b46273e865c6ae3ad2b6c6ce8161a6c93397aacc94b7e80177ea119c4ec625b35bc7af376be1925707c8772b36000000000000000000000000"], &(0x7f0000d14000)='syzkaller\x00', 0x3e, 0x152, &(0x7f0000001000)=""/4096, 0x0, 0x1, [], 0x0, 0xb}, 0x48) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'dummy0\x00', {0x2, 0x4e20}}) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000040)={'NETMAP\x00'}, &(0x7f0000000080)=0x1e) 07:38:33 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000040)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) mkdir(&(0x7f0000000100)='./file0/../file0\x00', 0x0) [ 663.698454] binder: 11187:11208 ioctl c0306201 20000080 returned -22 [ 663.706893] EXT4-fs (loop0): Ignoring removed orlov option [ 663.712639] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities 07:38:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xc630000, &(0x7f0000000400)}) [ 663.771015] EXT4-fs (loop0): Ignoring removed orlov option [ 663.776795] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 663.793758] binder: 11237:11240 unknown command 0 [ 663.806722] binder: 11237:11240 ioctl c0306201 20000080 returned -22 [ 663.834696] binder: BINDER_SET_CONTEXT_MGR already set [ 663.843428] binder: 11237:11240 ioctl 40046207 0 returned -16 [ 663.853509] binder: 11237:11244 unknown command 0 [ 663.858611] binder: 11237:11244 ioctl c0306201 20000080 returned -22 [ 664.659314] FAULT_FLAG_ALLOW_RETRY missing 30 [ 664.663940] CPU: 0 PID: 11211 Comm: syz-executor7 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 664.672418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.681749] Call Trace: [ 664.684323] dump_stack+0x1c9/0x2b4 [ 664.687959] ? dump_stack_print_info.cold.2+0x52/0x52 [ 664.693145] ? rb_erase+0x3550/0x3550 [ 664.696948] handle_userfault.cold.33+0x47/0x62 [ 664.701610] ? plist_check_list+0x7e/0xa0 [ 664.705751] ? plist_check_list+0xa0/0xa0 [ 664.709891] ? lock_acquire+0x1e4/0x540 [ 664.713857] ? userfaultfd_ioctl+0x5430/0x5430 [ 664.718431] ? trace_hardirqs_on+0x10/0x10 [ 664.722659] ? plist_del+0x4a1/0x9d0 [ 664.726360] ? plist_add+0x790/0x790 [ 664.730055] ? lock_release+0xa30/0xa30 [ 664.734033] ? cpuacct_charge+0x30a/0x5d0 [ 664.738175] ? cgroup_rstat_updated+0xe6/0x470 [ 664.742755] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 664.748279] ? update_curr+0x200/0xc00 [ 664.752151] ? reweight_entity+0x1100/0x1100 [ 664.756551] ? trace_hardirqs_on+0x10/0x10 [ 664.760770] ? kasan_check_read+0x11/0x20 [ 664.764901] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 664.769473] ? compat_start_thread+0x80/0x80 [ 664.773873] ? lock_acquire+0x1e4/0x540 [ 664.777831] ? __handle_mm_fault+0x3a38/0x44a0 [ 664.782398] ? lock_downgrade+0x8f0/0x8f0 [ 664.786542] ? kasan_check_read+0x11/0x20 [ 664.790673] ? do_raw_spin_unlock+0xa7/0x2f0 [ 664.795077] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 664.799652] ? kasan_check_write+0x14/0x20 [ 664.803872] ? do_raw_spin_lock+0xc1/0x200 [ 664.808112] __handle_mm_fault+0x3a45/0x44a0 [ 664.812516] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 664.817341] ? __sched_text_start+0x8/0x8 [ 664.821472] ? kasan_check_read+0x11/0x20 [ 664.825604] ? lock_acquire+0x1e4/0x540 [ 664.829570] ? handle_mm_fault+0x417/0xc80 [ 664.833784] ? lock_downgrade+0x8f0/0x8f0 [ 664.837914] ? lock_release+0xa30/0xa30 [ 664.841876] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 664.847312] ? mem_cgroup_from_task+0xcb/0x1f0 [ 664.851878] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 664.856633] handle_mm_fault+0x53e/0xc80 [ 664.860677] ? __handle_mm_fault+0x44a0/0x44a0 [ 664.865240] ? find_vma+0x34/0x190 [ 664.868763] __do_page_fault+0x620/0xe50 [ 664.872823] ? mm_fault_error+0x380/0x380 [ 664.876952] do_page_fault+0xf6/0x8c0 [ 664.880745] ? vmalloc_sync_all+0x30/0x30 [ 664.884883] ? schedule+0xfb/0x450 [ 664.888407] ? lock_acquire+0x1e4/0x540 [ 664.892360] ? __might_fault+0x12b/0x1e0 [ 664.896401] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 664.901224] page_fault+0x1e/0x30 [ 664.904661] RIP: 0010:__get_user_4+0x21/0x30 [ 664.909042] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 664.928545] RSP: 0018:ffff8801b8bef538 EFLAGS: 00010202 [ 664.933906] RAX: 0000000020013e98 RBX: 1ffff1003717deae RCX: ffffc90001e14000 [ 664.941160] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 664.948416] RBP: ffff8801b8befcb8 R08: 1ffff1003717de84 R09: 0000000000000000 [ 664.955665] R10: ffffed0036116e59 R11: ffff8801b08b72cb R12: ffff8801b08b7240 [ 664.962914] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 664.970187] ? __might_fault+0x1a3/0x1e0 [ 664.974244] ? sctp_setsockopt+0x1e13/0x6db0 [ 664.978639] ? get_futex_value_locked+0xcb/0xf0 [ 664.983304] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 664.988997] ? trace_hardirqs_on+0x10/0x10 [ 664.993213] ? futex_wake+0x760/0x760 [ 664.996994] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 665.002175] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 665.007695] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 665.012778] ? futex_wait+0x5d2/0xa20 [ 665.016561] ? futex_wait_setup+0x410/0x410 [ 665.020865] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 665.026046] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 665.031568] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 665.036652] ? futex_wake+0x304/0x760 [ 665.040438] ? lock_acquire+0x1e4/0x540 [ 665.044391] ? percpu_ref_put_many+0x119/0x240 [ 665.048957] ? lock_downgrade+0x8f0/0x8f0 [ 665.053084] ? lock_acquire+0x1e4/0x540 [ 665.057038] ? __fget+0x4ac/0x740 [ 665.060473] ? lock_downgrade+0x8f0/0x8f0 [ 665.064612] ? lock_release+0xa30/0xa30 [ 665.068566] ? lockdep_init_map+0x9/0x10 [ 665.072606] ? exit_robust_list+0x290/0x290 [ 665.076907] ? __mutex_init+0x1f7/0x290 [ 665.080876] ? __ia32_sys_membarrier+0x150/0x150 [ 665.085621] ? kasan_unpoison_shadow+0x35/0x50 [ 665.090190] ? __fget+0x4d5/0x740 [ 665.093624] ? ksys_dup3+0x690/0x690 [ 665.097316] ? lock_acquire+0x1e4/0x540 [ 665.101279] ? __fd_install+0x2b2/0x880 [ 665.105235] ? lock_downgrade+0x8f0/0x8f0 [ 665.109372] ? select_collect+0x610/0x610 [ 665.113499] ? lock_release+0xa30/0xa30 [ 665.117454] ? __fget_light+0x2f7/0x440 [ 665.121409] ? fget_raw+0x20/0x20 [ 665.124845] ? get_unused_fd_flags+0x1a0/0x1a0 [ 665.129406] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 665.134934] ? alloc_file_pseudo+0x281/0x3f0 [ 665.139323] ? alloc_file+0x430/0x430 [ 665.143109] sock_common_setsockopt+0x9a/0xe0 [ 665.147586] __sys_setsockopt+0x1c5/0x3b0 [ 665.151715] ? kernel_accept+0x310/0x310 [ 665.155768] ? do_futex+0x27d0/0x27d0 [ 665.159549] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 665.165066] ? fput+0x130/0x1a0 [ 665.168328] __x64_sys_setsockopt+0xbe/0x150 [ 665.172731] do_syscall_64+0x1b9/0x820 [ 665.176598] ? finish_task_switch+0x1d3/0x870 [ 665.181075] ? syscall_return_slowpath+0x5e0/0x5e0 [ 665.185991] ? syscall_return_slowpath+0x31d/0x5e0 [ 665.190899] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 665.195900] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 665.200727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 665.205894] RIP: 0033:0x455ab9 [ 665.209058] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 665.228231] RSP: 002b:00007fe4faef4c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 665.235917] RAX: ffffffffffffffda RBX: 00007fe4faef56d4 RCX: 0000000000455ab9 [ 665.243171] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000016 [ 665.250430] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 665.257688] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 665.264938] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:35 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x20005, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x1) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000140)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1800000219f3180d00085900b842ee3f80ac5d93112e91b965b48412e3de0e88f44c82761c1a8a05cddca4b5d70efdff2bc3b5cded941f2c4b2b61e31e55aedadfe4de6beceb350a72d3a15833c99117a392d23325a48cf3b4ec842d88b5e6"], 0x1c}, 0x1}, 0x0) socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) finit_module(r1, &(0x7f0000000080)='md5sumlotrustedtrusted!\x00', 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000002c0)={0x0, 0xfffffffffffffff7}, &(0x7f0000000180)=0xffffffffffffff85) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f00000001c0)={r2, 0x8}, &(0x7f0000000200)=0x8) 07:38:35 executing program 6: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000680)) r0 = socket(0x40000000002, 0x204, 0x4) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000040)={0x4, {{0xa, 0x4e22, 0x1f, @dev={0xfe, 0x80, [], 0x1a}, 0x2}}}, 0x88) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffe}, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='bridge0\x00', 0x10) sendto$unix(r0, &(0x7f00000001c0), 0x276, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0xffffffffffffff67) 07:38:35 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000004, 0x42010, r0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4004556a, 0x0) 07:38:35 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@empty, 0x200, 0x2, 0x2, 0x9, 0x0, 0x7, 0x2}, &(0x7f0000000080)=0x20) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @remote={0xac, 0x14, 0x14, 0xbb}, 0x0, 0xb, "6c626c6372008062b51b00"}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) 07:38:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x40086303, &(0x7f0000000400)}) 07:38:35 executing program 7: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x20000, 0x0) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f00000004c0)=""/204) r1 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000000400)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) setgid(r9) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000380), &(0x7f00000003c0)=0x6) close(r1) close(r2) 07:38:35 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = getpgid(0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000280)={{0x1, 0x5, 0xffffffffd52b007a, 0x1ff, '\x00', 0xfffffffffffffffe}, 0x1, 0x0, 0x5, r1, 0x4, 0xffff, 'syz1\x00', &(0x7f0000000100)=['\x00', 'cgroup\x00', 'vboxnet1#{!]\x00', "7bf100"], 0x18, [], [0x1f, 0xfffffffffffffffe, 0x9, 0x800]}) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95)=0x9, 0x4) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x4, 0x7, 0x5, 0x0, 0x0, [{r4, 0x0, 0xb8e}, {r4, 0x0, 0x1d8}, {r4, 0x0, 0x200}, {r2, 0x0, 0xfd}, {r0}]}) close(0xffffffffffffffff) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r2) 07:38:35 executing program 6: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000180)={@llc={0x1a, 0x33d, 0x8, 0x4, 0x5, 0x1, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, {&(0x7f0000000080)}, &(0x7f0000000100), 0x2}, 0xa0) ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000)) r2 = gettid() r3 = dup(r1) ioctl$KDSETLED(r3, 0x4b32, 0x4) socketpair$unix(0x1, 0x80000000000001, 0x0, &(0x7f0000e18ff8)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x38}) ioctl$int_in(r4, 0x5452, &(0x7f000005b000)=0x3) fcntl$setown(r3, 0x8, r2) readv(r5, &(0x7f0000000040)=[{&(0x7f0000fb6f9c)=""/25, 0x19}], 0x1) fcntl$setsig(r4, 0xa, 0x12) dup2(r4, r5) tkill(r2, 0x16) 07:38:35 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0209000005010000000000000000000000000b0000000000ffff00000000000000001000000004d3000004d20000000000000b000800000000000000df000000"], 0xfffffffffffffe68}, 0x1}, 0x0) r1 = accept(r0, &(0x7f0000000040)=@hci, &(0x7f00000000c0)=0x80) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f0000000140)={0x6, {{0xa, 0x4e22, 0x5, @loopback={0x0, 0x1}, 0x6}}}, 0x88) [ 665.441305] binder: 11289:11290 unknown command 0 [ 665.451582] binder: 11289:11290 ioctl c0306201 20000080 returned -22 [ 665.464916] binder: BINDER_SET_CONTEXT_MGR already set [ 665.473872] binder: 11289:11290 ioctl 40046207 0 returned -16 07:38:35 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x4) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x10000, 0x0) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000080)=0xffffffffffffff05) openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem\x00', 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000000)="15", 0x1, 0x200408d6, &(0x7f00000011c0)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x3}, 0x1c) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000100)=0x14, 0x4) 07:38:35 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_int(r0, 0x1, 0x100000000003b, &(0x7f0000000100)=0x3, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x112, 0x4) sendto$inet6(r0, &(0x7f0000000480), 0x0, 0x0, &(0x7f0000000440)={0xa, 0x0, 0x100000002, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) recvmsg(r0, &(0x7f0000001740)={&(0x7f0000000040)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @local}}}, 0x3a, &(0x7f0000001680)}, 0x2000) 07:38:35 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000980)=@nat={'nat\x00', 0x19, 0x4, 0x598, [0x200002c0, 0x0, 0x0, 0x200002f0, 0x200004a0], 0x0, &(0x7f0000000000), &(0x7f0000000a00)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006c6f000000000000000000000000000069726c616e300000000000000000000065716c00000000000000000000000000000000000000000000000000000000000180c2000000000000000000aaaaaaaaaabb0000000000000000e0000000500100008001000064657667726f75700000000000000000000000000000000000000000000000001800000000000000a4ca66310000000000000000000000000000000000000000737461746500000000000000000000000000000000000000000000000000000008000000000000000000000000000000736e617400000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c2000000000000000000000000004e465155455545000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0100000003000000000000000000626373683000000000000000000000006272696467655f736c6176655f3000007465716c3000000000000000000000007465616d5f736c6176655f300000000018b0b5f8d6030000000000000180c20000000000000000000000b0000000e80000002001000074696d65000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff000000000000000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000feffffff020000001b00000000000000000067726574617030000000000000000000736974300000000000000000000000006272696467655f736c6176655f3100007465616d5f736c6176655f31000000007cf236c2999a000000000000aaaaaaaaaa0000000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000f0000000000000000007465616d5f736c6176655f3000000000626f6e645f736c6176655f310000000076657468305f746f5f626f6e64000000626f6e645f736c6176655f3100000000aaaaaaaaaa00000000000000aaaaaaaaaa0000000000000000002001000058010000900100007261746565737400000000000000000000000000000000000000000000000000480000000000000073797a6b616c6c65723100000000000062707130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d61726b5f6d00000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff00000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000fd240e3b112f2016c6d17cb08108329c598128a9399d6af68d61ff742f25a75c4910aca843ef1a323d4a70a695a93934087a92c15bf0076c7c0883cd7df3"]}, 0x64e) 07:38:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x5, &(0x7f0000000400)}) [ 665.490294] binder: 11289:11300 unknown command 0 [ 665.496533] binder: 11289:11300 ioctl c0306201 20000080 returned -22 07:38:35 executing program 3: modify_ldt$write(0x1, &(0x7f00000001c0)={0x1, 0xffffffffffffffff, 0x4000, 0x4, 0x0, 0x4, 0x998, 0x7f, 0x6, 0x103}, 0x10) socketpair(0xe, 0x0, 0x2, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000240)=0x7, 0x4) mount$9p_virtio(&(0x7f0000000080)='xfs\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x2810080, &(0x7f0000000280)=ANY=[@ANYBLOB="7472616e733d76697274696f2c00000000dd2ba87de1111cb73de9612e66f1760000000000000000000000"]) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x100000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80000000000000004000000000000000800000000000000081000000000000008200000001000010000000000100000000000006c0b4a40200010000100000000000000000000000000c0908040c", 0x7d}], 0x0, &(0x7f0000000040)={[{@noalign='noalign', 0x2c}]}) 07:38:35 executing program 4: r0 = socket(0x1c, 0x80e, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x4, 0x0) setreuid(r1, r1) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "2c7859518ffe655a0368f284992ab2db0cdf3f8a4b6a8cf6d7acdb0742908b178dea03c0127358d444922459d2f4ce9a54fd414737b5accfa3fe647b81364a4e", "892baf283df7ea8482377ece0f99e9b4816970b5c690c1f7af034a1269fa0e471a6b6930fa47cd0e0fd6a2e62c92eb46199461e19b0f80edcfdb0cf2a671df71", "11d22af1f634619e17b4a35ed136e748db0742f70d4bf16e3bae533f186d4f7b"}) [ 665.576751] binder: 11320:11322 unknown command 0 [ 665.577203] kernel msg: ebtables bug: please report to author: Wrong len argument [ 665.583291] binder: 11320:11322 ioctl c0306201 20000080 returned -22 [ 665.608120] binder: BINDER_SET_CONTEXT_MGR already set [ 665.615632] binder: 11320:11322 ioctl 40046207 0 returned -16 [ 665.627489] binder: 11320:11330 unknown command 0 [ 665.640421] binder: 11320:11322 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 665.646217] binder: 11320:11330 ioctl c0306201 20000080 returned -22 [ 665.681621] XFS (loop3): Mounting V4 Filesystem [ 665.687847] XFS (loop3): totally zeroed log [ 665.692844] XFS (loop3): Metadata corruption detected at xfs_agi_verify+0x188/0x5a0, xfs_agi block 0x2 [ 665.702444] XFS (loop3): Unmount and run xfs_repair [ 665.707467] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 665.714148] 000000006327c12f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.722997] 00000000481a6d89: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.731835] 00000000197a2cdf: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.740669] 00000000d132203d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.749507] 00000000f48cbbfb: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.758347] 00000000402c39a2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.767203] 000000001edc4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.776045] 000000006ca50eba: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.785029] XFS (loop3): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x2 len 1 error 117 [ 665.794443] XFS (loop3): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -117, agno 0 [ 665.803041] XFS (loop3): Failed to read root inode 0x80, error 117 [ 665.826720] 9pnet_virtio: no channels available for device xfs [ 665.840718] XFS (loop3): Mounting V4 Filesystem [ 665.847541] XFS (loop3): totally zeroed log [ 665.852745] XFS (loop3): Metadata corruption detected at xfs_agi_verify+0x188/0x5a0, xfs_agi block 0x2 [ 665.862297] XFS (loop3): Unmount and run xfs_repair [ 665.867329] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 665.874016] 0000000087a582f9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.882855] 00000000604ce965: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.891705] 00000000994772e3: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.900547] 0000000018a2f46c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.909392] 0000000075b1f716: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.918262] 00000000cd607d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.927126] 00000000a020c731: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.935986] 00000000059df47d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 665.944944] XFS (loop3): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x2 len 1 error 117 [ 665.954262] XFS (loop3): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -117, agno 0 [ 665.962780] XFS (loop3): Failed to read root inode 0x80, error 117 [ 666.430620] FAULT_FLAG_ALLOW_RETRY missing 30 [ 666.435215] CPU: 0 PID: 11301 Comm: syz-executor7 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 666.443698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.453034] Call Trace: [ 666.455609] dump_stack+0x1c9/0x2b4 [ 666.459220] ? dump_stack_print_info.cold.2+0x52/0x52 [ 666.464389] ? rb_erase+0x3550/0x3550 [ 666.468181] handle_userfault.cold.33+0x47/0x62 [ 666.472837] ? plist_check_list+0x7e/0xa0 [ 666.476968] ? plist_check_list+0xa0/0xa0 [ 666.481097] ? lock_acquire+0x1e4/0x540 [ 666.485050] ? userfaultfd_ioctl+0x5430/0x5430 [ 666.489613] ? trace_hardirqs_on+0x10/0x10 [ 666.493846] ? plist_del+0x4a1/0x9d0 [ 666.497542] ? plist_add+0x790/0x790 [ 666.501258] ? lock_release+0xa30/0xa30 [ 666.505227] ? cpuacct_charge+0x30a/0x5d0 [ 666.509371] ? cgroup_rstat_updated+0xe6/0x470 [ 666.513940] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 666.519463] ? update_curr+0x200/0xc00 [ 666.523335] ? reweight_entity+0x1100/0x1100 [ 666.527739] ? trace_hardirqs_on+0x10/0x10 [ 666.531973] ? kasan_check_read+0x11/0x20 [ 666.536106] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 666.540672] ? compat_start_thread+0x80/0x80 [ 666.545065] ? lock_acquire+0x1e4/0x540 [ 666.549023] ? __handle_mm_fault+0x3a38/0x44a0 [ 666.553585] ? lock_downgrade+0x8f0/0x8f0 [ 666.557718] ? kasan_check_read+0x11/0x20 [ 666.561845] ? do_raw_spin_unlock+0xa7/0x2f0 [ 666.566239] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 666.570803] ? kasan_check_write+0x14/0x20 [ 666.575015] ? do_raw_spin_lock+0xc1/0x200 [ 666.579234] __handle_mm_fault+0x3a45/0x44a0 [ 666.583627] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 666.588679] ? __sched_text_start+0x8/0x8 [ 666.592812] ? kasan_check_read+0x11/0x20 [ 666.596944] ? lock_acquire+0x1e4/0x540 [ 666.600899] ? handle_mm_fault+0x417/0xc80 [ 666.605116] ? lock_downgrade+0x8f0/0x8f0 [ 666.609252] ? lock_release+0xa30/0xa30 [ 666.613228] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 666.618662] ? mem_cgroup_from_task+0xcb/0x1f0 [ 666.623236] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 666.627980] handle_mm_fault+0x53e/0xc80 [ 666.632038] ? __handle_mm_fault+0x44a0/0x44a0 [ 666.636599] ? find_vma+0x34/0x190 [ 666.640123] __do_page_fault+0x620/0xe50 [ 666.644176] ? mm_fault_error+0x380/0x380 [ 666.648308] do_page_fault+0xf6/0x8c0 [ 666.652091] ? vmalloc_sync_all+0x30/0x30 [ 666.656225] ? schedule+0xfb/0x450 [ 666.659749] ? lock_acquire+0x1e4/0x540 [ 666.663707] ? __might_fault+0x12b/0x1e0 [ 666.667750] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 666.672582] page_fault+0x1e/0x30 [ 666.676026] RIP: 0010:__get_user_4+0x21/0x30 [ 666.680415] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 666.699547] RSP: 0018:ffff880190cd7538 EFLAGS: 00010202 [ 666.704891] RAX: 0000000020013e98 RBX: 1ffff1003219aeae RCX: ffffc90001e14000 [ 666.712151] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 666.719407] RBP: ffff880190cd7cb8 R08: 1ffff1003219ae84 R09: 0000000000000000 [ 666.726654] R10: ffffed0036116d51 R11: ffff8801b08b6a8b R12: ffff8801b08b6a00 [ 666.733903] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 666.741169] ? __might_fault+0x1a3/0x1e0 [ 666.745233] ? sctp_setsockopt+0x1e13/0x6db0 [ 666.749620] ? get_futex_value_locked+0xcb/0xf0 [ 666.754279] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 666.759988] ? trace_hardirqs_on+0x10/0x10 [ 666.764225] ? futex_wake+0x760/0x760 [ 666.768019] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 666.773191] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 666.778714] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 666.783796] ? futex_wait+0x5d2/0xa20 [ 666.787588] ? futex_wait_setup+0x410/0x410 [ 666.791893] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 666.797065] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 666.802594] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 666.807687] ? futex_wake+0x304/0x760 [ 666.811498] ? lock_acquire+0x1e4/0x540 [ 666.815467] ? percpu_ref_put_many+0x119/0x240 [ 666.820029] ? lock_downgrade+0x8f0/0x8f0 [ 666.824182] ? lock_acquire+0x1e4/0x540 [ 666.828142] ? __fget+0x4ac/0x740 [ 666.831591] ? lock_downgrade+0x8f0/0x8f0 [ 666.835744] ? lock_release+0xa30/0xa30 [ 666.839704] ? lockdep_init_map+0x9/0x10 [ 666.843760] ? exit_robust_list+0x290/0x290 [ 666.848079] ? __mutex_init+0x1f7/0x290 [ 666.852034] ? __ia32_sys_membarrier+0x150/0x150 [ 666.856779] ? kasan_unpoison_shadow+0x35/0x50 [ 666.861350] ? __fget+0x4d5/0x740 [ 666.864792] ? ksys_dup3+0x690/0x690 [ 666.868488] ? lock_acquire+0x1e4/0x540 [ 666.872440] ? __fd_install+0x2b2/0x880 [ 666.876405] ? lock_downgrade+0x8f0/0x8f0 [ 666.880544] ? select_collect+0x610/0x610 [ 666.884672] ? lock_release+0xa30/0xa30 [ 666.888631] ? __fget_light+0x2f7/0x440 [ 666.892598] ? fget_raw+0x20/0x20 [ 666.896044] ? get_unused_fd_flags+0x1a0/0x1a0 [ 666.900618] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 666.906136] ? alloc_file_pseudo+0x281/0x3f0 [ 666.910528] ? alloc_file+0x430/0x430 [ 666.914310] sock_common_setsockopt+0x9a/0xe0 [ 666.918787] __sys_setsockopt+0x1c5/0x3b0 [ 666.922913] ? kernel_accept+0x310/0x310 [ 666.926955] ? do_futex+0x27d0/0x27d0 [ 666.930738] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 666.936253] ? fput+0x130/0x1a0 [ 666.939515] __x64_sys_setsockopt+0xbe/0x150 [ 666.943904] do_syscall_64+0x1b9/0x820 [ 666.947773] ? syscall_return_slowpath+0x5e0/0x5e0 [ 666.952697] ? syscall_return_slowpath+0x31d/0x5e0 [ 666.957608] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 666.962614] ? prepare_exit_to_usermode+0x291/0x3b0 [ 666.967615] ? perf_trace_sys_enter+0xb10/0xb10 [ 666.972268] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 666.977094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 666.982268] RIP: 0033:0x455ab9 [ 666.985436] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 667.004605] RSP: 002b:00007fe4faef4c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 667.012295] RAX: ffffffffffffffda RBX: 00007fe4faef56d4 RCX: 0000000000455ab9 [ 667.019544] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000016 [ 667.026805] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 667.034059] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 667.041310] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:37 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) ioctl$TIOCNOTTY(r6, 0x5422) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) r8 = socket$packet(0x11, 0x3, 0x300) close(r0) ioctl$PIO_UNISCRNMAP(r7, 0x4b6a, &(0x7f0000000280)="aecc2f1930dba31702a1f061f1e5fa1493683118865ffaa51f450440eaa93e2a27dcb41636b10d14a82f0f68736cfb5c3d973c253eb5056bfec483d4dec75c2c7502d9943ae7fda6b1a2bbf374828b2203296522a6248dda4e4a118eba190a4580225a88e656f40f6693219bdfa4c07d96ba102e77a9768d2e3adc2669a34149b6ed9f85fafe1d") splice(r5, &(0x7f0000000140)=0x29, r8, &(0x7f0000000340), 0x400, 0x2) pwritev(r7, &(0x7f00000005c0)=[{&(0x7f0000000380)="2332971dd622f85e893b5da9d040dd788300b6f4f9977cb626c74ea790ab949938cfa19b027cf92c37fa3e9c85256b5b7b5d25026af6937d7aecf6a358457c94ea4dd8389c83525a676ae7985ab237d6f33beab3d11390df9fb69f0194a3c8614e040abc0e6e116e2e", 0x69}, {&(0x7f0000000400)="9d4c8bcfabf520eb839bb8358796dc3f48f122e9fed5c1a7db91c45eba791316c879804a55ad395ceb7afc3d3fc07abb64e55cd45a0ff2ac956e4771e7dc67c3663c6fc9f5d72d2324e91f7e8cc36c59fbe4bcd1e399d3d7fad7fb", 0x5b}, {&(0x7f0000000480)}, {&(0x7f00000004c0)="755b36ddefea444fcc5002f43ee96ef8c41e783799dcd430", 0x18}, {&(0x7f0000000500)="4cfa0a3184754911951b0b1024cb65d418508d453f6d19baee82880a9adbc53e353b756462081dc0599bded63651988be87e4349cb1b4ee14b50ff86c713638ab67b07eb9d1a7e552cdcc19354c10b3f067f9af2f14a29e3a5cf5d85efd6d38d036bbb8f5a74867cb0e7b4c204168428e1a93a889558ed64d7a033f4fd42a8e8fba3215c12f2e2", 0x87}], 0x5, 0x15) close(r1) 07:38:37 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0xffff, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000000280)) 07:38:37 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000680)={@ipv4={[], [], @broadcast}, 0x0}, &(0x7f00000006c0)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000700)={'tunl0\x00', r1}) bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="39dfd0027d270abfd5"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008913, &(0x7f0000000100)="295ee1311f16f477671070") bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="b40000000002000000000000000000000000950000b5000000006830f5b41a5caa98eec1dd34146ecfab5d2f24c46b293d3651000000000024468cf8923e67118eff4df1d616b4c376781e1a7281bb36c8c1e62f31f6eeebb137e5539c93a72bad308b5a4385f1b9d04899a5a7eae9f9712cce83d89d79d057a49263e891bb1dd6f6ac473b3afeee63f26014c5818814428098456c2f321044b750ad66c04e00000000000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r3 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x100, 0x0) getsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000340)=""/156, &(0x7f0000000400)=0x9c) r4 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xfffffffffffffffa, 0x80) epoll_ctl$EPOLL_CTL_DEL(r4, 0x2, r3) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000140)=0x101, 0x4) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r4, 0x28, &(0x7f0000000080)}, 0x10) 07:38:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x7a000000, &(0x7f0000000400)}) 07:38:37 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) r3 = dup(r2) bind$llc(r3, &(0x7f0000000140)={0x1a, 0x31f, 0x4, 0x3, 0x7fffffff, 0x1}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') r6 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000180)=""/239, 0xef) getdents64(r6, &(0x7f0000000000)=""/188, 0xbc) close(0xffffffffffffffff) write$P9_RCLUNK(r6, &(0x7f0000000100)={0x7, 0x79, 0x2}, 0x7) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:37 executing program 3: r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x3, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c) listen(r0, 0x43) r1 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x8}]}, 0x10) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}}, 0x1c) 07:38:37 executing program 7: r0 = socket$inet6(0xa, 0x1000000000000, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000600)=@broute={'bro\nte\x00', 0x20, 0x3, 0x588, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000040], 0x0, &(0x7f0000000000), &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0xd, 0x0, 0x0, 'nr0\x00', 'ip6gretap0\x00', 'syzkaller1\x00', 'ip6gretap0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], 0x100, 0x180, 0x1b0, [@time={'time\x00', 0x18, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1177bc2cb1875933}}}, @helper={'helper\x00', 0x28, {{0x0, 'tftp-20000\x00'}}}]}, [@common=@CONNSECMARK={'CONNSECMARK\x00', 0x8}, @common=@LED={'LED\x00', 0x28, {{'syz0\x00'}}}]}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8}}, {{{0x11, 0x0, 0x0, 'irlan0\x00', 'lo\x00', 'teql0\x00', 'team_slave_1\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], 0x70, 0x70, 0xb8}}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00'}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0x13, 0x0, 0x0, 'teql0\x00', 'irlan0\x00', 'bridge_slave_1\x00', 'bridge0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], @link_local={0x1, 0x80, 0xc2}, [], 0x1c8, 0x248, 0x290, [@comment={'comment\x00', 0x100}, @vlan={'vlan\x00', 0x8}]}, [@common=@CONNSECMARK={'CONNSECMARK\x00', 0x8}, @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x0, 'syz0\x00'}}}]}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00'}}}}]}]}, 0x600) [ 667.203791] binder: 11383:11384 unknown command 0 [ 667.227909] binder: 11383:11384 ioctl c0306201 20000080 returned -22 [ 667.232753] FAT-fs (loop0): bogus number of reserved sectors [ 667.240610] FAT-fs (loop0): Can't find a valid FAT filesystem [ 667.278342] xt_time: unknown flags 0x30 [ 667.279531] binder: BINDER_SET_CONTEXT_MGR already set [ 667.289521] binder: 11383:11384 ioctl 40046207 0 returned -16 [ 667.300580] FAT-fs (loop0): bogus number of reserved sectors [ 667.306440] FAT-fs (loop0): Can't find a valid FAT filesystem [ 667.323957] binder: 11383:11410 unknown command 0 07:38:37 executing program 3: r0 = socket(0x10, 0xf, 0x3) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f00000002c0)={{&(0x7f0000000180)=""/250, 0xfa}, &(0x7f0000000280), 0x2}, 0x20) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f00006cdffb)="8907040000", 0x5) r2 = shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) shmdt(r2) ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x8) sendto$inet(r1, &(0x7f00000000c0), 0x0, 0x8000, &(0x7f0000000040)={0x2, 0x4e20, @broadcast=0xffffffff}, 0x29e) poll(&(0x7f0000000080)=[{r1, 0x4000}], 0x1, 0x0) sendto$inet(r1, &(0x7f0000000340), 0x0, 0x0, &(0x7f00000003c0)={0x2, 0x0, @broadcast=0xffffffff}, 0x10) [ 667.324006] binder: 11383:11384 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 667.353225] binder: 11383:11410 ioctl c0306201 20000080 returned -22 [ 668.277364] FAULT_FLAG_ALLOW_RETRY missing 30 [ 668.281932] CPU: 0 PID: 11402 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 668.290409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.299741] Call Trace: [ 668.302321] dump_stack+0x1c9/0x2b4 [ 668.305928] ? dump_stack_print_info.cold.2+0x52/0x52 [ 668.311111] ? kasan_check_write+0x14/0x20 [ 668.315332] ? do_raw_spin_lock+0xc1/0x200 [ 668.319553] handle_userfault.cold.33+0x47/0x62 [ 668.324221] ? userfaultfd_ioctl+0x5430/0x5430 [ 668.328796] ? trace_hardirqs_on+0x10/0x10 [ 668.333011] ? lock_release+0xa30/0xa30 [ 668.336965] ? task_numa_work+0xf00/0xf00 [ 668.341094] ? cpu_load_update+0x380/0x380 [ 668.345313] ? userfaultfd_ctx_put+0x810/0x810 [ 668.349883] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 668.354707] ? reweight_entity+0x7ed/0x1100 [ 668.359012] ? __account_cfs_rq_runtime+0x770/0x770 [ 668.364019] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 668.369551] ? perf_trace_lock+0x8c0/0x920 [ 668.373781] ? task_fork_fair+0x680/0x680 [ 668.377919] ? reweight_entity+0x1100/0x1100 [ 668.382329] ? trace_hardirqs_on+0x10/0x10 [ 668.386545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.392073] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 668.396909] ? update_load_avg+0x27d0/0x27d0 [ 668.401300] ? lock_acquire+0x1e4/0x540 [ 668.405258] ? __handle_mm_fault+0x3a38/0x44a0 [ 668.409827] ? lock_downgrade+0x8f0/0x8f0 [ 668.413961] ? kasan_check_read+0x11/0x20 [ 668.418094] ? do_raw_spin_unlock+0xa7/0x2f0 [ 668.422501] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 668.427072] ? kasan_check_write+0x14/0x20 [ 668.431300] ? do_raw_spin_lock+0xc1/0x200 [ 668.435521] __handle_mm_fault+0x3a45/0x44a0 [ 668.439910] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 668.444736] ? kasan_check_read+0x11/0x20 [ 668.448869] ? lock_acquire+0x1e4/0x540 [ 668.452840] ? handle_mm_fault+0x417/0xc80 [ 668.457061] ? lock_downgrade+0x8f0/0x8f0 [ 668.461197] ? lock_release+0xa30/0xa30 [ 668.465166] ? mem_cgroup_from_task+0xcb/0x1f0 [ 668.469749] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 668.474489] handle_mm_fault+0x53e/0xc80 [ 668.478541] ? __handle_mm_fault+0x44a0/0x44a0 [ 668.483119] ? find_vma+0x34/0x190 [ 668.486643] __do_page_fault+0x620/0xe50 [ 668.490685] ? mm_fault_error+0x380/0x380 [ 668.494829] do_page_fault+0xf6/0x8c0 [ 668.498614] ? vmalloc_sync_all+0x30/0x30 [ 668.502745] ? schedule+0xfb/0x450 [ 668.506280] ? lock_acquire+0x1e4/0x540 [ 668.510243] ? __might_fault+0x12b/0x1e0 [ 668.514296] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 668.519131] page_fault+0x1e/0x30 [ 668.522585] RIP: 0010:__get_user_4+0x21/0x30 07:38:38 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x400000, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000000c0)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xffffffffffffff5a) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000080)={'bond_slave_1\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}) close(r3) 07:38:38 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, &(0x7f0000000140), 0x1bbf, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) r3 = accept(r1, &(0x7f00000001c0)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000740)=0x80) connect$unix(r3, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f00000033c0)=[{&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002e80)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, &(0x7f0000000140)}], 0x1, 0x80) socket$pppoe(0x18, 0x1, 0x0) close(r2) 07:38:38 executing program 7: r0 = socket$rds(0x15, 0x5, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1) getsockname$packet(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000380)=0x14) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x4ef, 0x8000) bind$packet(r3, &(0x7f00000000c0)={0x11, 0x4, r2, 0x1, 0x100000000, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xb}}, 0xc) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000100)={0x3, 0x3, 0x100, 'queue1\x00', 0x5}) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) ioctl$KDDELIO(r3, 0x4b35, 0x800) 07:38:38 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) pipe2(&(0x7f0000989000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x3ff}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000280)={r4, 0x200}, &(0x7f0000000200)=0x1005e) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)={0xaa}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r5 = creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r5, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"410f44be5f55ea719cbb6635"}}], 0xe) lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)=@random={'security.', '/dev/null\x00'}) write$P9_RMKDIR(r5, &(0x7f0000000380)={0x14, 0x49}, 0x14) dup2(r1, r3) syz_open_procfs(r0, &(0x7f0000000040)='net/ip_tables_names\x00') 07:38:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x12634840, &(0x7f0000000400)}) 07:38:38 executing program 3: clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) setitimer(0x0, &(0x7f0000000040)={{}, {r0, r1/1000+10000}}, 0x0) mount(&(0x7f0000cec000)='./file0\x00', &(0x7f000001c000)='./file0\x00', &(0x7f0000000200)="000000000099b1c5180418976f20948810449d9e3e36fdaac925cb60fd7560542b2ed4a219ac9bed0e0000079cfc2192c7b0813f220bc0137d07d9ed052e8c6540e736051949ab533f29e1ba15eb4ed31fa197a85caae966f518817382795760c31408a57a3f5b0895d571b013d76dc6669539da54e1fb43bf84a93d433a1cb13d32a76d5eacc78c159e74528c841e2a13e44fd78c894fb8da8aef000000000000", 0x4, &(0x7f0000000280)) [ 668.526973] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 668.546474] RSP: 0018:ffff8801babdf538 EFLAGS: 00010202 [ 668.551839] RAX: 0000000020013e98 RBX: 1ffff1003757beae RCX: ffffc90005630000 [ 668.559106] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 668.566358] RBP: ffff8801babdfcb8 R08: 1ffff1003757be84 R09: 0000000000000000 [ 668.573613] R10: 0000000000000000 R11: dffffc0000000000 R12: ffff880190a28580 [ 668.580876] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 668.588458] ? __might_fault+0x1a3/0x1e0 [ 668.592506] ? sctp_setsockopt+0x1e13/0x6db0 [ 668.596906] ? get_futex_value_locked+0xcb/0xf0 [ 668.601562] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 668.607257] ? trace_hardirqs_on+0x10/0x10 [ 668.611472] ? futex_wake+0x760/0x760 [ 668.615264] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 668.620445] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 668.625968] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 668.631059] ? futex_wait+0x5d2/0xa20 [ 668.634844] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 668.639670] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 668.644854] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 668.650389] ? perf_trace_lock+0x920/0x920 [ 668.654630] ? lock_acquire+0x1e4/0x540 [ 668.658599] ? percpu_ref_put_many+0x119/0x240 [ 668.663191] ? lock_acquire+0x1e4/0x540 [ 668.667150] ? __fget+0x4ac/0x740 [ 668.670601] ? lock_downgrade+0x8f0/0x8f0 [ 668.674739] ? lock_release+0xa30/0xa30 [ 668.678698] ? exit_robust_list+0x290/0x290 [ 668.683007] ? __mutex_init+0x1f7/0x290 [ 668.686960] ? __ia32_sys_membarrier+0x150/0x150 [ 668.691694] ? kasan_unpoison_shadow+0x35/0x50 [ 668.696266] ? __fget+0x4d5/0x740 [ 668.699698] ? ksys_dup3+0x690/0x690 [ 668.703392] ? lock_acquire+0x1e4/0x540 [ 668.707345] ? __fd_install+0x2b2/0x880 [ 668.711298] ? lock_downgrade+0x8f0/0x8f0 [ 668.715428] ? lock_release+0xa30/0xa30 [ 668.719391] ? __fget_light+0x2f7/0x440 [ 668.723344] ? fget_raw+0x20/0x20 [ 668.726788] ? get_unused_fd_flags+0x1a0/0x1a0 [ 668.731364] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 668.736886] ? alloc_file_pseudo+0x281/0x3f0 [ 668.741275] ? alloc_file+0x430/0x430 [ 668.745063] sock_common_setsockopt+0x9a/0xe0 [ 668.749540] __sys_setsockopt+0x1c5/0x3b0 [ 668.753666] ? kernel_accept+0x310/0x310 [ 668.757710] ? do_futex+0x27d0/0x27d0 [ 668.761499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 668.767034] ? fput+0x130/0x1a0 [ 668.770308] __x64_sys_setsockopt+0xbe/0x150 [ 668.774707] do_syscall_64+0x1b9/0x820 [ 668.778602] ? finish_task_switch+0x1d3/0x870 [ 668.783090] ? syscall_return_slowpath+0x5e0/0x5e0 [ 668.788019] ? syscall_return_slowpath+0x31d/0x5e0 [ 668.792935] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 668.797944] ? prepare_exit_to_usermode+0x291/0x3b0 [ 668.802947] ? perf_trace_sys_enter+0xb10/0xb10 [ 668.807597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 668.812423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 668.817596] RIP: 0033:0x455ab9 [ 668.820771] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 668.839933] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 668.847628] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 668.854880] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 668.862131] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 668.869381] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 668.876638] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:38 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r1, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "7ef885a62d8145f331c4aa3b22479ee6ff20f1f6d53980ac54f18ed8fa2cb3b24c53a7448672ec9375cab117dc3efb460c12dbe5fc831c42d31041b3111422"}, 0x19) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) ioctl(r1, 0x4, &(0x7f0000000100)="19178b68a253f708dd3470de6baa06312fb38b90f8aed91c2628477ed0563da49b4934bf13a52ee9d05b95604066187b0e11371397f4162d69243636528ea1728695585ef92c8d573c2de6c687150e73f9939039b641c2f27af91bc61ed0b0dd6e78aedf1f4d09a7312b6b9278b9fefa3ab7205547260e51d57cb7de37015fddf9fdc15c2c942154755125") bind$nfc_llcp(r2, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "553569b25e4ad8406c57cb11ee9c389cafe6c4d4e726203a6303f4b15d3e55dc6328e6f08679c60f52c71ab964adc414683a1f70b85cd10496a1b16dca1b6f"}, 0x60) close(r0) 07:38:38 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="38010000100013070000000000000000fe8000000000000000000000000000ff00000000000000000000ffffac14ffaa00000000000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000033000000ffffffff0000000000007d505833000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e4ffffff0000000000000000000000000000000000000000050000000000000a0001000000000000000000480001006d6435000000000000000000000000000100000000000000000000000000000000080000000000000000000000000000000000000000000000000000000057894bf410f833a2e2210453d1356dd0c7beccdafcda2cc607b186770ece0a3f028b30161516a50d6c0ee0a9ecfdcbd1869341f2ab6b0801bfabfe77c1d61866560f386fdac1bb3de94a495e006eb6f990b33550f4ca5a1375bc4d1abea79c7f1fd785cfc412ce3e03ce6f92fa0fdf93fd68a41a1b7c9498d92318eba2804d262d91878527d9d6e37e42503ba02d485c0609ddfeb33a78cca56d25247fdf6eded6675679ab8da169dfee0f9b17111c44799522a1b2867d6da90ab465c512afce1906831631c973242a95859fcb02e5fb320103ffc8e7932979c0bbf8d15c10d093cc"], 0x3}, 0x1}, 0x0) [ 668.902991] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 668.916244] binder: 11443:11452 unknown command 0 [ 668.922409] binder: 11443:11452 ioctl c0306201 20000080 returned -22 [ 668.934853] binder: BINDER_SET_CONTEXT_MGR already set [ 668.941042] binder: 11443:11452 ioctl 40046207 0 returned -16 [ 668.979537] binder: 11443:11460 unknown command 0 [ 668.988368] binder: 11443:11460 ioctl c0306201 20000080 returned -22 07:38:39 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x2000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r6, 0x402c5342, &(0x7f0000000280)={0x2, 0xf9b, 0x8, {}, 0x1, 0xa25}) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:39 executing program 7: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x200, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x5) r3 = dup3(r0, r1, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000080), 0x0) 07:38:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = getpid() sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) r2 = syz_open_pts(r0, 0x0) read(r0, &(0x7f0000000180)=""/1, 0x3ab) openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x80, 0x0) read(r2, &(0x7f00000000c0)=""/106, 0x6a) ioctl$TIOCSETD(r2, 0x5437, &(0x7f0000000000)) 07:38:39 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snapshot\x00', 0x400000801, 0x0) ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f0000000100)=@generic={0x0, 0x7fffffff}) writev(r0, &(0x7f0000000100), 0x1fc) 07:38:39 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000000340)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x1, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x90) 07:38:39 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000a4c000)={0x10}, 0xc, &(0x7f0000ff5000)={&(0x7f00002a0e50)={0x18, 0x30, 0x3, 0x0, 0x0, {0x400002}, [@nested={0x4}]}, 0x18}, 0x1}, 0x0) 07:38:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x20000000, &(0x7f0000000400)}) 07:38:39 executing program 3: r0 = inotify_init1(0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ptrace$getregs(0xc, r1, 0x8, &(0x7f00000002c0)=""/160) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$peek(0x15, r1, &(0x7f0000000040)) syz_open_procfs(r1, &(0x7f0000000080)='net/ip_mr_vif\x00') wait4(r1, &(0x7f0000000100), 0x0, &(0x7f0000000200)) 07:38:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond_slave_1\x00', 0x0}) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RUNLINKAT(r3, &(0x7f0000000040)={0x7, 0x4d}, 0x7) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_u='version=9p2000.u', 0x2c}]}}) write$P9_RREADDIR(r3, &(0x7f0000000480)={0x2a, 0x29, 0x1, {0x1, [{{0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffea, './file0'}]}}, 0x2a) write$P9_RREADDIR(r3, &(0x7f00000004c0)={0x49, 0x29, 0x1, {0x0, [{{}, 0x0, 0x0, 0x7, './file0'}, {{}, 0x0, 0x0, 0x7, './file0'}]}}, 0x49) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_client='access=client', 0x2c}]}}) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000240)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv4_deladdr={0x18, 0x15, 0x201, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r1}}, 0x18}, 0x1}, 0x0) 07:38:39 executing program 6: socket$inet6(0xa, 0x1000000000002, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, &(0x7f000000affc)=0x20) sigaltstack(&(0x7f0000001000/0x1000)=nil, &(0x7f0000000000)) sigaltstack(&(0x7f0000001000/0x4000)=nil, &(0x7f0000000040)) 07:38:39 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x7, 0x800) fstat(r0, &(0x7f0000000180)) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)="290000001800190000003fffffffda0602000000fde800010758bc399adc69abf22d020005495ae6d7", 0x29}], 0x1) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000080)) [ 669.198284] binder: 11475:11476 unknown command 0 [ 669.209035] binder: 11475:11476 ioctl c0306201 20000080 returned -22 [ 669.245639] binder: BINDER_SET_CONTEXT_MGR already set [ 669.251563] binder: 11475:11476 ioctl 40046207 0 returned -16 [ 669.261553] binder: 11475:11476 unknown command 0 [ 669.267260] binder: 11475:11476 ioctl c0306201 20000080 returned -22 07:38:39 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x80000000008912, &(0x7f0000000280)="025cc83d6d345f8f762070") getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x4000)=nil, 0x4000}, &(0x7f0000000040)=0x10) ppoll(&(0x7f0000000080)=[{r0, 0x2}, {r0}, {r0, 0xf0db6cd389e005a4}, {r0, 0x400}, {r0, 0x82}, {r0, 0x100}, {r0, 0x1}, {r0, 0x4000}, {r0, 0x1080}], 0x9, &(0x7f0000000100)={0x77359400}, &(0x7f0000000140)={0xf1}, 0x8) fanotify_init(0x29, 0x0) 07:38:39 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc2604111, &(0x7f0000000000)="0307b9a0e0418e60fd36e6") 07:38:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4068aea3, &(0x7f00000001c0)) ustat(0x5, &(0x7f0000000080)) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000000)={0xffffffffffff9e5d, 0x8}) 07:38:39 executing program 6: unshare(0x20000000) clone(0xa0718a6924206ffc, &(0x7f0000001ffa), &(0x7f00001a6000), &(0x7f0000e05ffc), &(0x7f0000000000)) r0 = dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x80000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r1, &(0x7f0000000080)={0xa}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100)={0x303, 0x33}, 0x28) r2 = fcntl$dupfd(r1, 0x0, r1) recvmsg(r2, &(0x7f0000000440)={&(0x7f0000000340)=@sco, 0x80, &(0x7f00000002c0)}, 0x40010141) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x1, 0x4) 07:38:39 executing program 5: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='\\selfX)\x00', 0xffffffffffffff9c}, 0x10) write$P9_RREADDIR(r0, &(0x7f0000000100)={0x87, 0x29, 0x1, {0x4210, [{{0x80, 0x1, 0x2}, 0xff, 0x7, 0x7, './file0'}, {{0x25, 0x4, 0x7}, 0x3, 0x7, 0x7, './file0'}, {{0xfd3a9985d487c0fe, 0x3, 0x1}, 0x10001, 0xf6f, 0x7, './file0'}, {{0x4, 0x4, 0x3}, 0x1, 0x1ff, 0x7, './file0'}]}}, 0x87) io_getevents(0x0, 0x0, 0x0, &(0x7f0000000200), &(0x7f0000000280)={0x77359400}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40000, 0x0) epoll_create1(0x2bff559cd2735c43) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000040)=0x5, 0x4) [ 669.812700] tls_set_device_offload_rx: netdev lo with no TLS offload [ 670.061206] QAT: Invalid ioctl [ 670.206705] FAULT_FLAG_ALLOW_RETRY missing 30 [ 670.211278] CPU: 0 PID: 11492 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 670.219769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 670.229115] Call Trace: [ 670.231690] dump_stack+0x1c9/0x2b4 [ 670.235305] ? dump_stack_print_info.cold.2+0x52/0x52 [ 670.240479] ? rb_erase+0x3550/0x3550 [ 670.244281] handle_userfault.cold.33+0x47/0x62 [ 670.248935] ? plist_check_list+0x7e/0xa0 [ 670.253070] ? plist_check_list+0xa0/0xa0 [ 670.257204] ? lock_acquire+0x1e4/0x540 [ 670.261171] ? userfaultfd_ioctl+0x5430/0x5430 [ 670.265741] ? trace_hardirqs_on+0x10/0x10 [ 670.269968] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 670.275322] ? plist_del+0x4a1/0x9d0 [ 670.279020] ? perf_event_update_userpage+0xd30/0xd30 [ 670.284194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.289722] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 670.294892] ? cgroup_rstat_updated+0xe6/0x470 [ 670.299457] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 670.303847] ? update_curr+0x200/0xc00 [ 670.307717] ? reweight_entity+0x1100/0x1100 [ 670.312124] ? trace_hardirqs_on+0x10/0x10 [ 670.316359] ? kasan_check_read+0x11/0x20 [ 670.320490] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 670.325056] ? compat_start_thread+0x80/0x80 [ 670.329452] ? lock_acquire+0x1e4/0x540 [ 670.333415] ? __handle_mm_fault+0x3a38/0x44a0 [ 670.337992] ? lock_downgrade+0x8f0/0x8f0 [ 670.342139] ? kasan_check_read+0x11/0x20 [ 670.346273] ? do_raw_spin_unlock+0xa7/0x2f0 [ 670.350660] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 670.355236] ? kasan_check_write+0x14/0x20 [ 670.359455] ? do_raw_spin_lock+0xc1/0x200 [ 670.363675] __handle_mm_fault+0x3a45/0x44a0 [ 670.368071] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 670.372906] ? __sched_text_start+0x8/0x8 [ 670.377038] ? kasan_check_read+0x11/0x20 [ 670.381174] ? lock_acquire+0x1e4/0x540 [ 670.385133] ? handle_mm_fault+0x417/0xc80 [ 670.389355] ? lock_downgrade+0x8f0/0x8f0 [ 670.393489] ? lock_release+0xa30/0xa30 [ 670.397448] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 670.402881] ? mem_cgroup_from_task+0xcb/0x1f0 [ 670.407443] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 670.412184] handle_mm_fault+0x53e/0xc80 [ 670.416231] ? __handle_mm_fault+0x44a0/0x44a0 [ 670.420802] ? find_vma+0x34/0x190 [ 670.424327] __do_page_fault+0x620/0xe50 [ 670.428372] ? mm_fault_error+0x380/0x380 [ 670.432507] do_page_fault+0xf6/0x8c0 [ 670.436304] ? vmalloc_sync_all+0x30/0x30 [ 670.440441] ? schedule+0xfb/0x450 [ 670.443965] ? lock_acquire+0x1e4/0x540 [ 670.447932] ? __might_fault+0x12b/0x1e0 [ 670.451976] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 670.456814] page_fault+0x1e/0x30 [ 670.460251] RIP: 0010:__get_user_4+0x21/0x30 [ 670.464634] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 670.483796] RSP: 0018:ffff8801babdf538 EFLAGS: 00010202 [ 670.489141] RAX: 0000000020013e98 RBX: 1ffff1003757beae RCX: ffffc90005630000 [ 670.496394] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 670.503654] RBP: ffff8801babdfcb8 R08: 1ffff1003757be84 R09: 0000000000000000 [ 670.510903] R10: ffffed00327ceef1 R11: ffff880193e7778b R12: ffff880193e77700 [ 670.518153] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 670.525432] ? __might_fault+0x1a3/0x1e0 [ 670.529478] ? sctp_setsockopt+0x1e13/0x6db0 [ 670.533885] ? get_futex_value_locked+0xcb/0xf0 [ 670.538539] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 670.544244] ? trace_hardirqs_on+0x10/0x10 [ 670.548458] ? futex_wake+0x760/0x760 [ 670.552241] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 670.557418] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 670.562935] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 670.568034] ? futex_wait+0x5d2/0xa20 [ 670.571818] ? futex_wait_setup+0x410/0x410 [ 670.576120] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 670.581293] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 670.587142] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 670.592231] ? futex_wake+0x304/0x760 [ 670.596019] ? lock_acquire+0x1e4/0x540 [ 670.599975] ? percpu_ref_put_many+0x119/0x240 [ 670.604539] ? lock_downgrade+0x8f0/0x8f0 [ 670.608672] ? lock_acquire+0x1e4/0x540 [ 670.612625] ? __fget+0x4ac/0x740 [ 670.616058] ? lock_downgrade+0x8f0/0x8f0 [ 670.620191] ? lock_release+0xa30/0xa30 [ 670.624151] ? lockdep_init_map+0x9/0x10 [ 670.628199] ? exit_robust_list+0x290/0x290 [ 670.632500] ? __mutex_init+0x1f7/0x290 [ 670.636457] ? __ia32_sys_membarrier+0x150/0x150 [ 670.641195] ? kasan_unpoison_shadow+0x35/0x50 [ 670.645762] ? __fget+0x4d5/0x740 [ 670.649200] ? ksys_dup3+0x690/0x690 [ 670.652907] ? lock_acquire+0x1e4/0x540 [ 670.656865] ? __fd_install+0x2b2/0x880 [ 670.660820] ? lock_downgrade+0x8f0/0x8f0 [ 670.664968] ? select_collect+0x610/0x610 [ 670.669098] ? lock_release+0xa30/0xa30 [ 670.673059] ? __fget_light+0x2f7/0x440 [ 670.677012] ? fget_raw+0x20/0x20 [ 670.680446] ? get_unused_fd_flags+0x1a0/0x1a0 [ 670.685013] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 670.690534] ? alloc_file_pseudo+0x281/0x3f0 [ 670.694923] ? alloc_file+0x430/0x430 [ 670.698724] sock_common_setsockopt+0x9a/0xe0 [ 670.703201] __sys_setsockopt+0x1c5/0x3b0 [ 670.707329] ? kernel_accept+0x310/0x310 [ 670.711387] ? do_futex+0x27d0/0x27d0 [ 670.715174] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 670.720691] ? fput+0x130/0x1a0 [ 670.723955] __x64_sys_setsockopt+0xbe/0x150 [ 670.728345] do_syscall_64+0x1b9/0x820 [ 670.732221] ? finish_task_switch+0x1d3/0x870 [ 670.736699] ? syscall_return_slowpath+0x5e0/0x5e0 [ 670.741610] ? syscall_return_slowpath+0x31d/0x5e0 [ 670.746523] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 670.751524] ? prepare_exit_to_usermode+0x291/0x3b0 [ 670.756524] ? perf_trace_sys_enter+0xb10/0xb10 [ 670.761175] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 670.766007] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 670.771177] RIP: 0033:0x455ab9 [ 670.774348] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 670.793510] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 670.801199] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 670.808451] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 670.815700] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 670.822948] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 670.830199] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 [ 670.862576] QAT: Invalid ioctl [ 670.964512] FAULT_FLAG_ALLOW_RETRY missing 30 [ 670.969097] CPU: 1 PID: 11535 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 670.977569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 670.986916] Call Trace: [ 670.989488] dump_stack+0x1c9/0x2b4 [ 670.993096] ? dump_stack_print_info.cold.2+0x52/0x52 [ 670.998280] ? kasan_check_write+0x14/0x20 [ 671.002504] ? do_raw_spin_lock+0xc1/0x200 [ 671.006724] handle_userfault.cold.33+0x47/0x62 [ 671.011375] ? userfaultfd_ioctl+0x5430/0x5430 [ 671.015938] ? trace_hardirqs_on+0x10/0x10 [ 671.020153] ? lock_acquire+0x1e4/0x540 [ 671.024116] ? cgroup_get_e_css+0x1bf/0xb30 [ 671.028419] ? lock_downgrade+0x8f0/0x8f0 [ 671.032549] ? lock_release+0xa30/0xa30 [ 671.036505] ? cgroup_css.part.17+0x12c/0x200 [ 671.040983] ? userfaultfd_ctx_put+0x810/0x810 [ 671.045563] ? cgroup_get_e_css+0x140/0xb30 [ 671.049883] ? lock_acquire+0x1e4/0x540 [ 671.053846] ? wb_get_create+0x35e/0x1f10 [ 671.057972] ? lock_downgrade+0x8f0/0x8f0 [ 671.062111] ? trace_hardirqs_on+0x10/0x10 [ 671.066328] ? lock_acquire+0x1e4/0x540 [ 671.070282] ? __handle_mm_fault+0x3a38/0x44a0 [ 671.074853] ? lock_downgrade+0x8f0/0x8f0 [ 671.078986] ? kasan_check_read+0x11/0x20 [ 671.083126] ? do_raw_spin_unlock+0xa7/0x2f0 [ 671.087514] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 671.092077] ? kasan_check_write+0x14/0x20 [ 671.096292] ? do_raw_spin_lock+0xc1/0x200 [ 671.100515] __handle_mm_fault+0x3a45/0x44a0 [ 671.104908] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 671.109730] ? debug_check_no_obj_freed+0x30b/0x595 [ 671.114736] ? __wake_up_common_lock+0x1d0/0x330 [ 671.119474] ? lock_acquire+0x1e4/0x540 [ 671.123428] ? handle_mm_fault+0x417/0xc80 [ 671.127640] ? lock_downgrade+0x8f0/0x8f0 [ 671.131778] ? lock_release+0xa30/0xa30 [ 671.137046] ? rcu_note_context_switch+0x730/0x730 [ 671.142047] ? mem_cgroup_from_task+0xcb/0x1f0 [ 671.146605] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 671.151343] handle_mm_fault+0x53e/0xc80 [ 671.155391] ? __handle_mm_fault+0x44a0/0x44a0 [ 671.159961] ? find_vma+0x34/0x190 [ 671.163481] __do_page_fault+0x620/0xe50 [ 671.167522] ? mm_fault_error+0x380/0x380 [ 671.171667] do_page_fault+0xf6/0x8c0 [ 671.175457] ? vmalloc_sync_all+0x30/0x30 [ 671.179605] ? do_raw_spin_lock+0xc1/0x200 [ 671.183918] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 671.189438] ? __mark_inode_dirty+0x495/0x1550 [ 671.194000] ? __inode_attach_wb+0x13e0/0x13e0 [ 671.198564] ? ext4_xattr_inode_set_class+0x60/0x60 [ 671.203570] ? get_futex_value_locked+0xcb/0xf0 [ 671.208225] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 671.213051] page_fault+0x1e/0x30 [ 671.216486] RIP: 0010:iov_iter_fault_in_readable+0x1bf/0x460 [ 671.222264] Code: ff ff ff 76 17 eb 3f e8 bf f8 1a fe 49 81 c4 00 10 00 00 4c 39 a5 30 ff ff ff 72 32 e8 aa f8 1a fe 0f 1f 00 0f ae e8 45 31 ed <41> 8a 14 24 0f 1f 00 31 ff 44 89 ee 88 95 58 ff ff ff e8 9a f9 1a [ 671.241399] RSP: 0018:ffff8801c6527688 EFLAGS: 00010246 [ 671.246752] RAX: 0000000000040000 RBX: 1ffff10038ca4ed3 RCX: ffffc90005c33000 [ 671.254011] RDX: 00000000000002b6 RSI: ffffffff8361ae16 RDI: 0000000000000005 [ 671.261282] RBP: ffff8801c6527760 R08: ffff88019a104440 R09: ffffed003b17c643 [ 671.268531] R10: ffffed003b17c643 R11: ffff8801d8be321b R12: 0000000020011fd2 [ 671.275779] R13: 0000000000000000 R14: 0000000000000030 R15: ffff8801c6527bc8 [ 671.283042] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 671.288213] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 671.293385] ? copy_page_from_iter+0x890/0x890 [ 671.297949] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 671.302953] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 671.308131] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.313668] ? timespec64_trunc+0xea/0x180 [ 671.317881] ? inode_init_owner+0x340/0x340 [ 671.322188] generic_perform_write+0x21b/0x6c0 [ 671.326752] ? generic_update_time+0x26a/0x450 [ 671.331316] ? add_page_wait_queue+0x2c0/0x2c0 [ 671.335876] ? file_update_time+0xe4/0x640 [ 671.340101] ? current_time+0x1b0/0x1b0 [ 671.344054] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 671.349053] ? generic_write_checks+0x385/0x5d0 [ 671.353703] ? page_endio+0x630/0x630 [ 671.357484] ? ext4_file_write_iter+0x2a1/0x1450 [ 671.362221] __generic_file_write_iter+0x26e/0x630 [ 671.367132] ext4_file_write_iter+0x390/0x1450 [ 671.371700] ? kernel_text_address+0x79/0xf0 [ 671.376088] ? ext4_file_mmap+0x410/0x410 [ 671.380212] ? __fget+0x4d5/0x740 [ 671.383655] ? ksys_dup3+0x690/0x690 [ 671.387351] ? save_stack+0xa9/0xd0 [ 671.390963] ? save_stack+0x43/0xd0 [ 671.394578] ? __kasan_slab_free+0x11a/0x170 [ 671.398964] ? kasan_slab_free+0xe/0x10 [ 671.402917] ? kmem_cache_free+0x86/0x2d0 [ 671.407045] ? putname+0xf2/0x130 [ 671.410478] ? do_sys_open+0x569/0x720 [ 671.414344] ? do_syscall_64+0x1b9/0x820 [ 671.418389] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.423737] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 671.429254] ? iov_iter_init+0xc9/0x1f0 [ 671.433219] __vfs_write+0x6af/0x9d0 [ 671.436927] ? kernel_read+0x120/0x120 [ 671.440810] ? lock_release+0xa30/0xa30 [ 671.444765] ? check_same_owner+0x340/0x340 [ 671.449075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.454590] ? __sb_start_write+0x17f/0x300 [ 671.458900] vfs_write+0x1fc/0x560 [ 671.462421] ksys_write+0x101/0x260 [ 671.466026] ? __ia32_sys_read+0xb0/0xb0 [ 671.470063] ? filp_open+0x80/0x80 [ 671.473580] ? ksys_ioctl+0x81/0xd0 [ 671.477186] __x64_sys_write+0x73/0xb0 [ 671.481052] do_syscall_64+0x1b9/0x820 [ 671.484929] ? syscall_return_slowpath+0x5e0/0x5e0 [ 671.489852] ? syscall_return_slowpath+0x31d/0x5e0 [ 671.494759] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 671.499754] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 671.504578] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.509746] RIP: 0033:0x455ab9 [ 671.512908] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 671.532049] RSP: 002b:00007f9d30fc2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 671.539735] RAX: ffffffffffffffda RBX: 00007f9d30fc36d4 RCX: 0000000000455ab9 [ 671.546981] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000019 [ 671.554229] RBP: 000000000072bff0 R08: 0000000000000000 R09: 0000000000000000 07:38:41 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000400)='/dev/sequencer\x00', 0x20000, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000440)=0x3, 0x4) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x80000) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) msgget$private(0x0, 0x11) r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000140)={0xffffffffffffffff}, 0x13f, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r4, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x2, {0x6a0a, 0x8, "551a4ff071c4ed90f5f188437777ca0b71222a411f5b27b6227b3416061314760497a3997b71ff208b5e8770f8f44ec3d5282ae9652cff97c815a1659edfb7ad19f5bd45549afc621c608fec224291de57ec066994811aa1e5130f0250fcd2a491ee401a8515045138cce8ba27b868ce20fd88ab04f3af472f5878b36f74c89117dd4d7f3c51d8f49c345b4ad908c3c4f301bea5b418b6f5b436a1807759472360997248f19b23794040d5ba239be9db50fd8d3c001440324c4125e72afbebb2f52caa3b47418696bbeba8b1d2299be32ac03bf819804e295762ac60dd4b82edf355779045cd09d20aec471fe7c820936da191034d1e16f7f503f8ebc2e42256", 0xf1, 0x7fff, 0x0, 0x3, 0x7f, 0x1ff, 0x2}, r9}}, 0x128) 07:38:41 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) syncfs(r0) connect$pppoe(r2, &(0x7f00000004c0)={0x18, 0x0, {0x100003, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 'ip6_vti0\x00'}}, 0x1e) ioctl$KVM_KVMCLOCK_CTRL(r1, 0xaead) connect$pppoe(r1, &(0x7f00000000c0)={0x18, 0x0, {0x2, @random="277a4c148d89", 'bridge_slave_0\x00'}}, 0x1e) socket$xdp(0x2c, 0x3, 0x0) ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x3, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 'ip6_vti0\x00'}}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x200100, 0x0) getsockopt$inet6_int(r3, 0x29, 0x4d, &(0x7f0000000140), &(0x7f0000000180)=0x4) getsockopt$bt_l2cap_L2CAP_LM(r3, 0x6, 0x3, &(0x7f0000000080), &(0x7f0000000100)=0x4) 07:38:41 executing program 7: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000240)=ANY=[@ANYBLOB=',4/'], 0x3) r2 = semget(0x3, 0x400000000008003, 0x4) semctl$SEM_INFO(r2, 0x4, 0x13, &(0x7f00000000c0)=""/127) 07:38:41 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000100)}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x8c0, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000380)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x2, 0x70bd2d, 0x25dfdbff, {0xf}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x59}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x100000001}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8080) r4 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x54, 0x0, &(0x7f0000000300)=[@release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), &(0x7f0000000080)}}}], 0x0, 0x0, &(0x7f00000000c0)}) 07:38:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x40086310, &(0x7f0000000400)}) 07:38:41 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x200000, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x9}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={r1, 0x9}, &(0x7f00000001c0)=0xc) getpeername$packet(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000080)=0x14) r2 = socket$inet_smc(0x2b, 0x1, 0x0) ftruncate(r2, 0x5) listen(r2, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000200)={r1, 0x1}, &(0x7f0000000240)=0x8) shutdown(r2, 0x2) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000280)={0x11d}, 0x4) poll(&(0x7f0000000100)=[{r2}], 0x1, 0x0) 07:38:41 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000080)) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') sendmsg$FOU_CMD_ADD(r0, &(0x7f00000009c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x14, r2, 0xffffffffffffffff, 0x0, 0x0, {0x1}}, 0x14}, 0x1}, 0x0) r3 = dup3(r0, r0, 0x80000) ioctl$EVIOCGEFFECTS(r3, 0x80044584, &(0x7f0000000000)=""/55) 07:38:41 executing program 6: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) truncate(&(0x7f0000000300)='./bus\x00', 0xa00) r1 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) lseek(r0, 0x40000, 0x0) sendfile(r0, r1, &(0x7f0000000040), 0x8000fffffffe) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000140), 0x8) r3 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000340), &(0x7f0000000180)}}, &(0x7f0000044000)=0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) timer_settime(r4, 0x1, &(0x7f000006b000)={{0x0, 0x8}, {r5, r6+10000000}}, &(0x7f0000000100)) r7 = socket$nl_crypto(0x10, 0x3, 0x15) rmdir(&(0x7f0000000200)='./bus/file0\x00') mount$9p_fd(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='9p\x00', 0x100000, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@mmap='mmap', 0x2c}]}}) tkill(r3, 0x401104000000016) [ 671.561478] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 671.568735] R13: 00000000004c2d5c R14: 00000000004d4da0 R15: 0000000000000002 [ 671.603589] binder: 11544:11546 unknown command 0 [ 671.610320] binder: 11544:11546 ioctl c0306201 20000080 returned -22 [ 671.621964] binder: BINDER_SET_CONTEXT_MGR already set [ 671.631532] binder: 11550:11556 ioctl 40046207 0 returned -16 [ 671.639493] binder: BINDER_SET_CONTEXT_MGR already set [ 671.645271] binder_alloc: 11544: binder_alloc_buf, no vma [ 671.650815] binder: 11544:11565 unknown command 0 [ 671.650834] binder: 11544:11565 ioctl c0306201 20000080 returned -22 [ 671.655982] binder: 11550:11556 transaction failed 29189/-3, size 0-0 line 2967 07:38:41 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x2bd, 0x0) ioctl$KVM_GET_LAPIC(r1, 0x8400ae8e, &(0x7f0000000180)={"183399f4d420ab603b5f70df7b32b5d68afbf74a12536600cc1f4861b374affd07458f1237f9f5513c62769571b4e1b960ece9b8173763d2b621771d79f482596987d052c233b360fa7dc40217bcbe999ed5d4fe133d3e6811b505a850c8d53ca032824e11d9e54c994356c5e6ca41a9397763ba91e3bb6540bebc397191856d0e414c4c0d9c814b43bdd670ef2dbbea0a77814a354a34993f76ebac9943f36fbed62c9d51cdc43842d641b8e2b9856665aa2c98d69044e53822fd868e772fab48a0231892c5873f8ed3d6bec78521d17ab16db00af0c5021adc43d79508108bb6702360e1ba81a0a9cf983ce8ef371e392e36f5a2ef4d0178c4c833d5c1fa2b6dc63fd944d00689292a708db69d31ffd872e0992237fb53b1589ee9bf5a1a07ca739a0a4ebd15a22bc4d28114efef2732d1777eb597612cb00b7593b403ef395ac477e601c359192c4d55d325c048c58115f176deacfd304bdb8f7bc068546c9d350a2ff0bef6a41c4d0e5c524111ab99ca318a276fd914b5281a7d72689fe13d041961872eadfe3e43468eb784e89b9603020de643fa1eaf0669000fa6909823efb07d1536b27b4e4d636033a5448963573e0b647a4b26095f654d4ab7294c8e481427d0f70be556bd6bfedbc12d4de99250a2ee4db8da3442d053277cdfda819c45905514dad03381447c0dab3e3c56bc1a1ec10539207d7197f7263176a4a1b3aae994deff5de80dd71785096a1c3fc9e589488fc759dbee2bfe8c6e62f2b2aa4bd37d7c9c36d91f91e1be674b8bb4a371a2a84303f2ba6fdb019b1fccf10fc9178c4cacf164d05afb839a57b26df629c1f9918d8770eea7a89f8d931760f91b0ac5978a0c3890bcbb0bae753fde67957f1c8357bfc3c365afc1d1023f18f128dc69831dc115762cbd8b315421ffcd26bd3198eb00631fb660bf8239dd52236655c54199a4f49b740880bcce3f2e6df8eec3bb539fc33053f5b42908e2e4bce5a650e44ac6e46a60244c188c6063c4f103a50b8c5d4ba413f7dd90612e3c8f36de5e3e7099fb980bb2bf80e367e95103e77adb8aad1a461f2edec0001afd1283596beb853d7cf6bf2a7ab1ab97db4fcd4b817ad9c4377fe694658eb4b5b3bc63e1774fcfce552db1acf384ae3fdda3205a56c4437fb7131cf627eacff201fcd804525c2ae4adc252abc4f0d33e061f46beba7b9aad6a29988ed04594821f33350306c99817b19b5e345e3dbf93f0d3d9b42cfc92debe912ea57a65c87d0a5201a0ceda98faea8795e6c3b0c12972e968a79100e5497120ecbf718e218d7cc4440dbef4f2042db175898680cbff5f6815dc34713ecaf0d02bf0c8e9113add647728de81b1f8bb113fb048f63ab47baeed70cebfbe5f7c0d84de97b5b76d9d67de528bd4b88a9b8eeaa2af6278fdc43f9244c4a2398e4801010bc265107b8b"}) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x4}, 0x1c) sendmmsg(r0, &(0x7f000000ac80)=[{{&(0x7f0000001240)=@un=@file={0x0, './file0\x00'}, 0xfe2f, &(0x7f0000001600), 0x0, &(0x7f0000000400)}}, {{0x0, 0xfffffffffffffeee, &(0x7f00000004c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00ff000000000398fd"], 0x10}}], 0x2, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x1, r1}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40, 0x0) 07:38:41 executing program 5: socketpair(0x9, 0xf, 0x4, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3) r1 = socket$inet6(0xa, 0x8000e, 0x7f) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r2, 0x0) poll(&(0x7f0000000100)=[{r2}], 0x1, 0x3) 07:38:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x6c00000000000000, &(0x7f0000000400)}) 07:38:41 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8914, &(0x7f00000000c0)="025cc83d354943eb6d34428f2d2a70") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) fsetxattr(r1, &(0x7f0000000000)=@known='security.capability\x00', &(0x7f0000000040)="000000037970652700000004000000070000204500000000", 0x18, 0x0) 07:38:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2}) r3 = socket$inet6(0xa, 0x1, 0x0) symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00') io_setup(0x4, &(0x7f00000000c0)=0x0) io_submit(r4, 0x1, &(0x7f0000000700)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f00000004c0), 0x0, 0x0, 0x0, 0x1, r2}]) [ 671.677535] binder: 11544:11546 ioctl 40046207 0 returned -16 [ 671.710135] binder_alloc: 11550: binder_alloc_buf, no vma [ 671.715784] binder: 11550:11567 transaction failed 29189/-3, size 0-0 line 2967 07:38:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000000000000002000000000000a00000000000001000000000000000000000da000000000000000000000000000000000000"]) 07:38:41 executing program 7: r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x9, 0x28c082) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000040)=0x2) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000001680), 0x8) [ 671.747050] binder: BINDER_SET_CONTEXT_MGR already set [ 671.763808] binder: 11580:11581 ioctl 40046207 0 returned -16 [ 671.775025] binder: undelivered TRANSACTION_ERROR: 29189 [ 671.781584] binder: 11580:11581 unknown command 0 [ 671.787933] binder: undelivered TRANSACTION_ERROR: 29189 07:38:41 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x8000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f000091dff8)='./file0\x00', &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 671.820041] binder: 11580:11581 ioctl c0306201 20000080 returned -22 [ 671.863321] binder: 11580:11598 unknown command 0 [ 671.870614] binder: 11580:11598 ioctl c0306201 20000080 returned -22 [ 672.549391] FAULT_FLAG_ALLOW_RETRY missing 30 [ 672.553965] CPU: 0 PID: 11563 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 672.562439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.571772] Call Trace: [ 672.574348] dump_stack+0x1c9/0x2b4 [ 672.577977] ? dump_stack_print_info.cold.2+0x52/0x52 [ 672.583171] ? rb_erase+0x3550/0x3550 [ 672.586976] handle_userfault.cold.33+0x47/0x62 [ 672.591895] ? plist_check_list+0x7e/0xa0 [ 672.596039] ? plist_check_list+0xa0/0xa0 [ 672.600192] ? lock_acquire+0x1e4/0x540 [ 672.604154] ? userfaultfd_ioctl+0x5430/0x5430 [ 672.608730] ? trace_hardirqs_on+0x10/0x10 [ 672.612948] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 672.618292] ? plist_del+0x4a1/0x9d0 [ 672.621990] ? perf_event_update_userpage+0xd30/0xd30 [ 672.627180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.632711] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 672.637881] ? cgroup_rstat_updated+0xe6/0x470 [ 672.642446] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 672.646835] ? update_curr+0x200/0xc00 [ 672.650702] ? reweight_entity+0x1100/0x1100 [ 672.655096] ? trace_hardirqs_on+0x10/0x10 [ 672.659312] ? kasan_check_read+0x11/0x20 [ 672.663440] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 672.668019] ? compat_start_thread+0x80/0x80 [ 672.672413] ? lock_acquire+0x1e4/0x540 [ 672.676377] ? __handle_mm_fault+0x3a38/0x44a0 [ 672.680949] ? lock_downgrade+0x8f0/0x8f0 [ 672.685097] ? kasan_check_read+0x11/0x20 [ 672.689229] ? do_raw_spin_unlock+0xa7/0x2f0 [ 672.693619] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 672.698191] ? kasan_check_write+0x14/0x20 [ 672.702406] ? do_raw_spin_lock+0xc1/0x200 [ 672.706640] __handle_mm_fault+0x3a45/0x44a0 [ 672.711037] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 672.715863] ? __sched_text_start+0x8/0x8 [ 672.720005] ? reweight_entity+0x7ed/0x1100 [ 672.724310] ? lock_release+0xa30/0xa30 [ 672.728272] ? lock_acquire+0x1e4/0x540 [ 672.732227] ? handle_mm_fault+0x417/0xc80 [ 672.736442] ? lock_downgrade+0x8f0/0x8f0 [ 672.740572] ? lock_release+0xa30/0xa30 [ 672.744528] ? mem_cgroup_from_task+0xcb/0x1f0 [ 672.749090] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 672.753830] handle_mm_fault+0x53e/0xc80 [ 672.757877] ? __handle_mm_fault+0x44a0/0x44a0 [ 672.762443] ? find_vma+0x34/0x190 [ 672.765969] __do_page_fault+0x620/0xe50 [ 672.770013] ? mm_fault_error+0x380/0x380 [ 672.774163] do_page_fault+0xf6/0x8c0 [ 672.777959] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 672.783390] ? vmalloc_sync_all+0x30/0x30 [ 672.787526] ? lock_acquire+0x1e4/0x540 [ 672.791482] ? __might_fault+0x12b/0x1e0 [ 672.795529] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 672.800376] page_fault+0x1e/0x30 [ 672.803817] RIP: 0010:__get_user_4+0x21/0x30 [ 672.808208] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 672.827382] RSP: 0018:ffff88019398f538 EFLAGS: 00010202 [ 672.832727] RAX: 0000000020013e98 RBX: 1ffff10032731eae RCX: ffffc90005630000 [ 672.839976] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 672.847228] RBP: ffff88019398fcb8 R08: 1ffff10032731e84 R09: 0000000000000000 [ 672.854477] R10: ffffed00327cede9 R11: ffff880193e76f4b R12: ffff880193e76ec0 [ 672.861726] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 672.868988] ? __might_fault+0x1a3/0x1e0 [ 672.873037] ? sctp_setsockopt+0x1e13/0x6db0 [ 672.877439] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 672.883131] ? migrate_swap_stop+0x850/0x850 [ 672.887524] ? kasan_check_write+0x14/0x20 [ 672.891741] ? trace_hardirqs_on+0x10/0x10 [ 672.895960] ? __account_cfs_rq_runtime+0x770/0x770 [ 672.900960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.906481] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 672.911824] ? update_load_avg+0x27d0/0x27d0 [ 672.916219] ? perf_event_update_userpage+0xd30/0xd30 [ 672.921393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.926911] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 672.932084] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 672.936477] ? alloc_empty_file+0x72/0x170 [ 672.940693] ? run_rebalance_domains+0x4c0/0x4c0 [ 672.945431] ? finish_task_switch+0x1d3/0x870 [ 672.949907] ? lock_downgrade+0x8f0/0x8f0 [ 672.954034] ? finish_task_switch+0x18a/0x870 [ 672.958514] ? lock_acquire+0x1e4/0x540 [ 672.962471] ? __fget+0x4ac/0x740 [ 672.965905] ? lock_downgrade+0x8f0/0x8f0 [ 672.970035] ? lock_release+0xa30/0xa30 [ 672.973995] ? trace_hardirqs_on+0xd/0x10 [ 672.978125] ? _raw_spin_unlock_irq+0x27/0x70 [ 672.982600] ? finish_task_switch+0x18a/0x870 [ 672.987077] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 672.992508] ? __fget+0x4d5/0x740 [ 672.995942] ? ksys_dup3+0x690/0x690 [ 672.999637] ? __schedule+0x884/0x1ea0 [ 673.003513] ? __fget_light+0x2f7/0x440 [ 673.007473] ? fget_raw+0x20/0x20 [ 673.010909] ? get_unused_fd_flags+0x1a0/0x1a0 [ 673.015485] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 673.021003] ? schedule+0xfb/0x450 [ 673.024524] ? alloc_file+0x430/0x430 [ 673.028326] sock_common_setsockopt+0x9a/0xe0 [ 673.032802] __sys_setsockopt+0x1c5/0x3b0 [ 673.036929] ? kernel_accept+0x310/0x310 [ 673.040975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.046496] ? syscall_slow_exit_work+0x500/0x500 [ 673.051323] __x64_sys_setsockopt+0xbe/0x150 [ 673.055714] do_syscall_64+0x1b9/0x820 [ 673.059581] ? finish_task_switch+0x1d3/0x870 [ 673.064058] ? syscall_return_slowpath+0x5e0/0x5e0 [ 673.068983] ? syscall_return_slowpath+0x31d/0x5e0 [ 673.073894] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 673.078904] ? prepare_exit_to_usermode+0x291/0x3b0 [ 673.083901] ? perf_trace_sys_enter+0xb10/0xb10 [ 673.088554] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 673.093381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 673.098551] RIP: 0033:0x455ab9 [ 673.101719] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 673.120882] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 673.128570] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 673.135822] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000016 [ 673.143083] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 673.150343] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 673.157592] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:43 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) rmdir(&(0x7f00000000c0)='./file0\x00') setxattr(&(0x7f0000000000)='.\x00', &(0x7f0000000040)=@known='user.syz\x00', &(0x7f0000000080)='./cgroup\x00', 0x9, 0x1) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x100000001, 0x0) mq_timedsend(r1, &(0x7f0000000140)="21b0f4fcb472252a0d4960650e245c3993595ebc23dd42791207fa9e0277b5e24903e41b912c51cd9a2fb410c447e5af5842822c2b498ee3a1846b93d444baddc12633e282dd03bf05a6b234cbdec54f5770d726ebf59c9886e184d326d9694232bec261c712159b8c11a9a8117e3f6b6f7a3815016487160b4749a03e6ee0202f30667c2abadd65dfa21b60e0bcf51c", 0x90, 0x7f, &(0x7f0000000200)={0x0, 0x1c9c380}) 07:38:43 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x40, 0xa9, 0xa37, 0x1, 0x1}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1801001000e3aa47a02748136c893a04ffb4"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) recvmmsg(0xffffffffffffffff, &(0x7f0000008500)=[{{&(0x7f0000000380)=@sco, 0x80, &(0x7f0000001880)=[{&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000000580)=""/252, 0xfc}, {&(0x7f0000000680)=""/211, 0xd3}, {&(0x7f0000000300)=""/12, 0xc}, {&(0x7f0000000400)=""/70, 0x46}, {&(0x7f0000000480)}, {&(0x7f0000001800)=""/113, 0x71}], 0x7, &(0x7f0000001900)=""/40, 0x28, 0x4}, 0xb9}, {{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000001940)=""/120, 0x78}, {&(0x7f00000019c0)=""/80, 0x50}, {&(0x7f0000001a40)=""/24, 0x18}, {&(0x7f0000001a80)=""/93, 0x5d}], 0x4, &(0x7f0000001b40)=""/58, 0x3a, 0x2}, 0x5}, {{&(0x7f0000001b80)=@hci={0x0, 0x0}, 0x80, &(0x7f0000004200)=[{&(0x7f0000001c00)=""/4096, 0x1000}, {&(0x7f0000002c00)=""/249, 0xf9}, {&(0x7f0000002d00)=""/153, 0x99}, {&(0x7f0000002dc0)=""/135, 0x87}, {&(0x7f0000002e80)=""/4096, 0x1000}, {&(0x7f0000003e80)=""/239, 0xef}, {&(0x7f0000003f80)=""/137, 0x89}, {&(0x7f0000004040)=""/124, 0x7c}, {&(0x7f00000040c0)=""/255, 0xff}, {&(0x7f00000041c0)=""/62, 0x3e}], 0xa, &(0x7f00000042c0)=""/6, 0x6, 0x200}, 0x3}, {{&(0x7f0000004300)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f00000046c0)=[{&(0x7f0000004380)=""/157, 0x9d}, {&(0x7f0000004440)=""/54, 0x36}, {&(0x7f0000004480)=""/104, 0x68}, {&(0x7f0000004500)=""/81, 0x51}, {&(0x7f0000004580)=""/60, 0x3c}, {&(0x7f00000045c0)=""/211, 0xd3}], 0x6, &(0x7f0000004740)=""/4096, 0x1000, 0x2}, 0x7}, {{&(0x7f0000005740)=@xdp, 0x80, &(0x7f0000006c80)=[{&(0x7f00000057c0)=""/156, 0x9c}, {&(0x7f0000005880)=""/91, 0x5b}, {&(0x7f0000005900)=""/22, 0x16}, {&(0x7f0000005940)=""/208, 0xd0}, {&(0x7f0000005a40)=""/94, 0x5e}, {&(0x7f0000005ac0)=""/4096, 0x1000}, {&(0x7f0000006ac0)=""/58, 0x3a}, {&(0x7f0000006b00)=""/117, 0x75}, {&(0x7f0000006b80)=""/186, 0xba}, {&(0x7f0000006c40)=""/64, 0x40}], 0xa, &(0x7f0000006d40)=""/57, 0x39, 0x6}, 0x100}, {{&(0x7f0000006d80)=@in={0x0, 0x0, @local}, 0x80, &(0x7f0000007f40)=[{&(0x7f0000006e00)=""/253, 0xfd}, {&(0x7f0000006f00)=""/4096, 0x1000}, {&(0x7f0000007f00)=""/30, 0x1e}], 0x3, &(0x7f0000007f80)=""/161, 0xa1, 0x1}, 0x3}, {{&(0x7f0000008040), 0x80, &(0x7f00000083c0)=[{&(0x7f00000080c0)=""/21, 0x15}, {&(0x7f0000008100)=""/4, 0x4}, {&(0x7f0000008140)=""/247, 0xf7}, {&(0x7f0000008240)=""/230, 0xe6}, {&(0x7f0000008340)=""/22, 0x16}, {&(0x7f0000008380)=""/45, 0x2d}], 0x6, &(0x7f0000008440)=""/181, 0xb5, 0x9}, 0x300000}], 0x7, 0x0, &(0x7f00000086c0)={0x0, 0x989680}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x20000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x13, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x2, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x27}], &(0x7f0000000140)='GPL\x00', 0x41, 0xa7, &(0x7f00000004c0)=""/167, 0x0, 0x0, [], r1}, 0x48) 07:38:43 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000fc0000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000914ff0)={0xfff7fffffffffffe, 0x0, &(0x7f00000001c0)}) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x101000, 0x0) 07:38:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xf630c40, &(0x7f0000000400)}) 07:38:43 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) r2 = memfd_create(&(0x7f00000009c0)="7b757468ef8069ec4a5f747970656c6f00e7bf0cba288fff5d76a23533315a3fdc139cd717bd42728077eec3f64d730a4afc0852b4824b3523f6d3aecc9787a99203106e325fcb61db934934d5c4de26c96f6c2b351b0fa453f368387f433fda0d41ce1e824e6985499449cfd979b7d0572b9cbf5d6201f4640aabeb61080b20c9ea83bbcb672972f122b1500ca238cd366e870a647bc745ce74224b554fe9574147b4f2e7bf0d9fc391eaa692e591b4d768931eb79ced68aad3c2166930cb0ff1280d29a27c8a2b1b037e2a9e17583b9997fd4ff64f81465e71b4bd940a599853b6d6f649ad91c55273612d225a196c247cdcffff0000000000007df3ec555e9657b9d2a481041b31e21cd59cdaab0740ed6e248cc86b4336544112059ae39d2045b8c8d205cf4b6356a1903a0bdb1e6381a97acfdfdd7b2869075cff9957457b", 0x0) ftruncate(r1, 0xde5) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2=0xe0000002}, 0x10) getsockopt$inet6_opts(r2, 0x29, 0x3f, &(0x7f00000002c0)=""/185, &(0x7f0000000200)=0xb9) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10002004}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='U$\x00\x00', @ANYRES16=r3, @ANYBLOB="350728bd7000fddbdf25050000000800050009000000080006000900000008000400ffff000014000200080002004e2200000800040001040000080006001a000000"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x40804) sendfile(r1, r2, &(0x7f0000000580), 0x7ff6) 07:38:43 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000040)=0x5) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0) write$tun(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="4456eec56331772a40980ee910304c36b9fcd2fc0ed84388a51fc99c5a02b60f4eb8388f3e45e40c46d7b3b87d52689919b80f30a3047d9165c78118ad2ed1187ba52a88db211edda6742125e8577793e48a1e0a8b119103add775b382c890865032de300a0f97a6733fca75239ea7481f578a498fc9447954b9166c34ca17a7bc6accf310f77be6c97a77d4c444f037fc0ad840f2824155ee81683a8cff86cd4f77a78ae2f854d88983a0d0b5776842bfd794c968e051d08fe879118385faf8161a0ee029c094eb7ec501e0803a2abcbd09257dcd8e3ddd673b74f3cdd6fcb142aedd655e81e95385717abd96d1bc83fd0ee460425561beacbd6e46ddf62235b251b2ddc6348023cee82ce7296ce23cbda372e6e2988423e6b78240b003529cc5a88a48d3ffae0ef5c27bbe8693d8cb5b0fcb4523a1a95c0277cc1de8d760d33c22edf75d08c0dd80fcd7a3367d527d79cb0836af9058fb3d3d4bd0da17a77d0da25b43bf10978adb2efe2328476c0ba587eaaa94f88d46da2a0028a7c0950f0283b59408ba69803f4340624e30d6059dee9d9da2322098d1a75a368a64154d20b49a3130716d1aeab74c3bb7cd66343601f41c41496dd109985524b8b318f0c69980f7f60e077228096bcdee1d00337140fa3d7234bc11508384fa1ce4db875ee5b761883735d0c4580b6e41eb9ec40725aaa13c1712476b9ff087134a5308afe7d71f5d3a1bdb798c88653b6d24e94595d050c3794c3e0b14f2363e479bb80fef97f55bf017774676b237888db0f5bffa8c4a0ba7e86e9ff7bcc55e6b81df6188bde32b6194851a2c35f8db5f0d039591e7e18079dcbdc03a3708c094e58c46ae9e"], 0x1) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x0) close(r2) semget$private(0x0, 0x4, 0x200) 07:38:43 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000640)="025cc83d6d345f8f762070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r1, &(0x7f0000000080)={0xa}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000001c0)='tls\x00', 0x4) connect$unix(r1, &(0x7f0000001780)=@file={0x0, './file0\x00'}, 0x6e) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100)={0x303, 0x33}, 0x28) open(&(0x7f0000000000)='./file0\x00', 0x40000, 0x1a1) 07:38:43 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x6, 0x400000) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:43 executing program 7: r0 = bpf$MAP_CREATE(0x0, &(0x7f000039a000)={0x5, 0x100, 0x100, 0x2}, 0x2c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000269fb8)={0x1, 0x5, &(0x7f00000affc8)=@framed={{0x18}, [@map={0x18, 0x0, 0x1, 0x0, r0}], {0x95}}, &(0x7f000039cff6)='syzkaller\x00', 0x8, 0x1000, &(0x7f000039c000)=""/4096}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00002e4fe0)={0xffffffffffffffff, &(0x7f000039ef3f)="cee90b93528da1f1f78ccb416f66c7a36e2af052a2b8df7391951ae0c1add09de490c30ebff5eb07778386600b1f3e3abbb045eb04a10d0be8e58d8a80d1d44adcb7bcfc9b7bfb67174224f61e0d04cf015d81b2604170ad7915dde2c2ade05e3fe26a56b13bdb9e1865b286a8a5925ce91e6bd5cc4bde443040182b8be95fca3f27f736b79b2579388809b93a17d2c98b0a50eb1b361aa40be7860dd5d5f45747ec46d7720a"}, 0x20) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x10000, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0xc) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000002c0)={0xffffffffffffffff}, 0x111, 0x100f}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000340)={0x5, 0x10, 0xfa00, {&(0x7f00000000c0), r3}}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f000032a000)={r1, 0x50, &(0x7f000039efb0)}, 0x10) 07:38:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000180)='\x00', 0x2) r2 = openat$cgroup_ro(r1, &(0x7f0000000140)='io.stAt\x00', 0x0, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000280)=0x8) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udp\x00') r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f00000001c0)={0x2, 0x0, [0x40000002]}) ioctl$sock_SIOCDELDLCI(r4, 0x8981, &(0x7f00000002c0)={'irlan0\x00', 0x7fff}) syz_kvm_setup_cpu$x86(r0, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000040)="9a74a900002d010fc7af76f368c8b9800000c00f3235001000000f3066b814010f00d02ef2670f01320fc71f660f388245560f21820f22dd0f35", 0x3a}], 0x1, 0x0, &(0x7f0000000100)=[@flags={0x3, 0x1}, @cr0={0x0, 0x80000008}], 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x7, 0x1, 0x105000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) [ 673.458142] tls_set_device_offload_rx: netdev not found [ 673.462607] binder: 11621:11622 unknown command 0 [ 673.477382] binder: 11621:11622 ioctl c0306201 20000080 returned -22 [ 673.492687] tls_set_device_offload_rx: netdev not found 07:38:43 executing program 0: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000101000)={@random="cd390b081bf2", @link_local={0x1, 0x80, 0xc2}, [], {@can={0xc, {{0x0, 0xffffffff, 0xffffffffffffffc0, 0x6}, 0x0, 0x1, 0x0, 0x0, "530dcb33a93a99b7"}}}}, 0x0) 07:38:43 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000d300000000028000007a0a00ffffffff006b01"], &(0x7f0000000000)="47504c00bc3047eb525f484f89fc96dd6ca64da40ff023122e66f6", 0x0, 0xce, &(0x7f0000000500)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000900000000000000050000000000000000000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x80000001, 0x228, &(0x7f0000000300)=""/187}, 0x48) 07:38:43 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f00000001c0)={'lo\x00', {0x2, 0x0, @broadcast=0xffffffff}}) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='lo\x00', 0xffffffffffffff9c}, 0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000080)={0x0, 0xfffffffffffff001, 0x4fc013a9df1f7957, 0xffffffff, 0x101}, &(0x7f00000000c0)=0x18) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000100)={r2, 0x3}, 0x8) 07:38:43 executing program 6: mknod$loop(&(0x7f0000000240)='./bus\x00', 0x1000, 0x0) creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) [ 673.514673] binder: BINDER_SET_CONTEXT_MGR already set 07:38:43 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETPERSIST(r0, 0x8927, 0x0) 07:38:43 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x20, 0x10000) ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f00000001c0)={"76e25b88fbe07738a44fa290f0fec5714e7af2fc8d058d305e588103b819cb8a15ca87e88e2a6f4ad497d61854c9455bff75b266d2119988197ce9ac57a97c2c11eb08137201f32a1ecefa1a14a52737df198c1b366ed276f5e9fcddca953625ab1f24e8e53e9c2e39e80159b8444a4f63ce4a7498b28a4243ec03306cefc63f3bf0f020e8dea9df315a5e0121c07ef3e52c90c08c336014fb345bdaf9e407b7359f40b87509b773bdced22e4cfe2c7b56ce89dafea30055f10f95ccd9e3c2c1d995be02a387e2ef3dd95690b1a72ced0c88c9b507caae7e9635d89059374a33d1f079360c68fe0f88b5a34a403eaa90fff920c0d9ca2d7f0dcd3ddbca8d4be7e580739d57d21cfa778955faaeea074136facd26147f590aef24fce1364ac757d2b2983657456adafabf2736a7a22538f3f2d660a205bb69549a45e44a34e6ba65dc96a0f395b2008b92972cdcc6d6f157dbbccbafe027093088688a244b61b943dfc7be235a89e5a3753fa534998287496631e5e32a374f3240759a264bf4e6ea7443f5c9e608b080de980286b88a181d20493b19fb6306525efa8139ce16f4032e64b754c33143adb1394aa5902be40dc8965f1e47d7cbd7a051cf10fe101389909295b83ca15bf18485b1bfd66803b5ade14051d3a2467d239c2a57bf5235089a59fdd58e54a98c8587dcf92e0235386f0233219f1a97e5a82f015913f7d64f59465d168025a6b8452b90df7600ddf5f03714d0313fc90b3a851621716f87c7ece8ca1cb96da8cc1ef8eec89a4fd8885b5dcae63bb7013347108309c38529dd2194fd97443f8232142715ef3387709e1d1b7c8a42e2c6f33519f2e390cc4dd3b363b8ac2718cc59d2195889eabdb03436db54c4b18be83d2579f7bfff249852d04fc00f52740be60958ca646ca6f35b9ddb1607626f222c698bf0ab02e59b032534bc3d0d2582d54c790e276005f50d90499a252739262daa8f03e0dbb6d60332b07c9eba7511b3d9f909145a4d74e1d3042a47427fe548f5b4f2a08515a3f3a5cdc91efab2d4a0db24bdead6b23762995ae53136a34fdde86081c101e637d47828783cd913d866b8d77b00858e4ea4d833440117d617b64d110574a238da72b3f3da9bb2217ca362ca36be4e5f7b0f90a2f095ca3703dea4ae512513cd20c902916a33e44b3fb7d79151c1b4548523fde26ec7c4c44d4f70f0f2a33a1b6cf012bb734fa73d5a4f482fc8ddebd10347a1d97738063108f055b350a250419062cd6c32992e8b85a7645b209ae438178a2831f1c6cabbc8a62ceda2fe4b260bd0f23dceabb963fab5c49667b682f33c77c0f1e49d6517560b3dd79e5a891a49d4d44f6cf5af0cdd9c6c4fc39d6263ff3d341794a6d509a85129742054084138e825c9cd1150f200c4e0f73bab2b9e32c43de1e7c4820104329b5d5d8b00cab6"}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000040)="025cc80a2b345f8f762070") signalfd4(r1, &(0x7f0000000000)={0x1}, 0x8, 0x800) prctl$setname(0xf, &(0x7f0000000180)='%//\x00') setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f00000005c0)={'filter\x00', 0x0, 0x0, 0x0, [], 0x7, &(0x7f0000000100)=[{}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}]}, 0xe8) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) [ 673.556812] binder: 11621:11622 ioctl 40046207 0 returned -16 07:38:43 executing program 0: setitimer(0x0, &(0x7f0000a0b000)={{0x0, 0x2710}, {0x77359400}}, &(0x7f0000000040)) alarm(0x6e8) 07:38:43 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) close(0xffffffffffffffff) 07:38:43 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000740)='/dev/uinput\x00', 0x0, 0x0) sendfile(r0, r0, 0x0, 0x1) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/11, 0xb}], 0x1) [ 673.600190] binder: 11621:11639 unknown command 0 [ 673.608409] binder: 11621:11622 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 07:38:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x600, &(0x7f0000000400)}) 07:38:43 executing program 7: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) recvmsg(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x5a, &(0x7f0000000000), 0x18d, &(0x7f0000000340)=""/148, 0x94}, 0x0) sendmmsg(r0, &(0x7f0000004600)=[{{&(0x7f0000000000)=@rc={0x1f, {0x800, 0x18, 0x1, 0x80, 0x40000, 0x7}, 0x9e3}, 0x80, &(0x7f0000000400)=[{&(0x7f0000004740)="000048e745c79bb52ff98be16fab34b58d4a1a0c637600a854e3fde09733d4ca62316829299a86985edc6f30a59b69b3deb933725f4dd19b29edce1ab8658babd67ecea705441a0e2296326326dc445d1419fae3200452c9ba5c8d6b7c705bd6e819f6dcef9e2e17ffffffb46729a322c42fec78a661617c8cfbca2ea97b2b9a687f1da81f2b46f9cdf73d1d243f1e706600776e97bf58aba651d71eeecc023d9db04e54eb8682d4b0f23033c953238c9d94c9bd6d37becc5cd5badc0a76906bab84c3fa8c234756e0522bcc9cdb3a7270aa29d4365127ad9c5e3de68ec65aec2a6c53708b13eb77c3063b3f3e8d6e46e519ddc659081df731113f44de3ba60cda95b1626abdcdbd26bfbb3e8d8a1c94dbd75f7f5166d605f8717934b8eddb77b6eea200b179e21ef746c557f58f4f678a528766267a2a3467db310c673104188c2776dcd4ecda0cf31c451044a5d960377ffa2ad993b1efe5099b7b6f857b951bf87d17e17ee28270ffa54af343c0a1f430c64ab8b3c3a816601e7300000000", 0x180}, {&(0x7f0000000140)="6fc7659f0d4adc78f422982a56ccc6b0cb85f188f3231e80614870cf55192c99b5e84cbbeee206485dc44ecee48560e88a682ff6aee33e033f5b49224fbf0f32c104dfc0fcf901bd702f7f416ed72634f390c21ce11aa5107b89463b82e2898b4b11", 0x62}, {&(0x7f00000001c0)}, {&(0x7f0000000240)="87f558db8862032d237782f18a36c585238ac7b5e3043fd1f3aa96843593aaf4c9ab5529b3d5dec44ff7f68469b8ef45ce7a9f4654abf8640fc6e29fc7d51ce8eea27fad646b77637e63fb342045d3cf7812cfdf15350c84ef4752c0971433cb9033a4ca9b004fa69329d64ee1f45b03cde770dab61b0877cbda2dd60493d49058a0a3e0f7c9e3aef06cc5dc0a4b5eeb88e8e3c204aa017af5794d55ac3293b042e95b7bb19dfcfee1d9a23756c90d33146e870f877f4afa1781923c916fdd591993f2d770c1ac29ee7794e9bcff0cf8951d49d1bad91beb8b8870e08ab3c82fddf974ce47a695011afce7b04f4083b5a28dc5a893", 0xf5}], 0x4, &(0x7f0000000480)=[{0x58, 0x109, 0x7fffffff, "e7812782450c348f27b3cdc90b130939659c0bb45f5535a828c6663173d4d141e2a0ebd6f901392f48c8fd880e2ac6acaf32a4b6a2fe9fc521e66c09eb254d9843636e8b"}, {0x100, 0x112, 0x200, "6df570ceed6424b7df5401dd07a4427400483e5ea60b87a62f30c8b9cf3543115dfe0d609d772f53c41dfb2d7f1db6f5eea85d204c92d9fdc30968bab1d5b5b4bc210beae800b926216a76c8ce475f51fcb8e0999fa8b47e24cb6099bd5364ad8a6729445e605e659d028472895eafc59fd5f0ff67a337add8365e661a70bf7302604c4ae195c694b928db7072f80c8ce0911385c23d63a65fad8cf065df2b4d6054c97a096489c34c4f5c8a5f2e97b05ed2ea790671ab647852316e3a34ab8c58517c9c72a6e977736fbbac125b67fdb36bf03abf3dc01058bc1515b1d8109c2cc33a960834fb3328"}, {0x48, 0x10a, 0x2574cef1, "9256e3034e239135c922899ff16d33d85df2c884d9400172ed6f72cff99ef264e61641161a8700926cf8580587105250a20cdb"}, {0xe8, 0x10b, 0x1, "af956eb3bd7d0c41fcf9bdfc4a9aa1c12f137478c4992550a85355631928986f684bfced47673e4641e1163e6632c46589e7fb741638ff2b2af0f82f488bb7d0d78737ac47925d884071cf8a7bbade67ca41d00db16c0aefbebb13a06bcc44fa3a4d5aa29f0486c6f95bdbce908b928d7a3b8bb85291403c334e3ba7fffd51c85be207c11a165d8f9fcdb6a637de1ce4918703e7f5e72f8b87ce2682fd19fda58be93bd334737bb34130a539b88d87dbc548ada09a0b8544f3ab4cdee4d2593cb0051bac83680caf249dadde70dcb4d46d"}, {0x30, 0x29, 0xffffffffffffffff, "4b490ce4fea2c3ff10c09290ec4a3bd88a7b272f4ed49a8dad7c7389ee"}, {0x20, 0x10f, 0x8, "64d004832f2abd127b"}, {0xa0, 0x1ff, 0x8, "943c206bd544eed311462fe30f12a2e53c3dc2598af786d38d03db41484446ea83551686a5906b70118d2aa5dff1ce606d02552e56eb554806dbfbc942c0dca6f667be33d9db2bf9a33e94171a27bcc47470d0c177b72dfaf3747c0d16cd550d58add887712431362ebaaf84b22bfd9098fcc50e2941af29b948a4c39e88e7ee4f93557c27dd8487c835dc1e544e"}, {0x98, 0x1ff, 0x1000, "cacc12491928ee0c4d27fcea241ef8ac33ae4c62a039c968fce0f36cddbb4d0bb15a55ba46190c32afc59c5a361863759cc6a956a48c3b737f7b3ea348b1388cf56b61ee8c94abe56a92883bc669dea1d01dc407bd46b5c1f403e6e0ecba0b5a3125089f0e04cb9a586feafa6857b7c6c05d4377c630040eb4bc4f1415d3acb0925328eaebba"}], 0x410, 0x40010}, 0xe40}, {{&(0x7f00000008c0)=@in6={0xa, 0x4e20, 0x3d77, @mcast1={0xff, 0x1, [], 0x1}, 0x8}, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000940)="f3b159d49a0b3e6e1b032e3c6ad00f19d789f95ae62079f6e1bbe34b5c0e362496130a4bd7ad1832a3d0e784de55ee88c74551c6f9193760668f372126c958bed90f105a8fa8c658d6e74829430c050fe7adf627449e2d96f41ef982d6dc49881d4e11", 0x63}, {&(0x7f00000009c0)="8c85a4e1419e8d642f395fc6f8aa8477a844a7fbe37e5970933a936285e9ce3ee7424a01021ade5023285d9a608e996c3440df5f6fe6fb2e80d4edeaf1197c472736393546f1efd67be61348c2732959750dd9f2382a00b20a", 0x59}, {&(0x7f0000000a40)="997b36e5fa7547c8605fc8777157d085a200d3a55be53bc641c4a044a9994fed5d27d7c1a1fc85786720b87b4a28864d645fdc1a970063557d26cdbd8420a374a8ed425ee59810a00bdb5fe109125113835f869dc26e1d859eff1341df500c4ddc3013f0e0baae7cd22204289147928c3a1db99ab748bea65c48b0d9523ec2f0def59b3c1b4120135c30d1f7feccbfbf7c0ce8ec85894b05ed", 0x99}, {&(0x7f0000000b00)='p', 0x1}], 0x4, &(0x7f0000000b80)=[{0x48, 0x109, 0xd9, "c6d7e434f660a4bf368d90bb3f5366f4c98bf5c73625d521ec34a0628c4cbe8207415fe2cde9dfacc752c6af77261f5668294c6a"}, {0xe0, 0x118, 0xfff, "e8dbce9173b5bd2bc660502546826eeedafa9adfbf7b70c08bfaafd641ee191e6d90c6caa54ad68ca0408f54fb0f2465d1a86f33fb3fc77cfbff717639c13fdfe8f24b8879529339af2d90305ed2b241b6109164ef357da122554719167129b39d71dbafced9124afdf39cdb3b634a49db716908da43bcca15899e219352bc6255f423b9fd6e833bdacb7452c1c47ed46d6a9e0e3a572b707d735adc0f49c84c4d9c299db76700c3d705f8dbabd50655b4d430b371d5e082f7c4f767091b2a6b40f52258ffd8020ace"}, {0x20, 0x10b, 0x0, "08cb0a6bf096e4a6c25e103bead2"}, {0x98, 0x95, 0x576, "dfa9d09a1dbbdcfa393c6f181f865e6f489a752e5b52187da4ee90a63e7bdccddd56a63263ebdf851117b84b043166e510d21d145a60d76affe869d0a2aabac04889b1a724294f8f191473e28b905615ee7588fa050a938ad934b03cdfd1e620bc6e5fbcdf367993cfda60e667c57750c189bc9d24d927625ed7172f2e39524172dcbe1b"}, {0x1010, 0x10e, 0x401, "0c09ade817b0504fe0e5349765fca4e280e1d52f25385f44dc737a3fc8fdf4b8036e1771c271e1c8d802dc074c6df010d28bf9c5e65be7a603b60ab7106705e8b312f873a2f0144996661c5c09bc4c42fe8812c9e3c57c4a0895611fded8669b43e8c406a7dfa34d1fa7c0143c11e16a5c8518b2b65c267f5df8ed7cdd7690599ac7c5e6bfc5bb1e0d745fdf2da3f5a43afa3c2bf92d2247517d1093b53bdb28c48f9fbb9fa8738b58975bae9cc7e54a7f35f8563488cb5def683dc789e893750e08fc566bdb235ab1afad7e17c1f3648c873e7c52dc37fab22b66eaa5492d4d53eb37bf963bb00cae48e53e9b84577ce3559823ead2c60670286b5fdf6d85e5b0bf01915f4e4e99b70d5f68ac640fdef24cd029e41721c689a225137f57472c5cd3740edf53c890a3ae26bbf6d98f59a738ecb99317b8fadf4a2c8fa4be48a0deac9d43c2daf8c3e16701539281d10dc2f7cec2892c8f35dde9237eb2fedf05406d0c4ea3ae39ce0bcc13368c487775d59a1434831a397f5c696f0d61d93b7f21c386db8abc54022a33ff4330b2a643cb6fa848de83bd2227289ecb1f22c64da313fd47f9c66395a548caa268c343a6332f7f369f466bd29b93812dcc154575c6f5d1135ca08994797448e69823064f52084239c584fba9b821f747f3461c467d0a2c2d0df81bb2d77f09bc90d7ad192dd9fc4e77e23fe1739458b75cafdeb8544d54808cbb7570c13070f5108791ae353fd8160542d9dfefcdfbd4f1a7691a727d2504da21f6f3aca95e93723b377da6f0a34f6ec6bb8e07f36faf7894fd69800997c3d0c346f24d21bc084ebfc9bdcbe36bab030796f5fde442bdf43e79de166fe0e672d97b701b1180887b56e160e6159c328603f31642860cdc3381007be3ed0cd7a565e312813870bc7a52e90d0a1a886d36726258b935ea0fab369a5a55c3e34b38f2cd54894385a8876c65c5d6b6dce00c76106c2a0668a97ace5e878ff735261542938a795ba7be3eae80a1fadea88870821fe78c67f0255c287da01717ee01fe80a2081e180025ebe9eb5740b935265a2f406c2fe813bef86c0072a9cc949bf6eb6d9779ce42f57e41fa5dee4da48809571865d9fef8fadea4fca0b7329644f1289c8b8e9c4b1395e50cf6a2b1f977e1111ba91e139304dda0898b68ddaf398a1ed26ad7ec310b33d010e1be192c829696c9b61ab8809c76d3a5797ccc74cbf952a04d025c4def21041d6c2ae798c5fd94a00512402400e0c2833e345b237b864f9396c4684103b6c2daa7b3d0a69fee5d60c25cadc8157ac3f2c8b9a85e4b472e3543bfba897d917c435c5224866c77c828aa3dacc238a76772a632e3057f8f46451c393e3df5f1f2443421a32bb9414fc2eff4e9690997792da16481b93344c5844a1b8caa21d7026c4810bf5fcc85bca3ca31bde42048b1378f6a3d012fedbec4e6b5fa8a7b813b1234a1280234e161be082bfafb0f0bc4b6c152bf60002993eb92d921e4901ee4f34fa8f96b5bc9ecd255ac86e43f59b22b8900cede0770fcc4f32927d024dc8bbab665652c271bca0045fe30a38dbb1188652f1399b83d0b078ae68bad91230781dbb955e2790dd231901afe313f968b1e90e94fec73e6f4874dae71d4973c18402a2ed8ab924241de9a893418ba97b32b5ab14b9477633550ade319b617d54380bdac25536152dd24322802787dbc0a5a5acc330af946f33944bbbe353d8e89c759bbcf168c83825c87a2451b7076f26d28212d7ad11e2461432865a5e35c818737bcedeef0a5a71e3d7f069c5557725dc10cf30b98bf53102d0db7656b8cae760d45461e0da6fd2aefec1da3054ae0c3a22bd74f187775ec3864d2b83abd8b65b19ffb47d182487b78f9ca4741b89b840b6697fb6adc6cf5f06eacaccf2844096c4236f53936b169f4db3ce6c890ddfd6383f901231389627914402522cfb56f76b2d39ca3105671e189de858b3520a8380e4f99d4a2aa5dc02c6611c724a281c041e2c7cd85029da6604276b238c6a4a908dd1235b114acb586bb404c8aa895ea73decd2a0e2ceb6a6564b52cea7bbdfc8a21f14cb4f32b278f76f19981d976854165f8088de6f84c85e0bf160012c7fcb4df4a9cdb161821f0e449d133509a21f8c8cd692f7fe7bef1f17b1fa74e4941df1a38351fdbebddf809832ed29bcfafe6925f8261e8fd4edad0ef0dd3fe54a9f14bc6ad53eb1a642d2a1295f78e14e446579191673964e121cddc50b3eb2cca32592e8c9607929605a4eb1f4424e494cbc6648127803626ad52cdf5815fd474a94466e2f7fb971eef66b76704a3119f8b862ee385d1918d740f5030e68576c23613d3c536fce94a026d6fa3702970503279ab63c175000a4711a56b79502b828f1fe938ca49f6c6ce3066523df27d090e35052e00b15aaae52a49fb5d120dc4fd0d970b3615b7d2f513f5d9346c5776526c9bff1fe5834525c0b587249f695fd52dd8dffc1533a7bd5978fb2e413df5d45f718cdebab0a256089ee0855faa4c6c8c3f309e7f2ccbd7a8085163270cf566337c8b13430e13e0708640392df59be2f08ba6769a2cb80c100d7e969a570f7807d7492fb073bda9489a888865b73611c028b0b6c87d8d47c6b138d13b22e8b7214ad434b545129da1f94391a1e6f187d65f23d438ad43de13be59a3f86d19bbc8510ce022ea843c926b0248c7453d77db9ea5587209f6602d4a0dbb4c3716bd7ee4560db174e2154aaf273ff435d7e72ee487cfb6656eb7f3e1ceb083bc6eb8845820ea333ed202b4f8f72f3a5500020f5818b7622b6eeb0a4c18b1cd89bf9799b1a862a7f741b17b9f2bfadca565c5ec413da97da6b0ab3787da29a660ab429dfb5de299bc93e9330bb0c2d2ea45d3e69523a18a6f375d965429881a491e2a3ab74e5d8ae992308dd4f3cc20249616577f307e3e6a9d8ad10a081aafb23601dbf9198c6ee7b199cb260e915e970cefc3a3b36048d163a2f219ced92286afffde2a582f9d866e7ec2e658871b7c0203f05669af1f923e1b20d0ccde6150cc84e759c00bd1868813cd209158f7a15e658275a5f7fa8618ae4f2863905dab8b94086c05dfbc542bc43c7dfef8e7166a70ec0a7b5e9f487a870169f34c2488009d4baf0c0705dd13c184e8622e84f766b21e66501c81522d38ba1cfc9a40d9e18631f2deea49f0a07e3b3a339e288fbfd26b5ee7a44bf2f9ae201f0f556a2dd7df714f02b2aa87edc151a3012b5428efca2cd6c5a7d8608ac4508649a33fdcf87ad91495d5fc345461a692b23b96de462cc245ed64155ddfa52666095f24977603b1569f160184905e40582ea8830f8864d9baf52fbf15a50b11c7544fce546b6c6150816d11eb276b40d39f2d846ff33c3f0fc9d75c695e1787144a809311e2357f7b6aadbd3372aea16109f9d3fd33bd0f8dcf5b378a9398214cb72cb0071a663ccca5556bb8306049d8b0c84793bd4cbdb922ce5c4a9bf275754f391bd0cd8bbbc13f30a3b2e51c8144fb94321510d6fd6f8344b549bb2680de8c5a9c9eb32e032b467207068ec0a4bc64c4e07d50bc24d64a50f43f50cdc849f67fd53e4d3db7c16c99192e07435d485e038a421505c4f81eb918183ee1a2205385e8c3e173224dc0f9e5aa623fbd47b583f840df07d3f1cbf8006a1f5faebf437fc45576dfdd6aa7945b560e5a455161e605895d6344ef001cbdb130c7e61a82d5082f52255f379d8feb53ffd916c28a27391427520184f20cdd4849bec06a5cb976a29a2df38d6c53c0ee99ebec7be16ba42a273ab5b0faa8185bbd44b8aa7bb8ac0afe0eb7291a3e42e9235fbe30dd15c3bdf6dd09f02cee27ce5a237a17b1d34ff7939c7615e9c055cac95ed9cefc6ab51ed3bee225705ec3e1cd06ec4d235ce5ff99f830bd7a55ca3d5d8947113683fcfb0435a4a92341f91fb5dee8074dc26f6c1259292ab607a41f038d4bc642de9540af3a4832200ce193b508ad5194838c8be061b5d00024962bdac2ca054fd87c4f75ffda7369424b13e21d5cb9e2f65dd9c610fab1db15e9a1e95b9ae15d6c0f8428e23ec50ef38754042e7955a7cc13dc69ceb247a2aaa4aa73826ae846d7fdf8f97ffb25df75f076184f5f6065c903328f01679759ee4032aaf05173a5f298bccf5c73e0f181b0a094bf52f5db05021b2dd99154c6fc2da8bafd9ce752ffc8346fd8c9ad59da53e7f43527137fab692f29582e8b5e3dd94f3a9bf61a4435434233d2ab40ec4529b3e25172234e907c985353394cd22e9136906e67f546f75a18bda986ff19b2e05ed57ed5ff3ee78b1761400149ff8ef92a80feb699d095562db8d0134cf81251401179039b005dae63cb6afb8763c4bec7af364da9e5c7999c61ddd03914b66d52525aa05660eb77307d792b20e57148dad387dac17ec374ae96ebe74502cf543a6fb2a4906133ab5cc1dfa3aa5e27218e986277d859320e29e22dc7d100bac3e28c15a2be6d2e9ade6c1cccbc1ec52053b6d59714e35d09e23a62f233905a58609158af95f36a470f9cadc61b754cd7bffbd911b3dce08e5f7e72c9917183ae5d70a0181fbc5b2e1b5acf10663d442d52c00bf7b13bb9c091822bdc20973b86220efb0552d3bbd8dd70265f1794ad33c39ececc538ef2baa3d2090334f5ea8a4f7a4919e2aef201582674d3a03d5b9c03bd94aeb21502a482f56b312e37265d534dfb15676d1f8ce9c92fe6fc0c4ddd1b9eea480006b57b8221ad8f6ce526a68bcd9b847006cbc73295919a4b8edff4cadc9a6cd7da5ce67b6522224e61df90feb8bc8e2783ee2f8707c0159d4ca6ef58c8bb79e66ef7735a970912c4b740bbd79646b40b5be5bdee8a98fdc8f597e69da5561bf197ea7d0fde468f36fe69d80270128e790b4037d0f33414ce4879fb42bc2b3a0c0102ee70f1db72d50efca1dcee752eb87fefbdf72d30b96b3c152e21e0da895ef6ba53279a55f4efdb2dbb45a2206b5c7b3eeb4f92e9c3350ed86d30125f6eab456c78a739e3065199454ec782f0c3a759900ee87d645ec9302293444c17306be276277131f0212c7a91439039e4a72e5e7f31cdda23f68f6c107697ee44155a9db062c0bc7570d2413601bf6c110e9690824ecfd55bf9629a775c36fa3591cb6760e384dc1b91b3fe6f3dca49b19aaabe657447bc676b21dd5b0911fc6f555ebcd91be8571a0c0eaf9ee700d1cb5679441c5b3fc59291758875076b0ee3ef99d3f5821fcb5ad1127e62ea38f846ac7bdd0e1afb89096775a74744ab894ad30d3c7fefcebcda79169e9cb36af460bb9b40ac5fb04f9586d1fd308a3a3f654d87eb8d19a025f402b925fff8ba378299f68c9199bf44671213b5fb80711a39354fba852125b1851c548f6739ff89c1f461158c7b145500ff7c9e700449a194a49f87e7f08c5a47f5cf4dde8003e56536edc71092814041565e71a8e4049c3096e2e71e11b4f9b6448ecbf2338492f496e915758ed2e61c8d048075faa08d38659c894b2621d8d890ef4d25c6d77f13183fbd69b90af8b0bbcf0f9a73fb5ef864afac62e869b2ed95a3483aae570c12d6c37e49c3e5173d17195c8cb985eb19cb5d2fc09f7dec55fe769b2e00d5069254f5659a2717b166a660f1722dc6d3641d86d8c38a7f1dab58c9553845fc67187257fb6b06f68ed177c6bd8df47c256d472a93b307f6ba61593d12b8082180f371a96da87ca33822bcf7510c9d9e10527431e00aa17706d39e107c8dfef084a9b24090f1551459c65364cd8aa9f52ac4cef66304fd6df0"}, {0x1010, 0x0, 0x5, "4d238f44df1dbc14b231e57c0060de6ec32da71a382cd73531328b2ced8624088d1121d26da49dbdeb5267392345e3019fdb558d1dc7b6ed6d2649cf3d7d9051e0be2d9733a48536a2c011e06913eeb07efab6e5daeafa1adc3660532bace00526c32ede30c28da97d01b4bed19d9b226d7374e0097f5a881059505d4c2697f9b05cdf7d9074d8e6b799eef864fb0b975dbb55481e0432421aa4cf2f3c76776d0fdcec4c0b46e689cd35245e49426bbd772f3016545e119ae02764a48ec6477ce68c46eef2cc884bd7e1b31a231605708d449eefc747fe09353b5a3b4595e4bdcd513ffa052a816e494558c139883b57b7efbf7fbf11efd3dcf20181f59d56e65f0ea2c3b44c02769ad33e03798c580c5738b1a8e40512bfcdd831de3637e3776450be40da7c94e948e62e0c9e08c05957479742f71f29b9117bbaa138ad07d862b568d1a272c8b56a0b974d18de1135f067a61d238eeb7b06f09f91e34f78259d450b48661a2b50794ede4558c7dd77e80ee13f922a79d13849f4e7436492320b82e802b3f09be78c91ce4afdd95efc9539a7069e694d69d505beb4cfe40e23d71b240e5317b5ee11293f422b9b6fdc1cbc3ed4b6be347c2c166fd3b655544280f578f3fb6c9b29b33cb41e2a79e013d9164de66bdf2287c1720fb3f02aa95965f2dec60779aea46a26ae870118fa0244a515ca7a22d5da379e7e9dbea1a1adaeb25bc6764de366999a80f6fd1b0b9e10f3c2a9b96eae5cb4ac8c4625fa80c9b6c5e02e4c1d28cfb61ee4ce7c478a57a8455a5fb8e15032fac5742dfc22b2739ae739ec5751e67d1ede0663976371d6cec6b9653e923a9dc3e24be440d7ae5e5980ac863be0a29dacec6c9ff2c1bd3b52456043753d505d83047acccb7ccf6a8809e04fe330e76524a082182d2665310d601006c96ade080dd5600bc78e2a3fbac3d1dbaa24a0f029e7e528c7be948d1e8d00fef94d329124727d6aee0ba1959f4b9b6f964367b17ee0d541715178c1b6f5d6827356f4ac82049a0044c1729070b993dd5b44c6da20b06b74affbc20715bb3afdcb3abbc8493956ebfe79850ade30f2201061aca30f5cfdc7e02a5f18dcdfc9af2487e8c48efd3f0ebc4597f12b57e1b57642ba863d67c7af5d2a6b0d0e55b5a8754a265d0a115a2964610558a8e83f5f89394f99775286aeb6387a69625a66f8fe4624c2701f60fb01ee49d1e571896eb24109d47101e6c57199e306960a29918b4d9f7076decaa3d6d539228b11853bbf09269843b11019d48cd626b1204cd86f0deaf8e0de41bac634ffc8e67631b27891204814a52379e9d8c31ba661e0f569959fa7e0c879c87740e332d329d56719259eabdf02b7d532cb8289a3818b2d991015a0fb73c818a6038383449ff78a730e3d803d504e97d9a3be08ca17bf3247a8ad9bdfdf643a58bd1e992339ca8d158029cdf2887b81866d55a2c61d04a8de44ddd9b97f30b31d346ce00e55d3c51bc0b09c01421c69879c587108783d4c9598c97cf84d1bb7da0684d0ffed1bbc2123ef9083b8985b415f6349febeb2ba825f138737f5f0444f57e6281bbe20dc46e2adbd5df0165e160c8c5ac4a71a42dd619dbd81fd480bbff16299cb763876aeb31c568f5aad47eb612ce167e6713e1c103b215db8de0d3b87ff700eea0da429558b08d7e641d91d370acd8e9fdc7045b22fe32b5f8a645098361c9c53e71bd60b334c934d676b8a357c3677346c4aa46a8221b05ace835201360b9384d16f5e807539417d8bf53f0c3591e454a5c1f451174b569e5c152504e279cb9bf26957e798d682c4082cf8ed4a3c262438c3db48124d406ff26a8d2703f5ee618c9beb46f65cb98fc1a20495f623d5e4d8461b0f6c33a09b43612bfa2dc82b9c5698905b72ea2c64c2cab29d0e998c3aeae7f6ddec38cadaa397d4c76a4279f0dec31b2e0323e335bdd06eaf70c308e56d45642ea73cbb9cfed2a3aefeb8b1a55d918597e7db2448ada5362aff70ef801faec0d5102767e98412a8f0b9d5caa745fb786ca9b373e3669546b5f062ca74e30ceb4e18fb2837e142c76709f03f180e8fb14e87a0e51124fbfd339ecd27c6e57369767ba92a5ef03e40c3580847fd6f2c53cb02c6d3c173a30f2828e72be05c417c487955178237512a3ed51b0816071d5315992cf0791745eee91f89daac915cfff68e799ffb8d806cdc1f1e66fc8b52e979f3f250f84425360fb1a777798f26ab00e7f1cf82a767a688183ac2cc6e4b555890aa83ee321c05e902f7e0eace9d413df652ca909e1b87d13631d356c800671fabdec1465b2a052a6a305f7e98bc08f907bda214e8da05db8f7e18dbaa880615cba87ed805856ffc200631eff2f22a4e13e0293fff87abbafbfe5d0a3d40d2b06694df0044c6720c39b7937d62c75b8cf3e1a96328b6ec2cde0c20eb5129ee990c76eb3e96f84f54c1cd97595bebf14f0b089e2d1ce4ed5fcd6a44603c942685cc0b03d8a5dc9f6da5c0eeb93b8c3c8fec607eb2cfaf2a0f9937d2388586960750503c595c5589350c63bbe5864cd082f9c48b7ade67de2505bcddc1c86767324221c6076717b6e8129652d2472fbc6b9ba44d1f7b96266c1b452c48e8eda7213a286f5b78e673db19fc8f688d639c6da3e648df045821e862ce93d3542585da147916d2bd9708d20e5d550c1aa3487a6deb4db3b0e95209205892ec198403fe55c14c63b6ed70fbfe6463f022c59872486b43c239307f9dc54ba28788824d9d393f44eb09b224b954883948f2341ebee8306e8397198ddc4eb3a772407df65eafd716663497655cefe7f18d31b65896d5c812e9113aa64d0c7273f4ebe082d92a30514bd2520fecd0bcea630ffd6a37ac34f487ea4ecc59436f6833b4b3f8e5426044e44715651b7164acb54470d5af0379881e9c23bd92254b7cca74389b5823dfd6b076db9b7cf22d82c33532dde3dc6d80b745a7da0ef15a94c1fe9bfbbf316f65c1c28bbf4f54472688896535207651aaa7ada22548f721129686e079369994605f25f24141713c7b242f541c1453b375a353297427f0745ae05e031d3c6cbee392d9e6f903b097d12112c585eaf02544f4cb5c758936c131d13c781e281dcb5a75de3f1a8295a6367125c9bf44ef03d0e30691845beb28de01495a54c99daa77caad9d43f80cae31402f4877fe1c52ecfe413972f4db08c39c1637cb233e54a1186f8037c6533d6265e7162f96ba536f51d27e0d0beb2ec728a4e2add0cc8c34394d5c5b0610d7eccafb0f3fecc7ebc46c9b344144279250fddf330ae125eeb71e16eb777e60bda5d7b56687a761c10cf295643b68e6368dbe575bb7aaefe0452593e5157fcedf13cf4e3a2ae81fb0213470ed9b59872680ab0f206d8670b3ab06fd37d832acb30699e3576372fb250f3ec7031747fd4ffe448c97875e361abadcba091286be4347a1101b6fb9e0b9dd5f2800531449dcdfba0fbae6bf125f80bcda3f388e86c629be35d8e5c20e66ab5ecd00277c51287a8a97aba3d4bd05d68d7b0e6393b94134f9a591d4c1b4ea5e27b3ffa663509f9a4bc53247cdbf69b6a2ebb23471593ef9e662afaa138f8116db49ef1efc12f6c5eae734b368d6fe3e7903f73862932476b95cc2a196013a0fcc52db38a9b9b8492c48f26eefc4dd52f8030091312b191f81b338c9dfaa38d7c858bd3984f1d3b291b7383fb1d7b20cdf45a4500c25d19a9dbbc19364dee3682f74603e59ef3713c88347206d4863956949d6080dbd33dcc51ce4d070fff9d1472abac9fd7e297d7bd17eaf8751d1d5851a628009747f123376697b63cbb6d20084951703e15205453c0cdaa128457aa0ebe84fa75c7065691f45da5d11bd072e5f008830b0985caf9fae0f7e566fc5d1500f4199b8cc4da9dfb3bff78733a929b7ef365407142293fdc3ce417f987c370eac0356fb22c1ad104a1d38f2045d81ff613b6b328a10355e80d7c7dfe9f7f51a6371b3a34867ebb3a778a26ba6e2440a8853248b7226bf14b08b3e407805bd6995d44558ebf97974bff08b41b0dc943176f56c3aeeb536b87f5c08344b5046498f848dc2533999a7e7cef9054703df5d53af3c3aedf93e7f69925ff1131cb68ccf664f30db010ed8c233e7580dd0309d8b1a2f9f0e31bbf926c6f55eb717e833a2392aba230033e2582510495ec36bea56cb6740023e6a8f2e146a4311dc65e59a15e6e3f522538067f4fa514a79eb8d8641d6cddc1b758a8ccc4b10bcc40465373235e3b732400603210aa466ad8dd468563ee8b710d9416611f512420f6432ca76f5984eb533ae6c7daefa5df7a53761c14c33dbdcd068f60a2f9873c038c138f0c1315c49460e4343e62d8a48c5f541dfc2db1dd3fe96577c36a841345d536e1b0d65bf6bcb51e87140289ea0b9bc10f924e4f336beabbc8cb0f4f853c84666e74eaa34d417e56292eb8a4a269935678c9683873e21cd5a4fa4f843c107d796b64360b1a655012000949a01e06e91c57920087a08490147b2f7c5ab05d4312ebd4549be8fe4f4c306702e357f70a66c262bfe6db5b86b210afdc3563e090f3b62f039db9ffa2b2292f24eac4150c524f3041df6bda59aa0d43d5ee6b3c3c19593ff0aaaa138595afccc44e204eebe2f35b05e613304beb68a73db79ecc8ef5572cbbefbea8643bdc9ddace44294f949ce58489d94f23f890da5f475fde38e87091dbc9944fc1642531bec9fa11f384968a05a8e0ce8f51dc29a55f35c99d437da988f29c7b2b1564f0369526aeb4d8ac322218753688f1f29f1d8a5d5af66bf67f447a5a04609c8f47fb4517a522981d21ad9bb693398bd2a72d5814040fda71a30dfeb73f1c946fdba4bda88cc8f2aba41b58670bb068c5e400ca0be4a04650ad10b01f37c08f1d2f4a8a13f374a269bf734fef5486450cb3abb7e7cc9002af9e87f37065c9f391b0f44c7369b5cbf779ddd331a1f63be8284066b62cd202c7424df1e059668ce882d4a2e17514fdbc5320d3b659b5e20505b835ccb3890f759f0d45f94155ce4c7d4d19fe5d61ebabcb2cdfc657ab457280def884a282e0e30b14d6af1145934845ef06d618a69cf5dd6fad80ece89e28e64d8b0a306566b7e4b588cce13eb16276600038031012a75c34f9f020918c34c624678b69cb6c37f5b71d6ba02d50cce244fd04a0c10270c9bcf2476083d13f88cf2758a3b8b1943037622017877dca458fd1e463582dd69f64db2e90a49457ca6fc7f38db3aaa371f012052c2a378cc87dfad597b5afe8aefc441c09f3995a2c6ecfb69869e3275462b0916dbabf63c5584e218b2318dc17d70bd59d4b7eede135306ce0d321202d74e84891b3f64521c85e6d9f492994c7c9ee76806dd1ac64dd8500348800c210ef19d205a5e64907e9003cc71a5b722585d8a17ff3767e28a2a0fa8f41181abf68e6df7919c474a76b930d8104d22124da80b108bb52e71e245a4312220fdcf68809c10682985aed347dd9f61358b1cdcac8c908dc9768a03e0eccc708673f534bf3a2645c6e2a1f846880db0e6841bc8f906c9fa8be2b2c29a4cb3d8931a45c93414208c4b912fe42b9394c284f3ba9d91830bf6963976fa4b59b71a6c5d75f91f15649b609948e5f8666b8566fecd58a75489e2e2cd6aa42cb55cbf3ac1f3d2956588c9682d145718664e9308704c4e01953caf98d56911d7c42316594cbda068e3af221ab5a929eedbd25d37ec54b85ebf3f8fa79ea45fbc4330de5a9d6b577e926471f8af0e6eee18884d6f1b04560de7"}, {0x1010, 0x10e, 0x800, "9f9fa18f63e6b7395276265160ab05b4881e8929a88c5b4f1fcb50e21cfdf83cc146f26cada1785a3d5bbc115df580fee530dca3e6376f8879e0312f121530598f7bf13c41a1ed72914a5ba2c6c2eb2b4326c33124b4db9ceff0908091b03bbf16366932ea1a232e1041a230fbd71ca8f1f13fa242e3a96edaf60795ce9aeb2e033f132a6096f70dbea076fecc8ab845e220c599221e7c5facfb8e5eae032149e55a3f2f62565feeb0f2b97476c26de6475cc3f60c6ec6dd60b907cca2a1d9ad4b73c370020db38b3d2d66301dfaa5f3c3420b5252edf867965ba5a826b70d086f0c55d9b181e3077425840c16be8bdde48d30993e319d069b76fa69589f2680e4622f6023c2907be67f232f15bffd5a5e1c105fe9379ea61766c92d206dde18b75f6c0db2c3ccbfa23b5137bb109092883de5d9d4b47e93208a340c14a5758d20f4227ac34095d419f77134fc84bbe77ce7d97b5340d854541c756b4bbad46cd639b43028b65122e666aac059a1fd5ed264de744376d051a0f28746611ef71a775972dbb3ab0c2f1dad3de53530d0774be0eb9fbbed606d97c18163ca3d102b3b16e0ffbf67e55f00a442176c5feaa665ad5345f95ce241a1728c06284f55872c1191d71798ba570c45e49a606526cd67e905467bf9a4ed013779bfe738670268bc6221b7ed4e91b07c540c14ac1d0bd6c8b4a9629364b07119523969d5f94cd0b72296220899ca1bf28e61b8eca796cc3263c59dd25b66e4f856e8522c184a18ff84f40e0b52534f4154a5ff7ea5cb6c6fbe2b4d416b6b6402f895679a6a2efde0bc773e45ac2ea28e794c95621491917701095f47ebbf7366f47f01c9215a861e773c620b792bcb7b6ed617506f5c8a5f635cbd830670ee3748c6be51ddbfa4c4d08b16bcd00dac5c04e43ce21cdd4a54fd5813233485104edc50fb658a60f33c1c2c41a95ff1b8f2644726b5685451fe4804b49a04d44f9125d3c8a81e01dccfe03e601c8af28343a288dd44f747786bb3d4bac007944d13dbb3354c94290c7b1465dc7206628e7835464a9f7d49232e55843f344cfb8c3edb031035f6036615f816ffc28114a32b8ec9fbd6bc41a993ad2e04e8e5fa8422be31029199f20a90a266d3515d98934a2874e2f71fdc8c2452d7e20672e9aff5ea7b5c0c8615d7c1496fad3149e090e80f0e53f3774fbb2e7afaa8dc4c47a49cf8d2ebbbe2f8f3c1d725cbefc2d23e97960a3eff247f77977d607400b2919195a88e44f56927bcf76d15208942a8ac406e04d64fe466fd899ea43f954ff098e069188ab16f3dd26ccec099a8f74d7d8283d9d4b64c0647ccb7706d1afeb30d2e5eaf02fa223f8e062f70bb06bdeb3bfa517e74c606f065bb4423b4306d2ae50a8a04a6d55f6fa1ea47677fc7f024418bf910e306c3df09f81acf523ce09d2410dbff845acbb860032d15ec25934d9fce564762fadc5cb0b95bf172e20323872f31b618515ee8533a6bc5c7be3ff13f69bd1f96285e01dc0fd61e5f773e5fd00d0a0fac4afa8898ef4509c4309822650302fe287a175ddd8b6aac0211e2bbf9e32278e34d404806dec49c0242a7673a33feb0be9352af2b568674f72755a7ca957fe83757493d7efb8b8b6bc65402d2e63aa70ce9c1d5977a23bb578bf5a6aba4d5d69f417de147b900ddeaecc3f17f122dfe7b9e4201b4d3752e0885686bb4720185a3f510d325bf091a7be745c92e7b0476007257ad9ef162ecf3c176ac2283c010d05285aab536475adf853d1a87e9efc6e7c3b2aac49e435a8ab34d00731edbf4766e66b71b25255c79b22e9890885802b5ecaf1db7a808e2b0f0fae3dec4a21eef80fcb92b91f8bb0efdd4876729b70efb1099d654070e2586ce538d051b1cf26b2a526b7cf075b39166d9cdd7055454af2a941db6ee74853d112b2561410612341e7d7e72d5a26a6e842685e688ac1d4fa08fe9dbb40dc984e73c2b8af864004258865c3fcebd59c555bfe9f1f30962e05633d661d0d36d92deaf03f7bc6197b393fe9996e0ead1eca16b858fbab328c916903810c2b3a9b93734688e77e419b95d9735c28cf8411dcb57a6024a7d4084c775876aa2207d1a2d78d65fd609486c699913a40c078376366a23ec9087975fb4b8823453db87ef2f76d6faf002797856008416935fdd038101cb82f6f7afaac274ad83d395927677663bc7ef385afdd72b3d23e619c3e86edc35dd304316e5f57161746fb5adeb7b27ba91f12e5ee35a803ac19b6e8eed76f39418fe2b00f82f095b6397c0c8f07103fdddb305d8af7be3f421e40360aad15ecbf3b788680d107a2e38cec7144d71a7adb4173ec46fad88e2244679d588c4d97c944718fb29a159626c16ec1dd004b48ff7fc03b5addadeccc5a6da979d2a001507faba8911cbf0dc24018cece3ce5c6568b1329776095f9717d45eb6ec609e6e9b8c27a3ac0c0dc38c4801f0687372213c8233b497cd04f383f52e8b446f2f4bbd997e16322d3f308ec8c75f0e6bdd15c8c26626d9dc96003c3430c573b320f5e828ef7d18ba58b5588cc167626bedb63d847c9aa5bb959a6d8ced1179bb4194b6cb6539cd5484ca2f86d30d845f1afeb89e4013686aa02697bbc995332995afa481b81521960544d904f6f8423a7766b3f3f2a16e5fe6258188f3397a1e0a938635b5bac55e989a9d29c6b351a4b43d9095d678e909c9a5c03089d51122f90ed76c263ad50884dde9336cffa4db52de97b13a83267b0cd653e1c97e83aad18b954b50b2df41f894ba3a2c17a9c94f62560d0ceea88f4963b2c76cfa71095443ed15cf823705f33a4b259de39e298b2966008d69fb33684d9149a1c745285d641545e5130bcba466c45662c06af37227071e3131aa30c6d6107999b4007af16ccf7beb303d6915a6c2f0dee9fca71baf6dcc41a9dbb0f01a4151cede32b912f001bbc400621a42003c8d0a073ff292a06bc013d1a3666829d636094a43ee82078f4036a0c721edd4797343b9c4a9ff909fa6fa306c211b1bd738e2fa7a4306f95daaa39c64e30c6af8171a69b1e059d182be90b292f19cbb81b7edaf222dd9926ed3acbb6d5a6b3e1475dd755139dc8a0005ca0a955543457857c25a7697706addc3b133b330d76f6e13aabaf087a8af3f9a24ff2dc2361a79be9bd6e80894431ade761aff22bd813279dbb96c19b6085a2bda3e2fc0e71781c5fa25a877a620707efbb70a5595d5637e6772cbf9b7546018fb92ede9976a0d9fee00ea6b087921c2a842fd9b0debd89d667c835ddf5a1e021261399c012d7a21a6ca499b16b73c9470eeb5e8737c6243413652a4db4e7334705bce670ec6f56b194e776f3d4f3ae9d745ffe297f7f19e9618b520044ac9f6670f7c5e212909aa38b66ce59fe8b88e2412ebc4d774a8989f446567fa437ed9454958fa7d7af7e5299425f275109de8f85e0616bbcb4154c4710e3c2c9231aee715260e8003fade0a109fe6e8800bb81aeba19a9a1c4a6f500494edfe235ecf6520929a5558f7614d24d8fa1b2ee5f455e95ec65dd3433f71ed7b9d4525d9f0565f24c9c87db2bb4feddc65288e758166af47b39dd14beec59e00fa563dd1aa022232172be9b72dfcea1d9d854da0b0cbdad3e67e51a439b797ca3acd5f872eb150d146febfb24597d786d7a1cd6fed844a672cd74d52180545f4d5c47cb7c9fe6b211e3504c6040a865faf08f19458477b2672cdd31d582b8342e996456e6b1b8176c6b8a8708b539792a78dd3c5b426a5799204e41ae793355e88940cb5fa38ffc2dbde19c57777d1fe7858fbff42daa8639afaba0701ed6886b893e1d1b0ba9bc46f3f92024b9e07609044bbd2684fae3613e2fa763d97ceba9f77882706e9870dbcb672542c69ca489ae75bce026cca039f044e6f12cbfe0532cc9eed76a7e7dafa81de8b31ee931a5530b3f885acc4ba8f08ddf38f31a026b8f028933f8bfb058af916280d483b357065330182ddb652098699fd61e7ec71c54cc4e8c4b0f89d0900f7103f10a09f5e7de73dfd48b1738fc830398eff04f13de0fcf9492cb40b4f4459124c3dadbd9af535fbb38009c0b7f399832d76d580170469098feb3564bedcda720b5916ee4a63b80716ae181c83b19145d608d6f57201acd6d8165f417bbf7f05c0b2ddd1743fd0a125e9ede83658415c06adca76dac7cb2f6f9ea80f7261f025205064d7c408cdcba8f6b97d5c6631319963542865db0eb13a78cc0c583deca5aff404b4598730174b19d44be5315e0af471cf3242de6535144bc4c48119fb3398a6f1f17b436986e5d4aefe96c6c3334fa3fdd047e76162df9bd2d33b9302bcfda0d0870f39fce1ae2b2c959fa643857811dd283394c40367a27050a8627dfb4a85c0e78df432b93dae0ebffbdd4437812c8b3de58357d8945d6d7a3b0d7aec897bdb6919cb557d5ff97367a8208f47d8eb3ea814d8c6dffed5b320eca0aac6801893720564a419d46abf1be310811329a32350bca9eae6b9677f5f1b4364d6ddae8eae963f719a5a237d8c19c812970a06a7b396f1f69aa0900b0b1e3a1f45668c0d797fcb5b2376eac51bdc457e4951a4924e6e097639e72a6c7f3604d6bc8430f5fcb638a0c3d8dff25e113c57d438e5528c48663c2b4f4bdbb029fef6d682c570488a3ddea70fbcaf5fbf3c20fd21012da9855d151a4181991d3e28c90ed257048e1502bacab18ed2e6b6360a4054cc5b70fe986002cb3539e94b12fb70ef4359780f8f62c67031a60f54f6d190c7498bf2b42be1a86025890940d96975261547e06d997cdc845917fc8219010a1e29a29359415f95085afffd61be489d8f1321af0d47d949bdb528bda7869e0bae6c8a59bfc94c69cacd08c91cda20c124c94382cea3e7e82f6ada0f274c7df2d5e19fcc8f9238bbc60e2eccd072db5fd5b7c341a9cbeda91ba951c3feb7bd4dbc3b0c247de8d5eb0fac4f83f8b7b88aa36792ddb226118de7ff46f031c74aadc45b2568fd620e79da38216d1e9042188716b6c7cb190862153c3412096a5afc834c3c4a0f556c4e45b7cb21c0af62414d86d8f1b15228bd10fafff5836f5a62712780696924b4f5427e9b2a23a2dbb9345880b5f82fafac1ba0811e1aaa1defe1bf759c5775c4761235f52829502a6a36b83b07361db1c77c0e2420d0040db81823e68ec8cffc5c78572c539085d5feabefb1b2cd56230ec135f09ea4a544c1af6c3c5544d14b40ec2e05d01f2481e8916e54174df2828a18d88c03a76112a2edaf072806257c7c459ce5161da139066db04ab898e40f98b43a76d7ec60bab34a135fd7196fabec7ececa3e64a97d3e6550ae12882202a955cec8339379cbe12dc6b84e879d0dcaf4675e6133959e275b530abba76ffd699d57c43b3530274c1e2eca4cb8c2b4a8f22048524c28b0c08990c6bb166b79e3390ad2a7673ff9b3e5dfd447fb288c10e77c7a35fa5a2bde93672336a109e78cd435dcac677b76149e86e5c91c355afff8f750ab1c10809fb5510700d9351dd332c195b5644a4d4b6b6462c0644b37f249162c62489913df101cb1fc91839aaeea4a3de2899ac529cb065faf4a2e59ee44fa1f3bb19f15340409e44ce4a697bc72923e5ac6f0b449321d6108422f9ae2afa1e2cddd10d638b8359075c2820200d65d9967301eab57301044a4faf77a18f2b338d79635fe49c66bc36d1ff3b969a1a78b71c402b52baaf0a96edbd48bcc765d97e40eb43aefab704887f26e853c35cf7786aeb1877308fa20994de02ac377cb2495ad1090"}, {0xe0, 0x110, 0x9, "5244e446090a756cfc96b544a4eb568890898ecb5e1fc99c1b78bd876e0cb5730f2e6cacfd4407f03ab8d02199b083c1c5f6a2fb3ca994fd2a544eb1e324976f3c2c095a15770d04ecf19c16564683638bfee35665c68b9bd1445513138d0948ed480cb0d1a3fc840790851a204678dd2c857461856454f9824cbb57dff9da758fc51939e6ce8ff6f37aa53bc1a81daaf268bb67aaf15aeb016d249726f4f717f1d3c1b2d1eac8ef5c9ec45845bede7a5802b029ec051d5646e1c211fb1e063c4ee252dc7cdaf7adb602c0073e6b34"}, {0x108, 0x3a, 0xff80000000, "605e5fa3a503613f452056289eb2994fad6eebcbd91ae69427e7b7f52453b3b87e5d78dffeeea311f667c3da1064ba89e3c392ea9d1c8348f08748dbbdaba83d66a695ac5758bc22442901f663d4c744247bd7a9da6e90a0419b6b634444747790961a20198931d82c64f5b32bf5a1067397cc8a90847e5682c6389695b2acb282cf2abc6e5ea64a955e7a707ba68b503b9f9df1c4687d060bfd828fec2ac7272407d34c120932dcddfb78f2806716d78c39f9d36cdf70364a676e4448fa7b7f71de7c506c871d20b1f83cc64f632e88e35ee7402d1e360a4be4cad80c0e9a55dbdf6cc9c495e53ac4b12fe85da6900c3f540d4a366d1e"}, {0xb8, 0x0, 0x4, "aed628a638d5003e9b4b8f1d64fb084a26fb410e4587d03e4f1c590e5e2f285bd1af6fc128728116b3d33fe70568f8adb0f8756b9336c63946f4b18a46d4d1da7c9c2c3392298e484aa5b3f3cb661a8412f1730c0aef3dcad67f19ac67ac5bb9b3a9b80c7951f43e52c90f745e64ddc258bb5a91ec3d1fdfe8bc61fa959b68b9acdf661ece74cb8761f833352c4af7519ed858ba45fc29046a5ffb95e9382df95df113ad1f"}], 0x34b0, 0x20040004}, 0x3}, {{&(0x7f00000046c0)=@nfc={0x27, 0x0, 0x1, 0x5}, 0x80, &(0x7f0000004380)=[{&(0x7f00000040c0)="763a86ad576c5a35e411d1c5f442074e4fdd82e73d930e0aa5774116eca6d58839ce07ae4869d1699228bb9c54bc994e39f76b9e19abb13419fe6f061ac99c1050a605d20b8902765cd7104ecc811a0ef43cab2ff636918b88932f3f1d1233e2073aa228180cb5ad22886d19b02ac7c4d99c6e1bd02986c8c87af3ccb635c34ee61343143ea2678d07db1046b142c4da09d3248f36ec4df3d35d7be27195190f6b2e82eb2ca8b85f00fb08289e7592265fe61c260abf33c8111c5b1fd19b58808f4f1547ac96725e50244b7c3eca043b52bdbb0eaad3f0e1d5885df73385b012021e6e2e6b565e69b07c5175349aee1bb0d25616b6763301bc34dbf8f2c9e3", 0xff}, {&(0x7f00000041c0)="8c30d37b242599e9d58c90c8ae39b97dcdbd4ce6ee010de29793a1f0b1b065f49a73e161ad0eb595f6b3e1b3de6b3e0640d90530d856fc31ba4dc36fa0cea28115d466170b2c184bf18ba9ffed367c8086f16c4050d1fcf2dc48efca1ceda22c14eea36cbc86f4b911768e275e405118128586f3", 0x74}, {&(0x7f0000004240)="c34878644c8679ef5daa1461204bb9862c59d4ba47d9006b", 0x18}, {&(0x7f0000004280)="ea8fd5233a5903dcac8ae76e577b99db486f701e535148fb1d84762380dba1e0aa7d9f443b06e7885bccb898609e04a87599ef65f1c59cc0bfcc54953d2e8e46c99609f836dd462f2aa1e8a9725c2dc99a0761c19e9f56fb599a4f6b3f909f50ccf5ee4718bd0ac5692ffb2e", 0x6c}, {&(0x7f0000004300)="4010ef2420252bd497de7e8d975284b620415375", 0x14}, {&(0x7f0000004340)="75b9c101a3816cf7e67dae84052fb57f1b1a4c0433366bf9aaf7ac8ff904d2dcf79746e28f54a4f560fe9d52818becf3ec20134792", 0x35}], 0x6, &(0x7f0000004400)=[{0x68, 0x10c, 0x63, "fb3144edaf5234ecadb6073348d89b85b60ec3a23d31d26b3c7faefb2b367bc62c6cfb276335fce67a1f20c0cef0c55aaaec0314b8081fc8285415b37acbfcee9f2bc9dad5107511bbd771bd9b5e26b1b6daed"}, {0x88, 0x29, 0x3, "65a6b0dfdadc2b5da2895662e2db82d395abfae82870f5757de25f2478a116916a18ebba8d17b48b8389598b15a289ddd4ab60c3e4224070522a6d4c6601ee293e4e0f9172b4763b0ce4844ffcced3b82296ff78be05cd92cd71c06773262c152edf59f3e6b43a9e5e32ab044670569a2183a7d30ae54d20"}, {0x100, 0x198, 0x2, "d5612b69f1a9bdf9cbfd286f293a6047c23405883fe37cae6fa998426327eddd47238a85bf6f29570fd7c4166986543dd0bed5b55e8ced6a7a73541a36daa8684ea16592efe13760d6f3905cd945305c231fdddb41a03aedbaf825f0a646c18b653ac68359d7c1493e287cca86f8153991b773d9c247f19242c9defdeb3022a39223dcc473552a9383c42ae4212da599eb53b98400caa87bf56109c686c4be30a0d441fbf6d1bdce8c0236dc239f181461d1fb6483f58af800315f000e0563a090ac27dfaaa50727ae705e48919f588d9038ed5f8cbf252fa64c72fc5d9ce70019d2852a2d0fc50fe8c01b7b20a4f5b3"}], 0x1f0, 0x8080}, 0x6}], 0x3, 0x0) 07:38:43 executing program 5: r0 = socket$xdp(0x2c, 0x3, 0x0) munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x10000, 0x800}, 0xfffffffffffffed5) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) tee(r2, r1, 0x8, 0x0) ioctl$TIOCLINUX6(r2, 0x541c, &(0x7f0000000280)={0x6, 0x9}) bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @broadcast=0xffffffff}, 0x10) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r4, 0x10000008912, &(0x7f00000000c0)="025cc83d6d345f8f762070") getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x3}}, 0x3, 0x8, 0x9f, 0x4, 0x4}, &(0x7f0000000080)=0x98) fcntl$getownex(r4, 0x10, &(0x7f00000002c0)={0x0, 0x0}) capget(&(0x7f0000000340)={0x19980330, r6}, &(0x7f0000000380)={0x3ff, 0xfffffffffffffffb, 0x4, 0x80, 0x1, 0x4e5}) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000640)=ANY=[@ANYRES32=r5, @ANYBLOB="e8000000e6d9ea64b98aa3de695bf9eeed6a7c927b00d069a417105d28268ba48e704994d50600394c7298ef306cf6ecc097526e5030bfccb8e865e41f0e15391f25c836064deeddce42dcd686bbc529eb6ec7118d7f5630ceb67af8c9a480747283cfc7efda789d0bb63170282495608817394e7fb07ac4fc29131d80974a0316640ec3c2fab5cf8cf527e61ae1f0b1aaf3d88cfbfc9cd5c33bd03081731f694fd0a33d90c7a157f9fa1ff4ea04d651aca985be91f6d847af6176d7e289a7fb911113e1c8c3e926b1e67600352658213a51ace9e742aa675f1c7eb844718cc472c19c4262007ebbf2a2e3881c9e4df223b207cc8f1292e68a937b28e300b7872531cc3e6248dd98840baf108b4376a6dd7bdacbac961c5726e3bf26144b55b97544c7001e3e458d4c0add7781389316a483006e9fb5b0730620014c9bb48ad9caf52244d7743de29440664534d8228877c25faeae5120f62128733b68deeefa2e905b608756ff038531099f9a70a7ddea090ae565e9fe30ff236a9f5cc8765b50188e06deb894b1003664aa533780022d2500ddeab7099feb342c32f3247ebb91d8bca3bf01303518b3ea78cd70496d63a4db839b6e157cd9f777e6195f9e2a892f0250d4fe70034cde"], &(0x7f0000000100)=0xf0) socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x180000000) 07:38:43 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000600)={0x2, 0x44e23, @multicast2=0xe0000002}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23}, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x14002, 0x0) ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f00000000c0)={0x6, 0x4fd, 0xbe}) close(r0) [ 673.662573] binder: 11621:11639 ioctl c0306201 20000080 returned -22 [ 673.719617] binder: 11684:11685 unknown command 0 [ 673.733749] binder: 11684:11685 ioctl c0306201 20000080 returned -22 [ 673.742409] binder: BINDER_SET_CONTEXT_MGR already set [ 673.748987] binder: 11684:11685 ioctl 40046207 0 returned -16 [ 673.756652] binder: 11684:11686 unknown command 0 [ 673.763101] binder: 11684:11685 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 673.764902] binder: 11684:11686 ioctl c0306201 20000080 returned -22 [ 674.474721] FAULT_FLAG_ALLOW_RETRY missing 30 [ 674.479307] CPU: 1 PID: 11633 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 674.487793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 674.497131] Call Trace: [ 674.499712] dump_stack+0x1c9/0x2b4 [ 674.503336] ? dump_stack_print_info.cold.2+0x52/0x52 [ 674.508513] ? kasan_check_write+0x14/0x20 [ 674.512734] ? do_raw_spin_lock+0xc1/0x200 [ 674.516968] handle_userfault.cold.33+0x47/0x62 [ 674.521625] ? userfaultfd_ioctl+0x5430/0x5430 [ 674.526192] ? trace_hardirqs_on+0x10/0x10 [ 674.530419] ? lock_release+0xa30/0xa30 [ 674.534388] ? task_numa_work+0xf00/0xf00 [ 674.538534] ? cpu_load_update+0x380/0x380 [ 674.542758] ? userfaultfd_ctx_put+0x810/0x810 [ 674.547325] ? reweight_entity+0x7ed/0x1100 [ 674.551630] ? __account_cfs_rq_runtime+0x770/0x770 [ 674.556630] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 674.562169] ? should_fail+0x246/0xd86 [ 674.566387] ? trace_hardirqs_on+0x10/0x10 [ 674.570604] ? task_fork_fair+0x680/0x680 [ 674.574735] ? reweight_entity+0x1100/0x1100 [ 674.579126] ? __account_cfs_rq_runtime+0x770/0x770 [ 674.584127] ? trace_hardirqs_on+0x10/0x10 [ 674.588361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.593884] ? update_load_avg+0x27d0/0x27d0 [ 674.598277] ? lock_acquire+0x1e4/0x540 [ 674.602238] ? __handle_mm_fault+0x3a38/0x44a0 [ 674.606828] ? lock_downgrade+0x8f0/0x8f0 [ 674.610978] ? kasan_check_read+0x11/0x20 [ 674.615109] ? do_raw_spin_unlock+0xa7/0x2f0 [ 674.619498] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 674.624068] ? kasan_check_write+0x14/0x20 [ 674.628285] ? do_raw_spin_lock+0xc1/0x200 [ 674.632514] __handle_mm_fault+0x3a45/0x44a0 [ 674.636909] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 674.641749] ? kasan_check_read+0x11/0x20 [ 674.645883] ? lock_acquire+0x1e4/0x540 [ 674.649839] ? handle_mm_fault+0x417/0xc80 [ 674.654057] ? lock_downgrade+0x8f0/0x8f0 [ 674.658198] ? lock_release+0xa30/0xa30 [ 674.662158] ? mem_cgroup_from_task+0xcb/0x1f0 [ 674.666725] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 674.671476] handle_mm_fault+0x53e/0xc80 [ 674.675523] ? __handle_mm_fault+0x44a0/0x44a0 [ 674.680087] ? find_vma+0x34/0x190 [ 674.683614] __do_page_fault+0x620/0xe50 [ 674.687661] ? mm_fault_error+0x380/0x380 [ 674.691804] do_page_fault+0xf6/0x8c0 [ 674.695586] ? vmalloc_sync_all+0x30/0x30 [ 674.699719] ? schedule+0xfb/0x450 [ 674.703256] ? lock_acquire+0x1e4/0x540 [ 674.707216] ? __might_fault+0x12b/0x1e0 [ 674.711263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 674.716090] page_fault+0x1e/0x30 [ 674.719530] RIP: 0010:__get_user_4+0x21/0x30 [ 674.723911] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 674.743075] RSP: 0018:ffff8801c0957538 EFLAGS: 00010202 [ 674.748419] RAX: 0000000020013e98 RBX: 1ffff1003812aeae RCX: ffffc90005630000 [ 674.755669] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 674.762920] RBP: ffff8801c0957cb8 R08: 1ffff1003812ae84 R09: 0000000000000000 [ 674.770170] R10: ffffed00327cece1 R11: ffff880193e7670b R12: ffff880193e76680 [ 674.777418] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 674.784688] ? __might_fault+0x1a3/0x1e0 [ 674.788738] ? sctp_setsockopt+0x1e13/0x6db0 [ 674.793129] ? get_futex_value_locked+0xcb/0xf0 [ 674.797787] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 674.803500] ? trace_hardirqs_on+0x10/0x10 [ 674.807714] ? futex_wake+0x760/0x760 [ 674.811503] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 674.816677] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 674.822194] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 674.827288] ? futex_wait+0x5d2/0xa20 [ 674.831074] ? futex_wait_setup+0x410/0x410 [ 674.835381] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 674.840554] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 674.846082] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 674.851167] ? futex_wake+0x304/0x760 [ 674.854965] ? lock_acquire+0x1e4/0x540 [ 674.858920] ? percpu_ref_put_many+0x119/0x240 [ 674.863484] ? lock_downgrade+0x8f0/0x8f0 [ 674.867620] ? lock_acquire+0x1e4/0x540 [ 674.871577] ? __fget+0x4ac/0x740 [ 674.875014] ? lock_downgrade+0x8f0/0x8f0 [ 674.879145] ? lock_release+0xa30/0xa30 [ 674.883119] ? lockdep_init_map+0x9/0x10 [ 674.887166] ? exit_robust_list+0x290/0x290 [ 674.891470] ? __mutex_init+0x1f7/0x290 [ 674.895432] ? __ia32_sys_membarrier+0x150/0x150 [ 674.900172] ? kasan_unpoison_shadow+0x35/0x50 [ 674.904734] ? __fget+0x4d5/0x740 [ 674.908173] ? ksys_dup3+0x690/0x690 [ 674.911873] ? lock_acquire+0x1e4/0x540 [ 674.915827] ? __fd_install+0x2b2/0x880 [ 674.919793] ? lock_downgrade+0x8f0/0x8f0 [ 674.923922] ? select_collect+0x610/0x610 [ 674.928052] ? lock_release+0xa30/0xa30 [ 674.932009] ? __fget_light+0x2f7/0x440 [ 674.935964] ? fget_raw+0x20/0x20 [ 674.939399] ? get_unused_fd_flags+0x1a0/0x1a0 [ 674.943977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 674.949503] ? alloc_file_pseudo+0x281/0x3f0 [ 674.953893] ? alloc_file+0x430/0x430 [ 674.957957] sock_common_setsockopt+0x9a/0xe0 [ 674.962434] __sys_setsockopt+0x1c5/0x3b0 [ 674.966575] ? kernel_accept+0x310/0x310 [ 674.970628] ? do_futex+0x27d0/0x27d0 [ 674.974429] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 674.979949] ? fput+0x130/0x1a0 [ 674.983214] __x64_sys_setsockopt+0xbe/0x150 [ 674.987616] do_syscall_64+0x1b9/0x820 [ 674.991505] ? syscall_return_slowpath+0x5e0/0x5e0 [ 674.996420] ? syscall_return_slowpath+0x31d/0x5e0 [ 675.001343] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 675.006343] ? prepare_exit_to_usermode+0x291/0x3b0 [ 675.011342] ? perf_trace_sys_enter+0xb10/0xb10 [ 675.015994] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 675.020822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 675.025992] RIP: 0033:0x455ab9 [ 675.029162] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 675.048327] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 675.056018] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 675.063281] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 675.070531] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 675.077780] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 675.085031] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:45 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) r6 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0xffffffffffffff81, 0x600201) getsockopt$bt_BT_CHANNEL_POLICY(r6, 0x112, 0xa, &(0x7f0000000280)=0x5, &(0x7f00000002c0)=0x4) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:45 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vsock\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000480)={0x0, 0x80}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000500)={r1, @in6={{0xa, 0x4e21, 0x7, @dev={0xfe, 0x80, [], 0x19}}}, 0x100000001, 0x631c, 0x80000000, 0xa118, 0x40}, 0x98) syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='resize=0x000000000000E']) socket$nl_xfrm(0x10, 0x3, 0x6) syz_mount_image$reiserfs(&(0x7f0000000080)='reiserfs\x00', &(0x7f0000000100)='./file0\x00', 0x4, 0x3, &(0x7f0000000340)=[{&(0x7f0000000140)="fdcc8385ac87ed5066adae425c3792f2a3512a57d68258", 0x17, 0x1}, {&(0x7f0000000180)="db49f50b224d2956c0ed6cee11b6401976b00e81d64d442ca340914b19f69a33b57eecade6ffed0b30d3a6e3a080502d459b923cff0c710816046ffe3d3c75fdecaa5f52973e69b8d1b0af10346e82df58b11814fc121e3c90f67c5c76df7867cf77d1638e8da6cf467cb67d566e75d6788d6f1a029855d34c17467711aec24851a648c641cb8ebe20ca61cf1d49b305afc126bf663110599de9e94ad1f26ce387b51332a466304e6e147322de248c1cac1e401d4c52240b851529d2701cf0548c4857f17a0f6db963764791ec705c1920c282cff4d9381ced56b9357c364348", 0xe0, 0x80000001}, {&(0x7f0000000280)="b014365f6563de52295a2a01f73daf542f608aca370453d4c01f24aec12820031dbd9318d79aaec7f5a0ca7e2064c80a5d84df918c038c4a9a0ff57ab0095e88e3f4eef80c67cd26d674dbd9176fc92091695c1c28622f3aae82ecc19caad1580d11619e3cf294e9b1427cf79b96905e2c20713707abbd1c01bb92e66de20166e1d259cd2da931df54254ff76059cb95acbaa811473c987ada95232ea2bb393614dbd6186c264b091621c0ea0301a40a829e34879b5f50", 0xb7, 0x1}], 0x2, &(0x7f00000003c0)={[{@jdev={'jdev', 0x3d, './file0'}, 0x2c}, {@usrquota='usrquota', 0x2c}, {@errors_continue='errors=continue', 0x2c}, {@commit={'commit', 0x3d}, 0x2c}]}) mount$9p_fd(0x0, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x4800, &(0x7f0000000640)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@fscache='fscache', 0x2c}, {@mmap='mmap', 0x2c}]}}) 07:38:45 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000140)="6e65742f6970365f6d725f6361636865009e386d287dd5c381f459dc1269be3e4cf269c53fac4ff04bf89172a8a42eaf777d084d34083858ddde184ed9182acf8421536223bd5566c66cc7b32b77b3ce83eb297caeb3d0d3c04bc949f61c94bb8ed556fb6c3b94992bd0cb2ddf1c9c4edef8cd19f6ab7aa26ccdc74cc326e969cc071f23e0d6824dd6aadb789d427fd08ac4d67222a9f6870bb312e84e5c1abadd47bd6a065f601f5a6e8b11515f6dbc1faacb44a18486c216fa804715cfb3e3e12374bed0fc072bc2787aba5811ada8fdbc94b92f8f4a5156da6a2f9a9b6bdc") r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000080)="b74e48f1ff03b5b7eeae3706884840caa3a12ca87df0c2b5946a3ffff0d763db17c3055233c552fb1a6f1bed90489141da36d2ccc750f0ce3f689ed1dbc9a690447d3172eef88fbbd4ffc0c1a6d53f4c6dd4e5fa39e622dc08393a600a02faee4ad0fb51156953cb27f32b48bbb9ee49634e626a4f76e592a398a2d80bf8329d0a65877271db415e6a9761ba3f69e2b577662c378a4639472113685d574dd37ff093de6396880e161f770e34ede91157bcd6bd6b", 0xb4, 0xfffffffffffffffc) keyctl$get_keyring_id(0x0, r1, 0x17) readv(r0, &(0x7f0000001440)=[{&(0x7f00000013c0)=""/111, 0x6f}], 0x1) ioctl$TIOCLINUX3(r0, 0x541c, &(0x7f0000001280)=0x3) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000240)={r0, 0x6be, 0x40, "e44d0c14c4f4952dd04ec25acb0721d8fea88f6363b4d9c945f6f1a81419535afbdb0a2b8b6cc05e97805209a619b0f3d1d6ebda68407924c856d9448b4200c4f580ff960076e785876753203fef03f97cfaaa31f715311fcfa08d6d8a1944c1c69ab8ef76badf2b05367e959942643e2f3a31a430f4f5452a37ce494246a5da839c99558acc164dc4237c444213a83d90dcee35c74f631823194774c0693cff542ad57aca83c379e654763de517933a6ce08dafa0783d61f2c28626054d91b4cb4a5161ab1cb982a50434590552e55f305e13c4cfcf8470701dbf788934dbf114a8cd964961c0fbec941b1c56cf713cd5b407714f198ed39bf6f841d99d45727286e4aef54e6ce1f840381f652a350795c07e187cf5f9aebaf7c59e2fb8e12ecc1aeea0a7088e3901c5f01b82a8ca433f0476859a10e8557a90fe69ea24fb3263d07b36ceab001a19f81d23fc3e06a9db569e729dfaaad40d962354e285954b9adc28d8d4f82893e78d4b34200e9cf705f9dcb5fe3ea9dd340016d85a1c8c54e5e4f180ec21f4f8fbe2267c8049ceee1b4e403b82334907107ab7e684410480a06bf4b13b1a82286b1f34b68faef9859195050c4c974b1369b494dfdbb7f25ce0fd250ae0126736f1ae9786e6c6f367f418b72646a5559fa4820d6d94665ce85a1ea9e4c021e4eec43c44b2a3d2f094e05e0c1bf8b4b036e07f38b3bf2edb696f73bf6cf9c28a6a15fa6090a394ddae5428fd4bda2cd8b21a40614c88c38182db15b112f6df8b81bcd0173cac63a5cb3f23d7c45d138d113f3f6c98b7b9840ed17d9ba239f7f5f0abbbb722cd3e9f3b51bad03a534719eeccd238cd2ecf6cebf7e76a626733277b23cff1ee5b045e94f42a408b8cadc16e89d8365f4d736998d210246821be9d415e860abdf10a0f5d2ad1bf5ac06546bc4fd426b1bf810dc36e1ae440b16ab8d16e639af7d6873b807b4b9cebc76c3952c8f88dbed0d470c0204a857bc62cc2504ae84a2d2140f6229712a155fed558926ebff8d9cc8ca177038d6d42f25df319c221c650803da3edc549547133233908080cb0051ce0d144bfb6d9d79fbb2d968b57bd1eca5269474afc225fe537247d2d9c2066dd3448a8f9a689a86794af7eb74e9a679f6e23b2e1eed980e17b50fb9f7b49a1718855ba730cba20251e0e7aa65b5cc26828f55ac2d9efebbbc8cb91e7a3fd91bf13b012c13669c588c028122f05f29ef763d702ab75ffe65860e1e173e86d20a73d322aafe2cbe7941ae7c33379f4b80818b6a89c4995bf79091418d15ceff4e1ed3c722ea6078d05c1805fb56cf823f0c52ae9190d8d823a5c3ec56792b87c7d6bd2d65da32371e3ef0021e0132dadcd6ccb75b9fdff83ba7009f65161c0a44aae95db0688928e77f3cd5374943c78239a7abcc544c8f0753b6503937a084a9284bd4459b9fa908bb64ba4273cc240b3156662dac4c2266eeacf964b1f3698d6bdaf49446f0603724c6d152cc422072cd19b3cc0b0ccd04ebc335300c5bb2ecdfc567dd08bd399a1c56a1438e32eec73611c36198028b2d4d654effadf0f1bf1439265cd8246e8ad4632e08b4734a1259cc2043bbf8144f26172435391517a6179e6b2175c87f6c6e3e19db28a241a844d08714e86a729fa222c2702a012ab728d26882538ebcfb66ef9c0d3897ebd3281298d2dffe15bd51fb04d32ee3a26f25db021d0846ff4b562d7629458811480dcffc6019d2fb01fa55d89fa16737a2136059e85dd65214257b1677c5b1eb2ae590cc0adc5e253f4bdaf1d289b45fbfa315ee9d6aa847a5a2d0dd4672e72ded2cd05388ff6a5c1fdc508149db4fb931423d586ad5f408952313a197f964d58d9ccdf465be5c405d8cadedbd5249eef93cd489fca2ef3bf2e42d6f675c7153c6c70e91cc625fc06bddbce7220e8e94acd45a5dcecf257c76e016de046b7fdda6d5a8bdc61efe12b1fd1c3607dabae11d56d44bbabc568e9d8a1df2a91edf8f1e8842bc8a1f0dd687117df8019fb2b95a2d9077c7e08a6cc47099dd3825e627bd467e7e9621523a79881ffe064d11a3dd0e394eac496c46a1bfd32df52248d328aca5f5c97d06bc75497444a4a02792851b207afa9cc85c4ca06689003eecf7c93d7dfa2e71b9dde2a577083c36c5000a0ebcc3a66b553e814751d658a20be36c0241a78f6642cbfd799f274661faaef4aa4a363dcb26789b1fde6e828ca61c8ffdf998f83ace2fafa5c288b7b403a97076ea8e5cfee743bf8a61e536f129dc18a0e8a0de3931f68fb94456a707e12a7c129b543d5c1b587bc097ff5afe3289c6033a87fa1af18c5b23d98b9007d50d3971ca4cf4b67f253788de7f024a0b3dbe371aa056c7895b7a60cf4e0ef4d1cc6ed3f02fc53748a7f2edc2b176448e89ff7bf0f20fca7bb7ba29cf897b2917954be66cdb46ba8fdd0edcb628b2898723fd993e8cfaa46dbb6cb8e408571a39eefab707c76b91fc632ab3635f7d56f1dfd755a24553550f580e7f72e6b30159a4109b96004dad3eb534d2417430c42298381c979f93948102808c5c24f53c447b1937146eafc6658e222aefb87cde8332bcc4a6ba4000b62872f0f86e0ff9c4582fe057e1f6de9cd2552abc3a4e799f2e9f1132e55abb14168f9a8c346eeb50d97f3e9f861b8680d79960869ad98e35ce474c76144397b83b34dc51d1daaaa763dc036ba55dee1386af7ec57174f4ed6299f7763ffb5106dcb1e5768bd14c28f47a82c1174336037c4f97c026aa7058a8836d75bc9224f7b485afc4f4b004d93b6e49c9bfc13546f297d107d3f4eaf6ce7af4a432ea44dd41da2b12bdf37d6aa47ad1e4e93951230b457abb9d27269948773d7381e67968838498bb74ef30105c0d77dd6a35edc1c3d8984cab0ca93906fa9f0a3c219fd7a83d54c057c14267ffa6616b43d90feb22b263aa51473e1f6d17bf3cddeba682ead7967f9458a471085ded3f9147086d02d8e97a08acfcf18d85adda7653b0ac7f87cc22f8711379993d4bd4e950afe9a56de160d4d67adeccebb0d61eec5e427e512897cd0cd43d2a789172a3df7a00434b034ae46e80c72761d5ac63e01c1dc32c61f78d2578ae6dd98485d32ed294b65723dabd8cfb1841a55333af40852c832593ee773e8baac4bb1eb1a318bd8d73851daf2fe2f29eaf4ea8d1c3cab2b19216716c97dbc9f83030453198e9697a14daa89a14f7feab28db95724bb0b2bc9d6c04c8ca8208f3082c776d38b93f215b71475a21c97dba0fc7fe69ed34b1a57bfda811c7c4244e84fd576a50f6b17ce684e38d82e148666598d4ee65e836bb57eba66bf16b812d0a242f86a87fe819ad9e4af5eceb5a84485df03282e646606b724bc03d1a06a112292bbe28138265e141c94063bc93bba1b5c4eb788dd1a27a21ba0656112af5e7f3f02f85e551dc74a940e104ab8016e9ff1f5bb2b495a2833433714aee32d8f717b9b793327cfe62ede8ac4606c4a73d7f0c79d08e42f92450e36839a8edc4877034e94f25d16cc5e3ac2ec7f56459e2013133053ac0e8b24fd6ff79da8a566ab2ba5e2fa1ee396110ebe2e18cc92c8237a6753ce9e0362c0a51247b6110f315ab9cbcb581b43efc253c3b733aeaa18675a2340f6db0e3a6fb463c0a3692a9285981be2b127bb44d5d057c06b2cae2b979918a5495c4034711a79180f05bece1378dce27b71b31f0d2a733932804d9a447a7a16d21d87b9e3649bfe51cfba681b02b6a7870a81a4903cef6dce6430d9ba12357efc7fb3a9346122101b6249352131118b478690464ddcc0b5d9420980da730de1b3c683cb41b18d549b91c8864d72ea092cb11987b6cbe3c1e47dfb06e94e2200b53eeec763f10e12d59706dd48953f5ca7077e85705b1c84eb477aaa0484653d59d685fbdfe7b792b9c229ec28383d5027f4b1433b58acb5dfa91b1b8305f1e3e4bcfa165d30879186a3b270616bd89941f8ea69d5fd50eb1667962a878df4c0d4abe47648013a36a0ed5af6ca537454cbceb2478b4aa762f0cc541e7c12b5578edd41dcabec99d57d0aafb230ebb3a73be0fe8ddefbbcc998fab74c886a9c97eda63a8ae05ab61c59c1b0cf61ba4e06a9c4333ece5807b8952d70b6e702a089f2a262417e11586cb0124d80af31b745e9144e1cf86c395024a2c9a2c36f17700fb33b0e00b49bd66deb13acc2d2dd94df34605cb0f00f5c0944d64e66509b186e93b8d1ac72cfb5614f8e1d98a531a439db9c03e4f7f849dc1052223a974cc73ac22e20a011c17d969aa6faea077dc392779ecf8fedf8024aba31c8dd1df4689a821ce487736d5a980d388c971e7f240ab3a329f5e8f4e7fed01789602808e07d708b2f770b81ea79f3b00d2dd522e61dea7743b00aedb98ce58c7b09dd83c801da59d645fa41440a9532ff4a21f5af75727452eb6a1ab2a110d3d22d973f82463e43be32f14272daa72b12065336f4b33195fddda311eaca04d9172984fb44e2b8ffa3f33219aa21c0c0f54f02e552b1aee63811d6d2c3985f3ee51ac8d601a12948bf3671844955e371dc1b9f5192e1c3d3493873edce57bb8657263de9afb266ee44c14cee612cc3acf2511cf82223ef38480d9ce09d1992284930ce232e24ed85d064060813ac254673534b22934dca087bfd60c69bc09f1b806df7e8308a1542df801c41949412407e3ac827211ab30ad3b06b3552d7941322dbb91e3562f97b061a03fac97f04ae5f1fa085b0e8fcf5fc8b948f6c32f39eb59293127bbda2e5562b689da67cb6d2b5b4462eabbcb31e952ef1b021ed25b1b5053b05d96c7088d18273fba0555380343d0531807b30a818bb83dc59da71d1b39ffa130a9f97a7deff17d9b1d724fba46a9ed9c71294ff8aed9a94097776de3c08045a732ff28b9124aaab50ce47116ed0cd6f11e19fb726baf23a1c430c2ff947b7373f391c4eb3a3ef8f478f078be71274449374e5a5bd9dc904838f9d7a93f4f2a5ebc58631b65a660890af6713d87ae8130c4272097e3d9e562db575c809e36bbc324689d9092f99373486d44cde534b8cc864ea72f3cf90794bd86a61a6cfd5e195b5d285b6467f2096a166b2abc70c5e5810fffc5ffe134dd7dad226e9f66b67bf72161d960e4d112507d9ed88bc0f56a4f25b727444246ae761ad7eafd2a8afc82dd998a5089c4b492e26b148d38560108d0f997eba765bf9716cdde15d46e6aff1066020233c6e554c8b7eff88c1e031f417da58e9ecd16697649f0481ee66dba16b6a44852ede9f9fa975295efdb4d0e5a34576fb3e5c4c60a11a3f06104fb550255de918fd6515c46f1e354d7dacea70ce192b57b4d9594b691fb56c0db8264b738899efb77425434f92c996d9445699abbe428c2d2aa0efee4c2da051e9b5368a3240efc1e7ab102752e4a934fe9df61ad2117c1d678eef0c2b721c3cfa3e2f532f343fbdf2a60e855cb2c3c8f80485ed1b9353261c3a29caafe37aeb3a824596d061650626fafd21467a3519ffb4897b911af7d5e8d2c522595b80a43fe1ba353af29186b8fefaa22cb878f9cac97c37ad48113dee23de42488d02f2bac30a0816b481b540dbfe20ccfc81e2f6ceabe703ecb4b3a9a049ea4010939b3d9dd3d96e06c086934d1c6919544baf99238ec00099363650ccc4505f7b6464d620406e75c7eaf7dfb2a0e1d657453890cae6f93e196df4563f869622be2f61884c8218ad18433166b07e460d895345d5cbbb4bfe753384c1eb9c228c9acef14d7449243ce2ed387df8e8015d1dfb0f63cb55"}) 07:38:45 executing program 0: r0 = socket$inet6(0xa, 0x4, 0xfffffffffffffffc) ioctl(r0, 0x8912, &(0x7f0000000040)="025cc83d6d345f8f762070") bind$inet(0xffffffffffffffff, &(0x7f0000eed000)={0x2, 0x4e21, @multicast2=0xe0000002}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000eed000)={0x2, 0x6e21}, 0x10) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x20400, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)={0x2, 0x3, 0x39ee283, 0x0, 0x3ff, 0x200, 0x200, 0x0, 0x3, 0x4, 0x8001, 0xffffffff, 0x0, 0x37, 0x9, 0x109b1b8, 0x100000000, 0x9, 0x80000000}) syz_emit_ethernet(0x2a, &(0x7f0000de6fd6)={@link_local={0x1, 0x80, 0xc2}, @link_local={0x1, 0x80, 0xc2}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) 07:38:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r1, @ANYBLOB="140006000100010001000000000000000000000008000200e0000002"], 0x34}, 0x1}, 0x0) 07:38:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x3909, &(0x7f0000000400)}) 07:38:45 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@gettclass={0x24, 0x2a, 0x301, 0x70bd26, 0x25dfdbfb, {0x0, r2, {0x9, 0xd}, {0x6, 0x8}, {0x7, 0xffff}}, ["", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20044000}, 0x80) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000040)={'erspan0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1}}}) bind$alg(r0, &(0x7f0000c73fa8)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(hmac(sha256-generic))\x00'}, 0x58) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, 0x0, 0x0, 0x0, 0x0, {0x3}, [@FOU_ATTR_IPPROTO={0x8, 0x3}]}, 0x1c}, 0x1}, 0x0) r3 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040), 0x0) accept4(r3, 0x0, &(0x7f00000000c0), 0x0) 07:38:45 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = socket(0x200000000010, 0x2, 0x0) sendmsg$nl_generic(r0, &(0x7f00001cb000)={&(0x7f00008e5ff4)={0x10}, 0xc, &(0x7f0000f4a000)={&(0x7f000019bf9b)=ANY=[@ANYBLOB="140000001000110300000000000082d100000000"], 0x14}, 0x1}, 0x0) write(r1, &(0x7f000095c000)="2400000026007f000000000000007701000000ff0100000000000000ffffffff0100ff10", 0x24) [ 675.448350] binder: 11706:11708 unknown command 0 [ 675.463047] binder: 11706:11708 ioctl c0306201 20000080 returned -22 [ 675.473509] REISERFS warning (device loop4): jmacd-7 reiserfs_fill_super: resize option for remount only [ 675.487421] binder: BINDER_SET_CONTEXT_MGR already set 07:38:45 executing program 7: r0 = perf_event_open(&(0x7f000001d000)={0x200000006, 0x70, 0x2, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @rand_addr}, 0x10) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000500)={0xfffffffffffffff9, {{0x2, 0x4e22}}, 0x1, 0x5, [{{0x2, 0x4e23, @loopback=0x7f000001}}, {{0x2, 0x4e21, @multicast1=0xe0000001}}, {{0x2, 0x4e24, @multicast2=0xe0000002}}, {{0x2, 0x4e23, @multicast2=0xe0000002}}, {{0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}}]}, 0x310) r2 = socket$inet6(0xa, 0x3, 0x101) ioctl(r2, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f00000000c0)={0xff, @empty, 0x4e23, 0x3, 'nq\x00', 0x33, 0x2, 0x44}, 0x2c) r3 = socket(0x40000000002, 0x3, 0x8) r4 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008914, &(0x7f0000000100)="295ee1311f16f477671070") getsockopt$IP6T_SO_GET_INFO(r3, 0x29, 0x40, &(0x7f0000000240)={'mangle\x00'}, &(0x7f00000001c0)=0x54) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x3, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000000000000000001951a469000000a375f95bb6cca13da22acc8ef87cf54f140dffbb34dc70c62a29e5f14c463e6384c1b42e096fa71101ada60c6da4cb2c280a830bd191695b49fc8e598f7f9c01eef3c831d48f8991ee1099604acbc3066714c7cf8c1bad2409c368e8a169e4c97d1139c6d8b0e89e72fc20e9"], &(0x7f0000f6bffb)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) r5 = syz_open_dev$loop(&(0x7f0000000940)='/dev/loop#\x00', 0x1, 0x3a9702b35f3e29ed) ioctl$LOOP_GET_STATUS(r5, 0x4c03, &(0x7f0000000980)) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@mcast1, @in=@rand_addr}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f0000000300)=0xe8) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)="627269646765300000000000000200", 0x10) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/4, 0x4}], 0x1) sendmmsg$unix(r3, &(0x7f0000004840)=[{&(0x7f0000000480)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001500), 0x0, &(0x7f0000001540)}], 0x1, 0x0) listen(0xffffffffffffffff, 0x0) write$P9_RMKNOD(r0, &(0x7f0000000880)={0x14, 0x13, 0x2, {0x5, 0x0, 0x8}}, 0x14) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r3, 0x111, 0x4, 0x1, 0x4) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) socket$packet(0x11, 0x3, 0x300) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r3, 0x111, 0x3, 0x1, 0x4) sendto$inet(r1, &(0x7f000099bf26), 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) sendto$inet(r1, &(0x7f0000000100), 0x229f, 0x4008000, 0x0, 0xb4) write(r1, &(0x7f0000000840)="e782d147196155db4aa2ca0596aa8010937c635d7097051497fd151e4b8f77ba217737268f83a412236095", 0x2b) sendto$inet(r1, &(0x7f0000000200)="a5", 0x1, 0x4000002, &(0x7f0000000180)={0x2}, 0x10) 07:38:45 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) recvmsg(r0, &(0x7f0000000000)={&(0x7f0000000100)=@hci, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000600)=""/219, 0xdb}, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000040)=0xffff, 0x4) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000080)=ANY=[], 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f0000000300)="82116ecd0038ac89ce125c0ceaa56f83f5c8c7000000000001000167cd4bd1b1215cfccad31213cfde6f50ae79aa750c0180b8c12586d81bdb662922f1f53a5c0472bd533f96d2383049ba606ad3579549cb2541de18438a99d310cb08b9c6a1d7c0adc857f242dbb11b7168a9598c0868d680ec00dfdebc4673e9163ece5f12867e00004146a8e23b9cc3e443465f99ece3ddfddd2174784d1556f6d7980ccf57ce8bb6172c6f6735d2196eafe8c4c2107370a2226b53f37ef937d0f9c21a6a183e0da82ae03ce16bb9f338473c7a67eedb98d1e4b9233d67148af3", 0x4b, 0x0, &(0x7f00000000c0)={0xa, 0x4e20, 0x200000002, @remote={0xfe, 0x80, [], 0xbb}, 0x4}, 0x1c) 07:38:45 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="d91800000000000067"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0xffff8000, 0x2f}, [@ldst={0x3fd}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) 07:38:45 executing program 0: r0 = socket$inet6(0xa, 0x1000000000003, 0x100000003) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) connect(r3, &(0x7f0000931ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc) r4 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0x8040) getsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x8) connect(r1, &(0x7f0000987ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc) r5 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000040000)) tkill(r5, 0x1000000000013) listen(r2, 0x5) [ 675.508561] binder: 11706:11708 ioctl 40046207 0 returned -16 [ 675.537263] binder: 11706:11731 unknown command 0 [ 675.545596] REISERFS warning (device loop4): super-6506 reiserfs_getopt: bad value "continue" for option "errors" [ 675.545596] 07:38:45 executing program 3: open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = open(&(0x7f0000000040)='./file0\x00', 0x41, 0x0) write$binfmt_elf32(r1, &(0x7f00000003c0)=ANY=[], 0xffffff53) [ 675.552244] binder: 11706:11731 ioctl c0306201 20000080 returned -22 07:38:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x2, &(0x7f0000000400)}) 07:38:45 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xffffffff, 0x10000) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000080)=""/21, &(0x7f00000000c0)=0x15) ioctl$int_out(r0, 0x1, &(0x7f0000fd3ffc)) [ 675.585466] IPVS: set_ctl: invalid protocol: 255 0.0.0.0:20003 07:38:45 executing program 6: recvmsg(0xffffffffffffffff, &(0x7f0000001fc8)={&(0x7f0000015000)=@can, 0x10, &(0x7f0000015000), 0x0, &(0x7f0000015000)=""/23, 0xfffffffffffffeb5}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0xb, 0x0, 0xfffffffffffffffe}], {0x95}}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0xc3, &(0x7f0000000000)=""/195}, 0x48) [ 675.636187] binder: 11755:11757 unknown command 0 [ 675.644116] binder: 11755:11757 ioctl c0306201 20000080 returned -22 [ 675.650944] REISERFS warning (device loop4): jmacd-7 reiserfs_fill_super: resize option for remount only [ 675.669123] binder: BINDER_SET_CONTEXT_MGR already set [ 675.685309] binder: 11755:11757 ioctl 40046207 0 returned -16 [ 675.704336] binder: 11755:11764 unknown command 0 [ 675.712339] binder: 11755:11757 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 675.719559] binder: 11755:11764 ioctl c0306201 20000080 returned -22 [ 676.477813] FAULT_FLAG_ALLOW_RETRY missing 30 [ 676.482405] CPU: 1 PID: 11729 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 676.490911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 676.500250] Call Trace: [ 676.502839] dump_stack+0x1c9/0x2b4 [ 676.506464] ? dump_stack_print_info.cold.2+0x52/0x52 [ 676.509121] IPVS: set_ctl: invalid protocol: 255 0.0.0.0:20003 [ 676.511649] ? rb_erase+0x3550/0x3550 [ 676.511672] handle_userfault.cold.33+0x47/0x62 [ 676.511692] ? plist_check_list+0x7e/0xa0 [ 676.530582] ? plist_check_list+0xa0/0xa0 [ 676.534719] ? lock_acquire+0x1e4/0x540 [ 676.538681] ? userfaultfd_ioctl+0x5430/0x5430 [ 676.543245] ? trace_hardirqs_on+0x10/0x10 [ 676.547466] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 676.552812] ? plist_del+0x4a1/0x9d0 [ 676.556524] ? perf_event_update_userpage+0xd30/0xd30 [ 676.561704] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.567225] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 676.572397] ? cgroup_rstat_updated+0xe6/0x470 [ 676.576962] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 676.581355] ? update_curr+0x200/0xc00 [ 676.585224] ? reweight_entity+0x1100/0x1100 [ 676.589634] ? trace_hardirqs_on+0x10/0x10 [ 676.593861] ? kasan_check_read+0x11/0x20 [ 676.597994] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 676.602572] ? compat_start_thread+0x80/0x80 [ 676.606967] ? lock_acquire+0x1e4/0x540 [ 676.610930] ? __handle_mm_fault+0x3a38/0x44a0 [ 676.615496] ? lock_downgrade+0x8f0/0x8f0 [ 676.619632] ? kasan_check_read+0x11/0x20 [ 676.623763] ? do_raw_spin_unlock+0xa7/0x2f0 [ 676.628159] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 676.632726] ? kasan_check_write+0x14/0x20 [ 676.636942] ? do_raw_spin_lock+0xc1/0x200 [ 676.641165] __handle_mm_fault+0x3a45/0x44a0 [ 676.645560] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 676.650387] ? __sched_text_start+0x8/0x8 [ 676.654521] ? kasan_check_read+0x11/0x20 [ 676.658656] ? lock_acquire+0x1e4/0x540 [ 676.662612] ? handle_mm_fault+0x417/0xc80 [ 676.666829] ? lock_downgrade+0x8f0/0x8f0 [ 676.670962] ? lock_release+0xa30/0xa30 [ 676.674921] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 676.680357] ? mem_cgroup_from_task+0xcb/0x1f0 [ 676.684934] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 676.689675] handle_mm_fault+0x53e/0xc80 [ 676.693737] ? __handle_mm_fault+0x44a0/0x44a0 [ 676.698302] ? find_vma+0x34/0x190 [ 676.701841] __do_page_fault+0x620/0xe50 [ 676.705889] ? mm_fault_error+0x380/0x380 [ 676.710020] do_page_fault+0xf6/0x8c0 [ 676.713801] ? vmalloc_sync_all+0x30/0x30 [ 676.717934] ? lock_acquire+0x1e4/0x540 [ 676.721890] ? __might_fault+0x12b/0x1e0 [ 676.725935] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 676.730764] page_fault+0x1e/0x30 [ 676.734205] RIP: 0010:__get_user_4+0x21/0x30 [ 676.738586] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 676.757748] RSP: 0018:ffff8801a9e7f538 EFLAGS: 00010202 [ 676.763092] RAX: 0000000020013e98 RBX: 1ffff100353cfeae RCX: ffffc90005630000 [ 676.770341] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 676.777591] RBP: ffff8801a9e7fcb8 R08: 1ffff100353cfe84 R09: ffff8801a9e7f260 [ 676.785277] R10: 0000000000000000 R11: dffffc0000000000 R12: ffff8801c6a675c0 [ 676.792525] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 676.799784] ? __might_fault+0x1a3/0x1e0 [ 676.803834] ? sctp_setsockopt+0x1e13/0x6db0 [ 676.808227] ? get_futex_value_locked+0xcb/0xf0 [ 676.812881] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 676.818587] ? trace_hardirqs_on+0x10/0x10 [ 676.822803] ? futex_wake+0x760/0x760 [ 676.826591] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 676.831777] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 676.837294] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 676.842380] ? futex_wait+0x5d2/0xa20 [ 676.846167] ? perf_trace_lock+0xde/0x920 [ 676.850299] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 676.855125] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 676.860308] ? zap_class+0x740/0x740 [ 676.864011] ? perf_trace_lock+0x920/0x920 [ 676.868235] ? percpu_ref_put_many+0x119/0x240 [ 676.872802] ? lock_acquire+0x1e4/0x540 [ 676.876758] ? __fget+0x4ac/0x740 [ 676.880194] ? lock_downgrade+0x8f0/0x8f0 [ 676.884330] ? lock_release+0xa30/0xa30 [ 676.888289] ? exit_robust_list+0x290/0x290 [ 676.892597] ? __mutex_init+0x1f7/0x290 [ 676.896553] ? __ia32_sys_membarrier+0x150/0x150 [ 676.901288] ? kasan_unpoison_shadow+0x35/0x50 [ 676.905855] ? __fget+0x4d5/0x740 [ 676.909291] ? ksys_dup3+0x690/0x690 [ 676.912990] ? lock_acquire+0x1e4/0x540 [ 676.916943] ? __fd_install+0x2b2/0x880 [ 676.920900] ? lock_downgrade+0x8f0/0x8f0 [ 676.925035] ? lock_release+0xa30/0xa30 [ 676.928995] ? __fget_light+0x2f7/0x440 [ 676.932950] ? fget_raw+0x20/0x20 [ 676.936389] ? get_unused_fd_flags+0x1a0/0x1a0 [ 676.940966] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 676.946486] ? alloc_file_pseudo+0x281/0x3f0 [ 676.950889] ? alloc_file+0x430/0x430 [ 676.954687] sock_common_setsockopt+0x9a/0xe0 [ 676.959167] __sys_setsockopt+0x1c5/0x3b0 [ 676.963300] ? kernel_accept+0x310/0x310 [ 676.967347] ? do_futex+0x27d0/0x27d0 [ 676.971135] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 676.976656] ? fput+0x130/0x1a0 [ 676.979918] __x64_sys_setsockopt+0xbe/0x150 [ 676.984317] do_syscall_64+0x1b9/0x820 [ 676.988187] ? finish_task_switch+0x1d3/0x870 [ 676.992662] ? syscall_return_slowpath+0x5e0/0x5e0 [ 676.997584] ? syscall_return_slowpath+0x31d/0x5e0 [ 677.002497] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 677.007499] ? prepare_exit_to_usermode+0x291/0x3b0 [ 677.012496] ? perf_trace_sys_enter+0xb10/0xb10 [ 677.017148] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 677.021980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.027150] RIP: 0033:0x455ab9 [ 677.030323] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 677.049488] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 677.057179] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 677.064428] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 677.071677] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 677.078926] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 677.086175] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 [ 677.221493] FAULT_FLAG_ALLOW_RETRY missing 30 [ 677.226068] CPU: 0 PID: 11774 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 677.234543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 677.243874] Call Trace: [ 677.246449] dump_stack+0x1c9/0x2b4 [ 677.250055] ? dump_stack_print_info.cold.2+0x52/0x52 [ 677.255226] ? kasan_check_write+0x14/0x20 [ 677.259456] ? do_raw_spin_lock+0xc1/0x200 [ 677.263687] handle_userfault.cold.33+0x47/0x62 [ 677.268341] ? userfaultfd_ioctl+0x5430/0x5430 [ 677.272907] ? trace_hardirqs_on+0x10/0x10 [ 677.277119] ? lock_acquire+0x1e4/0x540 [ 677.281083] ? cgroup_get_e_css+0x1bf/0xb30 [ 677.285384] ? lock_downgrade+0x8f0/0x8f0 [ 677.289518] ? lock_release+0xa30/0xa30 [ 677.293476] ? cgroup_css.part.17+0x12c/0x200 [ 677.297962] ? userfaultfd_ctx_put+0x810/0x810 [ 677.302530] ? cgroup_get_e_css+0x140/0xb30 [ 677.306836] ? lock_acquire+0x1e4/0x540 [ 677.310796] ? wb_get_create+0x35e/0x1f10 [ 677.315098] ? lock_downgrade+0x8f0/0x8f0 [ 677.319228] ? trace_hardirqs_on+0x10/0x10 [ 677.323446] ? lock_acquire+0x1e4/0x540 [ 677.327400] ? __handle_mm_fault+0x3a38/0x44a0 [ 677.331962] ? lock_downgrade+0x8f0/0x8f0 [ 677.336091] ? kasan_check_read+0x11/0x20 [ 677.340218] ? do_raw_spin_unlock+0xa7/0x2f0 [ 677.344603] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 677.349173] ? kasan_check_write+0x14/0x20 [ 677.353388] ? do_raw_spin_lock+0xc1/0x200 [ 677.357604] __handle_mm_fault+0x3a45/0x44a0 [ 677.361995] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 677.366820] ? debug_check_no_obj_freed+0x30b/0x595 [ 677.371813] ? __wake_up_common_lock+0x1d0/0x330 [ 677.376564] ? lock_acquire+0x1e4/0x540 [ 677.380526] ? handle_mm_fault+0x417/0xc80 [ 677.384737] ? lock_downgrade+0x8f0/0x8f0 [ 677.388865] ? lock_release+0xa30/0xa30 [ 677.392818] ? rcu_note_context_switch+0x730/0x730 [ 677.397727] ? mem_cgroup_from_task+0xcb/0x1f0 [ 677.402297] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 677.407034] handle_mm_fault+0x53e/0xc80 [ 677.411079] ? __handle_mm_fault+0x44a0/0x44a0 [ 677.415641] ? find_vma+0x34/0x190 [ 677.419168] __do_page_fault+0x620/0xe50 [ 677.423220] ? mm_fault_error+0x380/0x380 [ 677.427357] do_page_fault+0xf6/0x8c0 [ 677.431134] ? vmalloc_sync_all+0x30/0x30 [ 677.435273] ? do_raw_spin_lock+0xc1/0x200 [ 677.439488] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 677.445007] ? __mark_inode_dirty+0x495/0x1550 [ 677.449580] ? __inode_attach_wb+0x13e0/0x13e0 [ 677.454164] ? ext4_xattr_inode_set_class+0x60/0x60 [ 677.459172] ? get_futex_value_locked+0xcb/0xf0 [ 677.463828] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 677.468654] page_fault+0x1e/0x30 [ 677.472091] RIP: 0010:iov_iter_fault_in_readable+0x1bf/0x460 [ 677.477861] Code: ff ff ff 76 17 eb 3f e8 bf f8 1a fe 49 81 c4 00 10 00 00 4c 39 a5 30 ff ff ff 72 32 e8 aa f8 1a fe 0f 1f 00 0f ae e8 45 31 ed <41> 8a 14 24 0f 1f 00 31 ff 44 89 ee 88 95 58 ff ff ff e8 9a f9 1a [ 677.496980] RSP: 0018:ffff88019398f688 EFLAGS: 00010246 [ 677.502320] RAX: 0000000000040000 RBX: 1ffff10032731ed3 RCX: ffffc90005c33000 [ 677.509566] RDX: 00000000000002b6 RSI: ffffffff8361ae16 RDI: 0000000000000005 [ 677.516811] RBP: ffff88019398f760 R08: ffff880195a8c440 R09: ffffed003b17c643 [ 677.524060] R10: ffffed003b17c643 R11: ffff8801d8be321b R12: 0000000020011fd2 [ 677.531309] R13: 0000000000000000 R14: 0000000000000030 R15: ffff88019398fbc8 [ 677.538575] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 677.543746] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 677.548925] ? copy_page_from_iter+0x890/0x890 [ 677.553490] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 677.558487] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 677.563672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.569191] ? timespec64_trunc+0xea/0x180 [ 677.573406] ? inode_init_owner+0x340/0x340 [ 677.577709] generic_perform_write+0x21b/0x6c0 [ 677.582280] ? generic_update_time+0x26a/0x450 [ 677.586844] ? add_page_wait_queue+0x2c0/0x2c0 [ 677.591406] ? file_update_time+0xe4/0x640 [ 677.595620] ? current_time+0x1b0/0x1b0 [ 677.599573] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 677.604577] ? generic_write_checks+0x385/0x5d0 [ 677.609225] ? page_endio+0x630/0x630 [ 677.613006] ? ext4_file_write_iter+0x2a1/0x1450 [ 677.617748] __generic_file_write_iter+0x26e/0x630 [ 677.622655] ext4_file_write_iter+0x390/0x1450 [ 677.627221] ? kernel_text_address+0x79/0xf0 [ 677.631620] ? ext4_file_mmap+0x410/0x410 [ 677.635760] ? __fget+0x4d5/0x740 [ 677.639193] ? ksys_dup3+0x690/0x690 [ 677.642885] ? save_stack+0xa9/0xd0 [ 677.646491] ? save_stack+0x43/0xd0 [ 677.650097] ? __kasan_slab_free+0x11a/0x170 [ 677.654492] ? kasan_slab_free+0xe/0x10 [ 677.658444] ? kmem_cache_free+0x86/0x2d0 [ 677.662572] ? putname+0xf2/0x130 [ 677.666012] ? do_sys_open+0x569/0x720 [ 677.669878] ? do_syscall_64+0x1b9/0x820 [ 677.673919] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.679265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 677.684795] ? iov_iter_init+0xc9/0x1f0 [ 677.688754] __vfs_write+0x6af/0x9d0 [ 677.692461] ? kernel_read+0x120/0x120 [ 677.696341] ? lock_release+0xa30/0xa30 [ 677.700296] ? check_same_owner+0x340/0x340 [ 677.704605] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.710134] ? __sb_start_write+0x17f/0x300 [ 677.714440] vfs_write+0x1fc/0x560 [ 677.717973] ksys_write+0x101/0x260 [ 677.721583] ? __ia32_sys_read+0xb0/0xb0 [ 677.725633] ? filp_open+0x80/0x80 [ 677.729156] ? ksys_ioctl+0x81/0xd0 [ 677.732769] __x64_sys_write+0x73/0xb0 [ 677.736639] do_syscall_64+0x1b9/0x820 [ 677.740508] ? finish_task_switch+0x1d3/0x870 [ 677.744983] ? syscall_return_slowpath+0x5e0/0x5e0 [ 677.749891] ? syscall_return_slowpath+0x31d/0x5e0 [ 677.754799] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 677.759792] ? prepare_exit_to_usermode+0x291/0x3b0 [ 677.764787] ? perf_trace_sys_enter+0xb10/0xb10 [ 677.769436] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 677.774260] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.779427] RIP: 0033:0x455ab9 [ 677.782593] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 677.801719] RSP: 002b:00007f9d30fc2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 677.809409] RAX: ffffffffffffffda RBX: 00007f9d30fc36d4 RCX: 0000000000455ab9 [ 677.816656] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000018 07:38:47 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0x1, 0x28, &(0x7f0000000140)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={r6, 0x3, 0x18}, 0xc) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:47 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0x8000) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000380)={{0xa, 0x4e23, 0x5, @remote={0xfe, 0x80, [], 0xbb}, 0x7d}, {0xa, 0x4e20, 0x4, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x20}}, 0x3}, 0x40, [0x80d, 0x3f, 0x100000001, 0xfffffffffffffffa, 0x269a30d1, 0x7, 0x3, 0x3]}, 0x5c) r1 = dup3(r0, r0, 0x80000) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000400)=0x9f) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000300)={0x15, 0x33, &(0x7f00000002c0)="cc103d6834b10fa4a7721e72c4c7dde75e40d235f74d64fc68529e49929769de166cd2223b14c44f3a84da1455e22437b37674"}) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) setgid(r3) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b79fa300000703000000feffff7a0af0fff0ff00000000b7060000ffffffff2d640500000000006504a000000005000404000001000000b7030000010000046a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r4, 0x0, 0xe, 0xfd, &(0x7f0000000080)="c1d8afcf3cca67abd5ecb7fc0950", &(0x7f0000000100)=""/253, 0x800}, 0x28) 07:38:47 executing program 6: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x200, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x10000) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000080)={0x8, 0x0, 0x6, 0x5}, 0x10) r1 = socket$inet6(0xa, 0x6, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x448a, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 07:38:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x100000000000000, &(0x7f0000000400)}) 07:38:47 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000140), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@local={0xfe, 0x80, [], 0xaa}, @in6=@ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in6=@dev={0xfe, 0x80}, 0x0, 0x32}, 0x0, @in=@rand_addr}}, 0xe8) close(r2) close(r1) 07:38:47 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/stat\x00') ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000280)={0x25, "bb897e6b468e6de57f20ef70ea7a441595fa9369d433ce15fe7c938c0b162945bdae6756d1"}) r1 = gettid() setpriority(0xfffffffffffffffe, r1, 0xfffffffffffffffd) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x20000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000080)={0x7, 0x1, {0xffffffffffffffff, 0x7547a9aa89a76412, 0x0, 0x1}}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0x8) r4 = add_key(&(0x7f0000000300)='keyring\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000380)="f5dee8b1f48db04f6ea302a08d56853000fc24bf6f5a859cbe16abad2fcc44be40d8c739bc93a6d09f944dfdb4ebb356918ae4f76f3f83a6216b4266e021a184465d05a75d7021a1785d0971a52be668201be4a7190b6652de81991cb915c32fae121e84255c46b4d21b48862e87760e4314547470106b7eba106d7108c95dab09f7f4692f17b2757844e8ca0f2c8e9dd0b20d3bfb6241f6f351d8e076a067884fca3950671d853029aedc8f6a3898a3ef9140b0d48139ff0e0496268e3ebcea097493c3e024e2ea754561f5ec9d38a91bb32fefaf4b9dfc70864c85d35a563c719acd147aade22db7fedf5ce6e56c94eeaff6cbff07361385eda7ada5848d5c8b8e5e4f7f1a6e92b6d7dad79d41f5483974d05e4a278e76c3d1d4dd8dbd95ca21501aa282a3f8b18340e8f2c791222008e2a3cdd06613b6631cf8aa6d4bf1c8ee8ea00343feb63ec798a269f664c6b3a7a7f217f34808a463ab74970cde4c30edfeb5e7e87d39b21793734cf482ff5b7051acf4fb94738f7fb7221bf653b25074f3750aa4d15c0c06d5f319df094ecf148ec8cabcdf429b35c4ac31c340cfb299766dfca63edef73a225800707b6f4fef93cefcfa3b7b69be6b0eed046c17b460e90d1334f26bdb49abfc9286f506329cea8b59d1ece9684989b119892eb71d151a0d6864184771df00e8dfeda0764406fbd7c1b3b98a4acae3e4563f5acb8e2d8c83c95ef2a996de7f52dbe584bd7086f42586a311003557a9d6844614881aed98360c62e64c49ff423d1a6bfaa214ea10c1051cc7b98dab16aabc2695a6209c9c6faee3f9acd164ca73ca0d9e688a2aa2f5ce75da3dc71b77cfda29bc1ebb928f58e6a4a3977648664b02ee910e4c2c11be25416d19f7c8c340a21939413f34378b6887a1641224ccb4d606aaa943db59ebe54928787d77493cd33b818d942c1935263bde80bbf83f35525ca9a8efcd7e1e86070d90bd79d43e111633aa1d610d18f35841ef4d8506f23d757a7a5ac8b55e7e23a07025ecb71d055be4a00f2a9153ba70836261ad3154c14618cb87cf235509cba60f3ac3b8e05f7f5529c50f3f4c3ede38e9b4f8a6734e8ed8fdbb1f6e3d584b97f2b79b75a6e019a26fc7e519b706aa85fc757bb99ec2227fbea4cd1d88e657ffe2bcd04bc71175c13714afb8243cb3fef4718c8a7290a2922a94d092676fb5190d32be0c77184f9bfaf41988f275e9e46df39ff64f6d1b1e04582f63eea30d33195b481c43d8c0835b2f9d47b341c83a1f9d38b0b508333b594a22d7045bce9b57c82f1c762221f87297d27b5d2ee4006640151ab233370135353b1f30286e4482e3666dd64231a9d995ee8365060440bfa750ec203394158e1b6f0d011387cbd06e04a722e99027caef4e3ebf025080ad76fbdfd1fd0faab4b49df25c0f9ab31e97265a63170215ca65fe3d1ffc47a99d4a5d1bb950daefa41859de3b47795aa2a81f079477baa58d5ea52d81724ab7733b6397082dd61fd50cb1707289f294ee45fe2dd328f1d99cd4bedb85edfe9e71c2bdb82ab5b1eb053e10867ad7f53e49bf5570e0b2eb6e215821535cc6625fb0ebb211e75d9d0c0c80e83e0f9586e91ac49d757a9681a439f2f0666f51895a7d189d8637aed36297463f5e4ccf0881c7cbb3e26ddc9dda5cf5e79285e8557b6cbc93a2e784c18a829d3ac74ad20921c782b8e5f5dbf055bcc7c59405d5cc06bacb49b26fc5d33ff506a7ada8a7731d38886a918f3a6cd655c352fa7589b5ecdef53bb97e29933a6aa6493924082bc8fe25bf38b20c7e9c3ee1ced31998ee1a6e16d65bacc0c1aa0598e41cc4270ad767161e9c2dcf84850d052672d1938869a727af124509f134ff561403aca513bbdd5ff3809d6311772fff9d042be30d54f59b7752ef1941bd616cf714e450930dd9347b9e17aa0adab0157d5cc45910dff24266c8be6f8be92941c65eaba75e54164b6058f101000cd3f19aa044b91b825e957e3c389d154048060f784cc6516c164d646597ad700b7747ff649a00cefdf2545526730f6ec76e2c884f013b0262ae2bc80bbb3620bc7e9c262c3d33b776156778075210faf5adec2ab3381308e66103e88c8b2f482f6f924d5bee71e193bb70382099c275c520779a575644250cb50e12b2db9f2106d13d21a66808089208133f726bea0eb4d27a00fefc87dc71fed583ad9dde699b40f41b4922c867c97fb7033fcfc2e512a07d122886595f59d8accfd1fbd530bc244e95d306fc25c031d83ec47eac0dc52ccdf2f914c5972cec1bf5da6af12f0b235fa917102bfa3058365035eff19aaff309f3b9a33eb3b287124afa3f79141848ce6f47d0f65ed1907ae36885c821d51985620d29374d0ac85dc251652a76b11406e195664a65c22fd4058e1a4898764987cd7a3c903e17bc47c536d95e7d901f9080e415649ab24d603cb06858432c3d66da35c2c31cd13bb2dcf39dd4b533e79e529904c26d85ffff891f3b5e92e076aff19a2bf7f2a95e6e52a5fc369dd2bb08092040abbf92c848b0f9379d29a4a30b056b79722ad014c1f9344d5b40cb7b970f05d3c88d973c4887f373711e5fa1e8a1c4f096e6a051ea4892793b983ad6f37788b23b463e4e13654dfa8f0f9b626d88b9dc31c523e5f111f1d1fc494ca6faa00b9102e00643c377a29a2c9c35a3077c6d3f1a03614776d27e047377a8b5197cc54d2ca75bda36248f0431ad146e5cd21bece3b13b3083fb80cc973f50d4b6898df1378c43a53fb0b16aa6e7d81d0c1ac6e5f9583ef7ab721d392523498bc7e392d34c6f315a221083a66448a7d1e6ee2c8b73b8b1fdaeb92db16965161dd7071fefdd467b67b9ef1590b214fd3af7179f5f562e84d3636420cdac6a092775138c9af9f4e5fdb495c5b56bfe0bfe43570b5b420d6dbd91536c305759a840c938429f30e83f378dc84b454750edb7a54b4719dcafef9a25d51223bba08df1ee439035d22aa1108a0be155ef01b9b1704bcdccd747fb4c60c541ed1b95e1d98414f0c1e5c4ce3724637ddbdfb01bc7a7f89c926d74dfdbc771158104c7dc29be519f35a7e482184bb5a140e9861725c842021ead857f07aa08206435eed2620330d81812a3e3146f47792dda5d6b1dc6af9e538963795e9b1a1ba39ab10a38c7242bf2e02ab07447e0620fd3d416537e8187d186fff743a41c4ffcba7d9076402ebf22ea44492ce0173ff6d33e7e9b7fe430573ce70fd8290b543f076429041c8c7de9c4185e59d8f27f696522b490f5ef4f1cd811b02dc2eb6e2432fb1e9b7f276c70f6f45bcef942bcc47383960f1bfffa05bb0123f214806520fa7a388c0a3f50098662aeef24451171b59b173ce3896e88287b881063300718f2c1bcc1bb908b798b6a1044fc5afcde16bf38eddef08d62ebb5d88f3059b1d81baa2cb3d6accc652005b02863bae4869f6368c5cb8342361c47366c61dd2fddd9245c0b9c50f43d65ebd3936df702af74d1513feabd0d0ade3589d42560197676270465bdd241a1348fa63cd53eb5473fcf5412b4356346f541722646c5e5d5867b8a30cf43cfb379e1da2d68332180aacfebed485c1aa2d32675cc2761e4d635231234250dd668e4808d4e89db76fa27df82351ee2727642031009cbf62ba48cafae7c7487c39c8c096bd33d4691d36cdacd048aabb3e028a8f10a8727f4262a8aa06d163aeed84c3768dde22a111834f8b430a3a99fa6380b3512534412bddbbfc38c506f23687d0e783ca529e57317fec00018c7eccd86f927a298688a5337beff0225208fbd4b2bed66577c9ff8290962d1fe1ec6a914109fd5fd75dea0272c5557085cb81460bd57c07843321ede92d5cc566a1ccc8460373459afe41d4456aad553db7ef2ceac6dad38a23cf82792eeab5e5a65af15146b6daeebbfb90e1cf81363546a0a2a785abddce806ce5b9ea05272d1627c38f9e984358898566f7c31ef1d20742d46b63ae514a08ebf33a041d9e4c4615fcb5dde2968a47e10ab311849594ad452a1f27758e92d05fe79a2022dfdfb594a9b834d10f08d434c50fd500d3249cd9e2572d4d221c61dc764a825205247922bc05b0f92e93669197c5efcd1bd209363bf96640e04d2ad78e08f50b87c9f8bfc7a2e3c3b27144d186f369a3f278537e3c1e2c821e4542dfdd7cdcd1a0120264bbf6f1e02e7bd9c997362956c114e274c0bc2ffc31b0fe7943b3e6938e077e4e08fe8cdbbf0805c25e09b54915de1e3a83695a5348e558efbdd7d4388c6e03e6aa8a73c9d07e97b58a25345c5582bbf86b4c63ccf2892715e1d76e1c496a58a865160e5bb9a0cc5dff2b7a93da2670ec8670c8c567b38380c27c0bc1cac2b2a5362cf8b60452d1605e63706ffab266596ef719ab4681debbee00043cc7ebd90c9941319be1ece038b7a03d2d271ccafd22b76b1b543110eee1b3cea986a4deca1c49a3efb33069d53eb77dd4b2e28af76ab4eaa986e5f3190f9fe931bb33097d567cfa0300430773a278e0cc5403f3c1706e6017a82b9e7baf23c3a24ebdb65608bb3ec4f49d87a5788783be455eff97382284d002cf8d5d19228923916b0f55f5841d553082dccc253ffcbb9a704e061ef082572e4d6f37323a09b6d594aaf6aa25e373d9d19a9c6badd7f69a8559e8a96960d931aa6e2a561042544e31ed5d396549c3a440632998b72ceea204fb9ea44a9215dffcd2aa372c88400a8bf3393299f41e50660567d62d19510f82b1df9ffd07dc30381263d98d5e3655910d57baa5adf489f28d7f9dad814a721e9c7ba42eed0f6a6249d5e2a1a5645a3d349e7cb15fae73edb677d6b4d2b08b9de7b3357ff7f539cc1c5d1f42c51c20f90887ad38977133ded70ddc21148ed65888338c8de27895e0a2ff0dc2abb09c19a89d89b53f6f107c60537b7424a6d6eb9798ad260850e1666a0df00ae988e2be81ab9ce92ba36379612522f8ef95059aa14b4f6bc4fda26b5a5ac52a3b8485933005b8f2b444d8632ee62a9bde0c2f2902d704d6a7f1c92ca17819488f8818acfa15df9b498f451b6405508f77136930a6be0969617b7492c9a6ed7f5abae62053049d3116412dd5bf20b3ec65ae2e28c686a29ced3cf3b945b34faa65a5cf13795c6a03b6d84ad7fd9c891dd9a3b9119978a41e72907db1186f470bb9dab4cab70191b27aa6b026b049016d358f9adb29cb1f4586c761f77e88f3d286ad833e432dd03e260c581b3c7ab09fa2cfce8752677ec6e3de03028ab50dd06dec7abf552174be19c45586195a9f4affc2cd6706cb54e4c093a0216b42073a1dbb4bb5b5a3e25115cb814b4ba8b56ddf9c7b6da5ec508792b299668260b50c2a9ad80f1807b8396ed540a9defcc3a5e69f888964b064191a5c6066eece19fe4e1cb9e57f1b92339bac8f50c229ff9cf6c4d708342238547b5c4ed2687d27d9b3088e6886ac3226ce920e415eeee6ea3af52b342671f51f88349e8d0cf15abd934b32c91f70ac8600b70e8e55a15117a0f03b18fc12c5cadcf872b8f243bcdb6217e5966ec2ddede226e0e0eaa12673ea6bdfa0696b4c33d84a9382d0f76599bd400b8e046c550353e72d676f44b61d338620451dd31ae80a66347a7f15f81ec60860dbef0d0d2cbb6dd0807218629f2adffb173b094061bd74269f6c0c0c44af5a0001f5838cb483347156a93206d9faa9593368eb23da565f87ada85aeb8a7a009573f54324f7f8c68170645e91c99b00f3503294959aa204b5e398eccf6f6682a92116ee65a3882ad8d0ba5a424e9525084", 0x1000, 0xfffffffffffffffe) keyctl$assume_authority(0x10, r4) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000200)={r3, 0x7fff, 0x0, 0x8, 0x1, 0xb2}, &(0x7f0000000240)=0x14) 07:38:47 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x11) write$tun(r0, &(0x7f0000000480)=ANY=[@ANYPTR64, @ANYRES64=r0, @ANYRESOCT, @ANYRESHEX=r0, @ANYBLOB="b530a20fc6b911670fbc0dc5dde2bd3faf2bbe891d4be4906ac774fbbd51b84ce2f6b6c4e459814d9bcdc9b86fa67350db25ba39a84d9f9a5f3e6a0b5a93f5e52827ebc57c8e80557956603328c6a7fcbc84b7a6acc198249413b7d3981caae77c82d5615210cee4bb8d7a7d512eff1cd0b4e94e989ec13e64d3c141cc9fc0af0ac437d63c069454ab6ec6420bb8a1551188c47f2be5ca1eedfc320a41a116955c52b111ed237bcbc0b9e6786557c884339700003859816a0b913c860ddf28be19e663a391b00c64120672a91e", @ANYPTR64=&(0x7f0000000380)=ANY=[@ANYPTR64=&(0x7f0000000280)=ANY=[@ANYPTR64, @ANYPTR, @ANYBLOB="9197604c0d76a792e0144a4927aec268361b5d1c99bde503fd73f3f3e9d4a903b9ceba76dcd46a0ffdb3e04eb41ee6b43eac095b0e5d133cb9d80d2281ab2682a34805a4458119c584528e7b0ffe31592f1e8c9e71445742cfc35ae8535b2accabf82b304be21472f192d6b081cb1b650844b0a22f73a9d99887330062ea5e5b41a4782bf28d4fcab3a347601901e0c0ac52e6196cff71ce41f6db7c6c944a0a9cd5b30b719628d55ebe8369d47dbacac8e73bf24eae696424f7b70e3d92d300", @ANYRESOCT=r0], @ANYRES64=r0, @ANYRESOCT, @ANYRESOCT=r0, @ANYRESDEC=r0, @ANYRESDEC=r0], @ANYRES16=r0, @ANYRES16=r0], 0x8) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000200)="2f98e03461efb70ad595b97e517c915b08f8ee5ddf3143e00d34c36a503941937acaa8cf7d740900f524295a0f987f3689c1e42d02467a5cb34976688644431207c1b51932d3033a0205c2d3e18e6043bc9629f61d27707b6fa4822f46ce9445aec94d26fbf54f2d42cec117bd5f", 0x6e, 0xfffffffffffffffc) keyctl$invalidate(0x15, r1) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 07:38:47 executing program 0: io_setup(0x6, &(0x7f0000000040)=0x0) io_getevents(r0, 0x2, 0x8f, &(0x7f0000d83f60)=[{}, {}], &(0x7f00005cfff0)={0x4000000000001, 0x7}) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x0, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4068aea3, &(0x7f0000000080)={0x7b, 0x0, [0x8, 0xf0, 0x0, 0xc97]}) io_destroy(r0) io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x5d74aa28, r1, &(0x7f0000000100)="f3e5ed50d2aadaf0a3a5c1080c098281", 0x10, 0x3, 0x0, 0x1, r1}]) [ 677.823902] RBP: 000000000072bff0 R08: 0000000000000000 R09: 0000000000000000 [ 677.831153] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 677.838410] R13: 00000000004c2d5c R14: 00000000004d4da0 R15: 0000000000000002 [ 677.886211] binder: 11796:11797 unknown command 0 [ 677.895135] binder: 11796:11797 ioctl c0306201 20000080 returned -22 07:38:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(ctr(serpent),md5-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="d179f20600000000001c14b1048c5b1bd2e7fcd330451c64b8614fcff9671a5cf54ab025", 0x24) r1 = accept$alg(r0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/packet\x00') ioctl$VT_OPENQRY(r2, 0x5600, &(0x7f0000000180)) accept$alg(r2, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001880)="2ef99f8baf76f54e8b1c8677f925731e", 0x10}], 0x1, &(0x7f0000000200)}, 0x0) recvmmsg(r1, &(0x7f00000028c0)=[{{&(0x7f0000000080)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000018c0)=""/4096, 0x1000}}, {{&(0x7f0000001580)=@sco, 0x80, &(0x7f0000001700)=[{&(0x7f0000001680)=""/91, 0x5b}], 0x1, &(0x7f0000001740)=""/150, 0x96}}], 0x2, 0x0, &(0x7f0000001800)={0x77359400}) 07:38:47 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x4000000000000087) connect$inet6(r0, &(0x7f0000000200)={0xa}, 0x1c) io_setup(0x101, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000356ff0)=[&(0x7f0000928fc0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000001ec0)="5ba81c8b", 0x4}]) getcwd(&(0x7f0000000100)=""/227, 0xe3) r2 = request_key(&(0x7f00000003c0)='cifs.idmap\x00', &(0x7f0000000400)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000440)='user\x00', 0xfffffffffffffffa) r3 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000480)="49000800003ca3c47f718036ee4ec2fd6ff381c39cfe17a2f7944c629d59e90502d4b20e20b99585526f826c3e2518aa73b6e24f53062c0e180200df0616a42e92810d4b3e120000000071f5e47004639b8493ff82a45dda598a292a89157586e9ddc15b843589", 0x67, r2) r4 = add_key(&(0x7f0000000340)='.dead\x00', &(0x7f0000000380)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$instantiate_iov(0x14, r3, &(0x7f0000000300)=[{&(0x7f0000000080)="2fab390911006b4e29fd31f6cbb33b4d2553f90014c54b024212a0b1491da038bd8ea30aa3b07e55f3438d3a6c66e9c9", 0x30}, {&(0x7f00000002c0)="454fafecc54a9ea0d7e9582aba59143056bc20868b", 0x15}], 0x2, r4) getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f0000000240)={@remote, 0x0}, &(0x7f0000000280)=0x14) r6 = memfd_create(&(0x7f00000006c0)='cifs.idmap\x00', 0x3) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r6, 0x84, 0x15, &(0x7f0000000700)={0xfffffffffffffff8}, 0x1) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000900)=0x3, 0x4) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@multicast1=0xe0000001, @in=@multicast1=0xe0000001, 0x4e24, 0x100000000, 0x4e22, 0x395, 0x2, 0x20, 0xa0, 0x89, r5, r7}, {0x7fff, 0xcfa, 0x80000001, 0x1000, 0x9, 0x0, 0xd60, 0x8}, {0x8, 0x1, 0x1, 0x2}, 0x81, 0x6e6bb1, 0x2, 0x0, 0x1, 0x3}, {{@in=@rand_addr=0x7fff, 0x4d5, 0x33}, 0xa, @in=@broadcast=0xffffffff, 0x0, 0x4, 0x0, 0x4, 0x1, 0x8, 0x1000}}, 0xe8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000740)={0x0, @in6={{0xa, 0x4e21, 0x4, @mcast1={0xff, 0x1, [], 0x1}}}, [0x80000000, 0x1, 0x0, 0xd984, 0x4, 0x2, 0x200, 0x0, 0x3, 0x7f, 0xdf, 0x8, 0xff, 0x4, 0x8]}, &(0x7f0000000840)=0x100) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000880)={r8, 0xfffffffffffffffd, 0x7fff}, &(0x7f00000008c0)=0x8) 07:38:47 executing program 6: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000580)="5b00c4c565ea39ebe1c5eef390ab2aee403f7686cfaa9f9e270beda75ded57721001f9dbee40ad44065c600d2e7c77c20787810e4e98138bd150acaeef13255d74e88fbff8a3033323e357331b4795622188442ce4de6506c5676cf852510260b96db6a43cfc072180c10de9c397d6f97e1d007d8323f67cdf2d2bb12f919ead1a9de2a08252b92075c60a29d275434cfface34884175656f663cc3eb16757eca0f1bc1989f1284124a5b8608797032800085fcae50c20a6bc8df8ad6d001bdd3a8a2b531bb70085929cd3b7e0d07a23e2d6d99f08d01940da946e4dd873e3546734aed949c0c0c4a054ee6eca12cb9fb1743fa94dd656be9f2830aa4135b2e95e29c4f31919002e9d7fa9fe890a626a6d372e69a7b6f126ce4f2afa810a6d7d1059f10ab710e81248abe93db064d8ab9389b10e48f68efba680a4c6c927a8f1be442f5e79b67bb6b8d50001d2a4cb250fe93e2b4a7ac6a3a9000000000000000000000000", 0x2) vmsplice(r0, &(0x7f0000000540)=[{&(0x7f0000000440), 0x246}], 0x256, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) setsockopt$packet_buf(r0, 0x107, 0x0, &(0x7f0000000100)="d2751c78b9dd99e6bb76eaf68313b4a1dc1d7b70b0de7a861ca3054de2c543a52a908fbcbdc1e309e682af02f5720b2210a4d095d8c4b1729d1a7224d2183c1eee1bd0339f6778d34635773368283d155f3e67247fd14530dcbd4f8cc59d99d526ac4a60eef6b06fb75bab2e0df3cdcf907d135337220e0bb597436988685503d0e6aafc5e6e679668ac927cf5c6ffa79551466ac7ef88fa55eb8f72cd6bde4a17f2ebcf61b512d4683edcd00ba7c3438fccdef343364383ae00c8db3d294a30307f93f417ef7fdd6ee9d3f16d0227cc6e80576835ac36b580435a68a9bfef98625a023cf61670b04acbe1d66babe45d70ad4ad07c", 0xf5) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r1, 0x1000000000016) 07:38:47 executing program 5: mincore(&(0x7f0000124000/0x2000)=nil, 0x6e1d618312435888, &(0x7f0000d6e000)=""/34) socketpair(0x1f, 0x80b, 0x7, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$EVIOCGUNIQ(r0, 0x80404508, &(0x7f0000000040)=""/17) 07:38:47 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000080)="295ee1311f16f477671070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00004c0000)={0xa, 0x3, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c) listen(r1, 0x43) r2 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) sendto$inet6(r2, &(0x7f0000847fff)='_', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x3, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0x6, 0x0, 0x0, 0x6, 0x40000000000000}, 0x14) 07:38:47 executing program 3: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x100, 0x0) ioctl$VT_ACTIVATE(r0, 0x5606, 0x6) r1 = socket$inet6(0xa, 0xfffffffffffe, 0x7) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syslog(0x9, 0x0, 0x0) [ 677.940042] binder: BINDER_SET_CONTEXT_MGR already set [ 677.956839] binder: 11796:11821 unknown command 0 [ 677.963820] binder: 11796:11821 ioctl c0306201 20000080 returned -22 [ 677.966121] binder: 11796:11797 ioctl 40046207 0 returned -16 07:38:48 executing program 5: syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x0, 0x200) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f0000000140)=""/97) r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) clone(0x200, &(0x7f0000000180), &(0x7f0000000040), &(0x7f0000000000), &(0x7f0000001900)) mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000600)='./file0\x00', &(0x7f0000000400), &(0x7f0000000500)) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000001c0)={0x54, 0x4, 0x5, {0x0, 0x4}, {0x1000, 0x1ff}, @rumble={0x4, 0x9}}) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mbind(&(0x7f0000289000/0x400000)=nil, 0x400000, 0x0, &(0x7f0000000540), 0x1, 0x2) 07:38:48 executing program 6: r0 = socket$inet6(0xa, 0x3, 0x1) ioctl(r0, 0x1000000000008912, &(0x7f0000000340)="025cc83d6d345f8f76207075d9f31d5abd9426af626d7c9e71e9af738087a1ccf0612d34c051b00302000000b0e292db93ae7d14c4b2fa52c51e14feccd4970bf5") r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x601, 0x0) acct(&(0x7f0000000240)='./file0\x00') write$sndseq(r1, &(0x7f0000000140)=[{0x2, 0xbb22, 0x10000, 0x4, @tick, {0x2, 0xd6}, {0x1f, 0x98f1}, @addr={0x2, 0x100}}, {0x4, 0x401, 0xffffffffffffff0d, 0xc7d, @tick=0x8, {0x8000, 0xffffffff}, {0x4a6, 0x6}, @raw8={"b49a9754ea0c8223e7647bdd"}}, {0x19df, 0xe7b, 0xff800000, 0x80, @tick=0x40, {0x95e3, 0x3}, {0x7, 0x3ff}, @quote={{0x3}, 0x2, &(0x7f0000000100)={0x6, 0xfa56, 0xe1, 0xcb9, @tick=0x5, {0x0, 0x5}, {0x4}, @result={0x4, 0x7ff}}}}], 0x90) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000040)="580000001400192340834b80040d8c5602062200010400004001000000005800004824ca944f64009400050028825a003b5fbe907902008000f0fffefffffe03edf8fef5dd00000010000100000c0900fcff4d00040e05a5", 0x58}], 0x1) msgget(0x0, 0x3) [ 678.899922] FAULT_FLAG_ALLOW_RETRY missing 30 [ 678.904556] CPU: 1 PID: 11813 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 678.913036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.922380] Call Trace: [ 678.924967] dump_stack+0x1c9/0x2b4 [ 678.928578] ? dump_stack_print_info.cold.2+0x52/0x52 [ 678.933751] ? kasan_check_write+0x14/0x20 [ 678.937984] ? do_raw_spin_lock+0xc1/0x200 [ 678.942214] handle_userfault.cold.33+0x47/0x62 [ 678.946894] ? userfaultfd_ioctl+0x5430/0x5430 [ 678.951474] ? trace_hardirqs_on+0x10/0x10 [ 678.955692] ? lock_release+0xa30/0xa30 [ 678.959663] ? task_numa_work+0xf00/0xf00 [ 678.963808] ? cpu_load_update+0x380/0x380 [ 678.968040] ? userfaultfd_ctx_put+0x810/0x810 [ 678.972604] ? reweight_entity+0x7ed/0x1100 [ 678.976910] ? zap_class+0x740/0x740 [ 678.980616] ? trace_hardirqs_on+0x10/0x10 [ 678.984837] ? task_fork_fair+0x680/0x680 [ 678.988967] ? reweight_entity+0x1100/0x1100 [ 678.993358] ? zap_class+0x740/0x740 [ 678.997055] ? trace_hardirqs_on+0x10/0x10 [ 679.001282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.006825] ? lock_acquire+0x1e4/0x540 [ 679.010782] ? __handle_mm_fault+0x3a38/0x44a0 [ 679.015345] ? lock_downgrade+0x8f0/0x8f0 [ 679.019492] ? kasan_check_read+0x11/0x20 [ 679.023620] ? do_raw_spin_unlock+0xa7/0x2f0 [ 679.028021] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 679.032585] ? kasan_check_write+0x14/0x20 [ 679.036798] ? do_raw_spin_lock+0xc1/0x200 [ 679.041015] __handle_mm_fault+0x3a45/0x44a0 [ 679.045419] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 679.050254] ? kasan_check_read+0x11/0x20 [ 679.054393] ? lock_acquire+0x1e4/0x540 [ 679.058347] ? handle_mm_fault+0x417/0xc80 [ 679.062560] ? lock_downgrade+0x8f0/0x8f0 [ 679.066686] ? lock_release+0xa30/0xa30 [ 679.070641] ? rcu_note_context_switch+0x730/0x730 [ 679.075549] ? mem_cgroup_from_task+0xcb/0x1f0 [ 679.080112] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 679.084853] handle_mm_fault+0x53e/0xc80 [ 679.088898] ? __handle_mm_fault+0x44a0/0x44a0 [ 679.093458] ? find_vma+0x34/0x190 [ 679.096988] __do_page_fault+0x620/0xe50 [ 679.101030] ? mm_fault_error+0x380/0x380 [ 679.105169] do_page_fault+0xf6/0x8c0 [ 679.109039] ? vmalloc_sync_all+0x30/0x30 [ 679.113182] ? lock_acquire+0x1e4/0x540 [ 679.117138] ? __might_fault+0x12b/0x1e0 [ 679.121190] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 679.126371] page_fault+0x1e/0x30 [ 679.129818] RIP: 0010:__get_user_4+0x21/0x30 [ 679.134199] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 679.153762] RSP: 0018:ffff8801bfb37538 EFLAGS: 00010202 [ 679.159107] RAX: 0000000020013e98 RBX: 1ffff10037f66eae RCX: ffffc90005630000 [ 679.166371] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 679.173619] RBP: ffff8801bfb37cb8 R08: 1ffff10037f66e84 R09: ffff8801bfb37260 [ 679.180870] R10: ffffed003afa1eb1 R11: ffff8801d7d0f58b R12: ffff8801d7d0f500 [ 679.188132] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 679.195401] ? __might_fault+0x1a3/0x1e0 [ 679.199446] ? sctp_setsockopt+0x1e13/0x6db0 [ 679.203835] ? get_futex_value_locked+0xcb/0xf0 [ 679.208487] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 679.214191] ? trace_hardirqs_on+0x10/0x10 [ 679.218409] ? futex_wake+0x760/0x760 [ 679.222197] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 679.227372] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 679.232897] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 679.237988] ? futex_wait+0x5d2/0xa20 [ 679.241773] ? perf_trace_lock+0xde/0x920 [ 679.245903] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 679.251074] ? zap_class+0x740/0x740 [ 679.254770] ? futex_wake+0x304/0x760 [ 679.258556] ? percpu_ref_put_many+0x119/0x240 [ 679.263132] ? lock_downgrade+0x8f0/0x8f0 [ 679.267267] ? lock_acquire+0x1e4/0x540 [ 679.271222] ? __fget+0x4ac/0x740 [ 679.274667] ? lock_downgrade+0x8f0/0x8f0 [ 679.278795] ? lock_release+0xa30/0xa30 [ 679.282749] ? lockdep_init_map+0x9/0x10 [ 679.286790] ? exit_robust_list+0x290/0x290 [ 679.291089] ? __mutex_init+0x1f7/0x290 [ 679.295047] ? __ia32_sys_membarrier+0x150/0x150 [ 679.299781] ? kasan_unpoison_shadow+0x35/0x50 [ 679.304345] ? __fget+0x4d5/0x740 [ 679.307780] ? ksys_dup3+0x690/0x690 [ 679.311473] ? lock_acquire+0x1e4/0x540 [ 679.315424] ? __fd_install+0x2b2/0x880 [ 679.319377] ? lock_downgrade+0x8f0/0x8f0 [ 679.323503] ? select_collect+0x610/0x610 [ 679.327630] ? lock_release+0xa30/0xa30 [ 679.331589] ? __fget_light+0x2f7/0x440 [ 679.335544] ? fget_raw+0x20/0x20 [ 679.338987] ? get_unused_fd_flags+0x1a0/0x1a0 [ 679.343566] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 679.349091] ? alloc_file_pseudo+0x281/0x3f0 [ 679.353493] ? alloc_file+0x430/0x430 [ 679.357278] sock_common_setsockopt+0x9a/0xe0 [ 679.361768] __sys_setsockopt+0x1c5/0x3b0 [ 679.366246] ? kernel_accept+0x310/0x310 [ 679.370300] ? do_futex+0x27d0/0x27d0 [ 679.374084] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 679.379602] ? fput+0x130/0x1a0 [ 679.382866] __x64_sys_setsockopt+0xbe/0x150 [ 679.387257] do_syscall_64+0x1b9/0x820 [ 679.391128] ? finish_task_switch+0x1d3/0x870 [ 679.395609] ? syscall_return_slowpath+0x5e0/0x5e0 [ 679.400518] ? syscall_return_slowpath+0x31d/0x5e0 [ 679.405441] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 679.410456] ? prepare_exit_to_usermode+0x291/0x3b0 [ 679.415457] ? perf_trace_sys_enter+0xb10/0xb10 [ 679.420109] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 679.424947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.430120] RIP: 0033:0x455ab9 [ 679.433284] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 679.452408] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 679.460100] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 679.467350] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 679.474598] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 679.481850] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 679.489105] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:49 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x10000, 0x0) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000280)) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = getpid() sched_setattr(r5, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r4, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x2630440, &(0x7f0000000400)}) 07:38:49 executing program 4: r0 = socket(0xa, 0x1, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = dup3(r0, r0, 0x80000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000140)={0x4, 0x80000001, 0x80000000}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r4 = add_key(&(0x7f0000000080)='.dead\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_persistent(0x16, r3, r4) setresuid(0x0, r3, 0x0) ioctl$sock_ifreq(r0, 0x89f9, &(0x7f0000000000)={"73697430000080000000000000000002", @ifru_map}) r5 = memfd_create(&(0x7f0000000040)="73697430000080000000000000000002", 0x3) ioctl$EVIOCSABS0(r5, 0x401845c0, &(0x7f0000000200)={0x9, 0xfffffffffffffbff, 0x2a57ce7c, 0xffffffffffff0000, 0x9, 0x1}) ioctl$PPPIOCGCHAN(r5, 0x80047437, &(0x7f0000000100)) 07:38:49 executing program 6: mkdir(&(0x7f0000000100)='./file0\x00', 0x3) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, &(0x7f00000007c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='mountinfo\x00') ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000000)={0x9, 0x40000bb3, &(0x7f00000001c0)="3a22c86a22ec0e3563b20950e2babc907880521b757d4eb157b1630cec95a6dbf67419203718801dfd6f4b1516c220e4f33b977fab3297358d21d34bd72fedb815f6ad5892f5c65a729f71cf95dcd68aa36099b1e642bd33eed19eee826eabc5e8ba208b7cfdcb900d812555ee4c0dc428d75d58c248368699bf8e8bd4c99c88281474cdf56e285f9faa7bc4d22220813c7131b3906e72321184f98c560e", &(0x7f0000000380)="1222bb49dceb5b714d88799022efc6ac4c0eb8926dde7ba64440ff6a37019c797f9897ffa37fd6f59e6dcf3242bc821e7856f85fa4a0df63ace62e9f4a122055d85f1bf1ce207d32476e2a025140a0549a4263463ef8cd85f0dcefa7a4017e84f8f3bf6e549e645c097e30bcebc52003cee38933d30e3ae48eef45d26f7161f438c695df5157d4e7320a9859576f0547430f", 0x9e, 0x92}) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000000080)={0x77359400}, &(0x7f0000000280), 0x8) mount(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000500)='efivarfs\x00', 0x22, &(0x7f0000000140)) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000540)={0x6, &(0x7f0000000340)=[{0x667, 0x3, 0xff}, {0x8, 0x9, 0x7, 0xfffffffffffffff8}, {0x3ff, 0x3ff, 0x7, 0x10001}, {0x0, 0x6, 0xffffffff, 0x8}, {0x5a6, 0x0, 0x0, 0x7}, {0x2, 0x2b523e5c, 0x267f, 0x8}]}, 0x10) io_setup(0x0, &(0x7f0000000140)=0x0) io_getevents(r1, 0x39ca, 0x6, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}], 0x0) 07:38:49 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025cc80a2b345f8f762070") sendmsg$netlink(0xffffffffffffffff, &(0x7f000005cfe4)={&(0x7f000003fff4)=@proc={0x10}, 0xc, &(0x7f000002dfe0)=[{&(0x7f000005c000)={0x10, 0x1b}, 0x10}], 0x1}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$int_out(r1, 0x1, &(0x7f0000000040)) 07:38:49 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00003dd000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000000)=""/246) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f00000002c0)={'broute\x00', 0x0, 0x3, 0xd3, [], 0x1, &(0x7f0000000100)=[{}], &(0x7f00000001c0)=""/211}, &(0x7f0000000140)=0x78) openat$ppp(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ppp\x00', 0x400000, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) dup2(r1, r0) 07:38:49 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000440)={'vlan0\x00', 0xd803}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f00000001c0)=0xfffffffffffffffe) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000480)=""/117, 0x75}], 0x1) r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0xfff, 0x22100) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000200)='fou\x00') sendmsg$FOU_CMD_GET(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, r3, 0x0, 0x70bd25, 0x25dfdbfc, {0x3}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x4}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x2f}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x20040040) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8, 0x1b}]}, 0x28}, 0x1}, 0x0) 07:38:49 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr-camellia-aesni-avx2)\x00'}, 0x58) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x412040, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000040)) close(r0) 07:38:49 executing program 3: r0 = memfd_create(&(0x7f0000000040)='trustedvboxnet0\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x8000000000102) r2 = dup2(r0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f000030c000)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000044000)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$sndseq(r0, &(0x7f0000e6ffd0)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x30) [ 679.674035] binder: 11874:11875 unknown command 0 [ 679.688186] binder: 11874:11875 ioctl c0306201 20000080 returned -22 [ 679.695610] binder: BINDER_SET_CONTEXT_MGR already set [ 679.706257] binder: 11874:11875 ioctl 40046207 0 returned -16 07:38:49 executing program 4: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$int_out(r0, 0xc0884123, &(0x7f00000000c0)) 07:38:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xffffff7f, &(0x7f0000000400)}) [ 679.725094] binder: 11874:11890 unknown command 0 [ 679.739587] binder: 11874:11875 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 679.750841] binder: 11874:11890 ioctl c0306201 20000080 returned -22 07:38:49 executing program 0: r0 = socket(0xf, 0x4000000080801, 0x154) socketpair(0x3, 0x7, 0x401, &(0x7f0000000200)={0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000002c0)={0xffffffffffffffff}, 0x112, 0x18}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r1, &(0x7f0000000240)={0xb, 0x10, 0xfa00, {&(0x7f0000000140), r2, 0x10000}}, 0x18) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e1f, @multicast2=0xe0000002}, 0x10) sendto$inet(r0, &(0x7f0000000000)="ba", 0x1, 0x0, &(0x7f000069affb)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/40, 0xffbb, 0x0, 0x0, 0x164) 07:38:49 executing program 4: prctl$setmm(0x23, 0x8, &(0x7f0000ffc000/0x2000)=nil) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x103000, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f0000000040)={0xaca3, 0x10000, 0x5, 0x400}) prctl$setmm(0x23, 0x9, &(0x7f0000ffc000/0x2000)=nil) 07:38:49 executing program 3: r0 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x0) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{0x5, 0x2, 0x1, 0x4}, {0x7, 0x8, 0x987, 0xfffffffffffffa5c}]}, 0x10) r1 = socket(0xa, 0x2, 0x0) socketpair$inet(0x2, 0x80006, 0x3, &(0x7f00000000c0)) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x64, 0x0, 0x0, 0x1}, {0x6}]}, 0x10) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000000)={0x6, 0xa5, 0x853, 0x7}, 0x8) mq_getsetattr(r0, &(0x7f00000001c0)={0xffffffffffffffc0, 0x3f, 0x7fffffff, 0x4, 0x8001, 0x7ff, 0xff, 0x3}, &(0x7f0000000200)) 07:38:49 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x9, &(0x7f0000000140)="02ffffffffffffffff5cb1330c337e3cd4b171b74bfc25f2708e6be9fb45fc77e73b89c16bfb0e054c5d8553c6d490693cea6ba59a7e990371283266eb985fc03cd31ea249457a9ad6755fe0e818640ad7a8b6985b9f789e54321c8750a3ab1efef4dc706898a77e5b01199140997990aa2f3e7dfad891d9e355c73e42e451a7a8a05ca6cb1cd4f670e741ab0a9814d366ec8cb7b5e9643eab4e52bb02fe6b05c5af93e2e57cc438769435699d9b7a67414c6b3b6cfe29f9c446755e759e6936f8183cd44cb221a50ff64cb48dc0a5919a832326cec768b70500a810a26e84a090168305ea31af961227f6c531c700000000000000") syz_mount_image$xfs(&(0x7f0000001380)='xfs\x00', &(0x7f00000013c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001ac0), 0x0, &(0x7f0000001bc0)={[{@swidth={'swidth', 0x3d, 0x8}, 0x2c}, {@sunit={'sunit', 0x3d, 0x1}, 0x2c}]}) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x4, 0x40) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x8) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r1, 0x3) 07:38:49 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x9, &(0x7f00000000c0)="125ec835d2a85f8f76754a42525fbec98dd614811cb3e336e22070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x9}, 0x1c) sendmmsg(r1, &(0x7f00000002c0), 0x4cc, 0x20007ffc) [ 679.834402] binder: 11908:11910 unknown command 0 [ 679.839529] binder: 11908:11910 ioctl c0306201 20000080 returned -22 [ 679.855461] binder: BINDER_SET_CONTEXT_MGR already set [ 679.870206] binder: 11908:11910 ioctl 40046207 0 returned -16 [ 679.877790] binder: 11908:11920 unknown command 0 [ 679.886440] binder: 11908:11910 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 679.897500] binder: 11908:11920 ioctl c0306201 20000080 returned -22 [ 679.924048] XFS (loop5): Invalid superblock magic number [ 679.972434] XFS (loop5): Invalid superblock magic number [ 680.481640] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 680.488939] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 680.497281] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 680.507652] device team_slave_0 left promiscuous mode [ 680.513743] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 680.522075] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 680.673676] FAULT_FLAG_ALLOW_RETRY missing 30 [ 680.678265] CPU: 1 PID: 11889 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 680.686747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 680.696099] Call Trace: [ 680.698687] dump_stack+0x1c9/0x2b4 [ 680.702301] ? dump_stack_print_info.cold.2+0x52/0x52 [ 680.707480] ? rb_erase+0x3550/0x3550 [ 680.711280] handle_userfault.cold.33+0x47/0x62 [ 680.715936] ? plist_check_list+0x7e/0xa0 [ 680.720067] ? plist_check_list+0xa0/0xa0 [ 680.724206] ? lock_acquire+0x1e4/0x540 [ 680.728177] ? userfaultfd_ioctl+0x5430/0x5430 [ 680.732765] ? trace_hardirqs_on+0x10/0x10 [ 680.737001] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 680.742365] ? plist_del+0x4a1/0x9d0 [ 680.746081] ? perf_event_update_userpage+0xd30/0xd30 [ 680.751273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.756802] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 680.761981] ? cgroup_rstat_updated+0xe6/0x470 [ 680.766587] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 680.770985] ? update_curr+0x200/0xc00 [ 680.774854] ? trace_hardirqs_on+0x10/0x10 [ 680.779096] ? trace_hardirqs_on+0x10/0x10 [ 680.783316] ? kasan_check_read+0x11/0x20 [ 680.787446] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 680.792012] ? compat_start_thread+0x80/0x80 [ 680.796417] ? lock_acquire+0x1e4/0x540 [ 680.800379] ? __handle_mm_fault+0x3a38/0x44a0 [ 680.805555] ? lock_downgrade+0x8f0/0x8f0 [ 680.809691] ? kasan_check_read+0x11/0x20 [ 680.813832] ? do_raw_spin_unlock+0xa7/0x2f0 [ 680.818224] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 680.822801] ? kasan_check_write+0x14/0x20 [ 680.827018] ? do_raw_spin_lock+0xc1/0x200 [ 680.831240] __handle_mm_fault+0x3a45/0x44a0 [ 680.835634] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 680.840471] ? __sched_text_start+0x8/0x8 [ 680.844604] ? reweight_entity+0x7ed/0x1100 [ 680.848905] ? lock_release+0xa30/0xa30 [ 680.852864] ? lock_acquire+0x1e4/0x540 [ 680.856820] ? handle_mm_fault+0x417/0xc80 [ 680.861050] ? lock_downgrade+0x8f0/0x8f0 [ 680.865181] ? lock_release+0xa30/0xa30 [ 680.869137] ? mem_cgroup_from_task+0xcb/0x1f0 [ 680.873700] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 680.878443] handle_mm_fault+0x53e/0xc80 [ 680.882502] ? __handle_mm_fault+0x44a0/0x44a0 [ 680.887075] ? find_vma+0x34/0x190 [ 680.890602] __do_page_fault+0x620/0xe50 [ 680.894648] ? mm_fault_error+0x380/0x380 [ 680.898793] do_page_fault+0xf6/0x8c0 [ 680.902580] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 680.908011] ? vmalloc_sync_all+0x30/0x30 [ 680.912145] ? lock_acquire+0x1e4/0x540 [ 680.916106] ? __might_fault+0x12b/0x1e0 [ 680.920156] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 680.924986] page_fault+0x1e/0x30 [ 680.928425] RIP: 0010:__get_user_4+0x21/0x30 [ 680.932823] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 680.951993] RSP: 0018:ffff88019b00f538 EFLAGS: 00010202 [ 680.957338] RAX: 0000000020013e98 RBX: 1ffff10033601eae RCX: ffffc90005630000 [ 680.964593] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 680.971843] RBP: ffff88019b00fcb8 R08: 1ffff10033601e84 R09: 0000000000000000 [ 680.979093] R10: ffffed00390145d1 R11: ffff8801c80a2e8b R12: ffff8801c80a2e00 [ 680.986347] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 680.993608] ? __might_fault+0x1a3/0x1e0 [ 680.997657] ? sctp_setsockopt+0x1e13/0x6db0 [ 681.002051] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 681.007755] ? migrate_swap_stop+0x850/0x850 [ 681.012147] ? kasan_check_write+0x14/0x20 [ 681.016380] ? trace_hardirqs_on+0x10/0x10 [ 681.020598] ? __account_cfs_rq_runtime+0x770/0x770 [ 681.025596] ? set_next_entity+0x2dd/0xb00 [ 681.029812] ? trace_hardirqs_on+0x10/0x10 [ 681.034041] ? update_load_avg+0x27d0/0x27d0 [ 681.038429] ? __enqueue_entity+0x10d/0x1f0 [ 681.042734] ? __unqueue_futex+0x2e0/0x2e0 [ 681.046958] ? pick_next_task_fair+0x999/0x16e0 [ 681.051614] ? lock_acquire+0x1e4/0x540 [ 681.055570] ? run_rebalance_domains+0x4c0/0x4c0 [ 681.060310] ? finish_task_switch+0x1d3/0x870 [ 681.064788] ? lock_downgrade+0x8f0/0x8f0 [ 681.068915] ? finish_task_switch+0x18a/0x870 [ 681.073407] ? lock_acquire+0x1e4/0x540 [ 681.077365] ? __fget+0x4ac/0x740 [ 681.080799] ? lock_downgrade+0x8f0/0x8f0 [ 681.084929] ? lock_release+0xa30/0xa30 [ 681.088889] ? trace_hardirqs_on+0xd/0x10 [ 681.093019] ? _raw_spin_unlock_irq+0x27/0x70 [ 681.097494] ? finish_task_switch+0x18a/0x870 [ 681.101972] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 681.107403] ? __fget+0x4d5/0x740 [ 681.110839] ? ksys_dup3+0x690/0x690 [ 681.114534] ? __schedule+0x884/0x1ea0 [ 681.118403] ? __fget+0x4d5/0x740 [ 681.121839] ? ksys_dup3+0x690/0x690 [ 681.125536] ? blkcg_print_stat+0x1420/0x1420 [ 681.130013] ? __fget_light+0x2f7/0x440 [ 681.133971] ? fget_raw+0x20/0x20 [ 681.137406] ? dlci_ioctl_set+0x40/0x40 [ 681.141367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.146886] ? do_vfs_ioctl+0x201/0x1720 [ 681.150929] ? schedule+0xfb/0x450 [ 681.154457] sock_common_setsockopt+0x9a/0xe0 [ 681.158938] __sys_setsockopt+0x1c5/0x3b0 [ 681.163067] ? kernel_accept+0x310/0x310 [ 681.167115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.172639] ? syscall_slow_exit_work+0x500/0x500 [ 681.177461] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 681.182980] __x64_sys_setsockopt+0xbe/0x150 [ 681.187373] do_syscall_64+0x1b9/0x820 [ 681.191243] ? finish_task_switch+0x1d3/0x870 [ 681.195720] ? syscall_return_slowpath+0x5e0/0x5e0 [ 681.200634] ? syscall_return_slowpath+0x31d/0x5e0 [ 681.205546] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 681.210554] ? prepare_exit_to_usermode+0x291/0x3b0 [ 681.215553] ? perf_trace_sys_enter+0xb10/0xb10 [ 681.220205] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 681.225032] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 681.230201] RIP: 0033:0x455ab9 [ 681.233368] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 681.252545] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 681.260244] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 681.267494] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 681.274742] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 681.281994] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 681.289245] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 [ 681.299956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 681.309660] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.316043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 681.323118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 681.333652] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 681.345613] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. 07:38:51 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0xfffffe2c) socket$packet(0x11, 0x3, 0x300) close(r0) write$binfmt_aout(r6, &(0x7f0000000280)={{0x108, 0x5, 0x80000000, 0x1, 0x5c, 0x8001, 0x2a7, 0x72a}, "2a2778c6f884661d21f885e0913bffcd25b7c42e3e7dde2d9630ccfe12c5513832a755a0aed32c92e081f0c66b1d8b835b75a4891c143f1b20022bcb193ee190bfddc6dd69403d195b078851e1d14b640ed629b16e3a6e0dbde3ad318edea74f48cd336f7e8eb4056a4b6c3d86f11ae3c7fee3d2752ea65bb01fb2f58f354df4e20332c872c1d5a9c95cbf0e42d9a3159e69acee7a013851ba", [[]]}, 0x1b9) close(r1) 07:38:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x106, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f0000000140)={0x7, 0x8, 0xfa00, {r3, 0x7}}, 0x10) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) finit_module(r1, &(0x7f0000000040)='/dev/binder#\x00', 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000003c0)}) 07:38:51 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x8802) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000040)=0x10100001d) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000740)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x2000)=nil, 0x2000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) write$binfmt_elf32(r0, &(0x7f0000000780)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0xe7f, 0x100000000, 0x4, 0x8, 0x3, 0x3e, 0x758c, 0xaa, 0x38, 0x5f, 0x368, 0x1, 0x20, 0x2, 0xffffffff, 0x0, 0x43e6}, [{0x6, 0xc43, 0xd27, 0x5, 0x3, 0x7ff, 0x8001, 0x1000000000000000}], "70109852a2fd3c3f18290000c63d86ee80a9cd82ffaf0aa0e78dbb60a562f991fca5206b69c7000229cb145a1700013c199aa1c5508e13e46903961c573687139918f790a732b950b58386f11cb2384e4c075bbc354206ca94af0b16e46f744df486e956bfb63718cd434c90182d37ad057296c9d236cb8a44a117fd169ae5877f4b78d372c9831dfdb0442b6703b7fb63067f762e1edf12caa12a2c5eceb36d8f880da37f6da8c8edb9b3c46a8caeb5f3a7e8aaa397ae4aa77a3fc5b84cde0fd826ae696fe3da8617bafc3e02d3a21c0d7e95c3d14d21f171bcd1353ecd414e0249187305", [[], [], [], [], []]}, 0x63d) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0x2, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x98) getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000140)=0xd) close(r0) 07:38:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x1000000, &(0x7f0000000400)}) 07:38:51 executing program 0: socket$inet6_udplite(0xa, 0x2, 0x88) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) lseek(r0, 0xffffffffffffffff, 0x4) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x1, 0x240) ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f0000000080)) 07:38:51 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2, 0x0) write$binfmt_elf32(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="6649885e3a476439fb4043cd877fded7439f57025f56a045aa0605613de2ea57aef1d1074f65203f021c646504775a3338eccb3fd2bfbde6d5105079cd303d1da5b9f2783d86e6774aa7f65889fcfff6c9004d37adf93388fb7d1a65eafa6b612a604670b052be711a3c5e0a53e5cb30983d156032249c3b3724cbee0efd6d6f0b6480a9f8b11bdc5455f2a35e99d5acaf2200662c80cb657bf7c77bcc0854319c5a9f11311acd9822ff4309488da6e0229ca54c"], 0x1) mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x1013, r1, 0x0) ioctl$int_in(r1, 0x80000000005008, &(0x7f00000004c0)) 07:38:51 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x4, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c) accept$inet6(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, @remote}, &(0x7f0000000240)=0x1c) fstat(r0, &(0x7f0000000040)) syz_emit_ethernet(0x3e, &(0x7f0000000100)=ANY=[@ANYBLOB="aa2caaaaaaaa0180c200000086dd6006f5260008110000060000000000c0e349eaaf8f718b93bbd444220c9518f1206fd0da5a729cf192c808568ff3ce1d00000001280696a800ff020000000000fbffffffff335f094279c6918199313e96b940eb994263bcd9c844e70e98234d982078f8358bedaced51d3fada62f6db1ba4417b11bc4607d1857d5e5329f3b8cf02d1fa55f372b5310c1a0317910904ce520f3bb625ef58fd934c97cbc084a01881716ca8bf7d7663adc9eb22eed822f6cb52cc864c1ac36b4aaa94afe236f281ac4699a3413d2c"], &(0x7f0000775000)) 07:38:51 executing program 7: r0 = signalfd(0xffffffffffffffff, &(0x7f00000011c0)={0xfffffffffffffffe}, 0x8) r1 = dup(r0) r2 = gettid() syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x15095cbf404a792e) readv(r1, &(0x7f0000000040)=[{&(0x7f0000000080)=""/4096, 0x6a8}], 0x1) tkill(r2, 0x16) 07:38:51 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rpc\x00') bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfc, 0x40082004}, 0xc) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)=0x3, 0x4) 07:38:51 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/if_inet6\x00') r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8915, &(0x7f00000001c0)="2070000000f25300883b006f00") clone(0x0, &(0x7f0000000180), &(0x7f0000000000), &(0x7f00000002c0), &(0x7f0000000300)) fstatfs(r0, &(0x7f00000006c0)=""/78) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x117, 0x1005}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000140)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x2, @empty, 0x5}, {0xa, 0x4e24, 0x40, @mcast1={0xff, 0x1, [], 0x1}, 0x80}, r2, 0xdc60}}, 0x48) [ 681.564497] binder: 11979:11981 unknown command 0 [ 681.569665] binder: BINDER_SET_CONTEXT_MGR already set [ 681.573024] binder: 11979:11981 ioctl c0306201 20000080 returned -22 [ 681.578782] binder: 11980:11982 ioctl 40046207 0 returned -16 07:38:51 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x8, 0x20000) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000000500)=""/186) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000100)={r1, 0x0, 0xffff, 0x5, 0x100000001}) r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgid(0x0) perf_event_open(&(0x7f00000003c0)={0x3, 0x70, 0x7, 0xf89, 0xffffffffffffd00a, 0x200005, 0x0, 0x5, 0x27, 0x2, 0x8001, 0x8, 0x1, 0x4, 0x6, 0x1, 0x3f, 0xfffffffffffffffb, 0x8, 0x9, 0x3f, 0x0, 0xe7, 0x7, 0x9, 0x0, 0x0, 0x5, 0xffffffffffff7fff, 0x4, 0x7fff, 0x101, 0x5, 0x0, 0x3f, 0x724, 0x9, 0x0, 0x0, 0x100000000, 0x7, @perf_config_ext={0x0, 0x64c0}, 0x15180, 0x4, 0x1f, 0x6, 0x2, 0x6, 0xfffffffffffffff8}, r3, 0xe, r2, 0x2) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x8801, 0x0) 07:38:51 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$l2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2=0xe0000002}, 0x4}}, 0x2e) connect$l2tp(r1, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @rand_addr}, 0x4, 0x1}}, 0x2e) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x2, 0x0) ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000100)={{&(0x7f0000e33000/0x1000)=nil, 0x1000}, 0x1}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2, 0x32, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x10000, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000140)={r0}) ioctl$PPPIOCGL2TPSTATS(r1, 0x8922, &(0x7f0000000180)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000180)=0xc) [ 681.618699] binder: 11980:11982 BC_REQUEST_DEATH_NOTIFICATION death notification already set [ 681.628693] binder: BINDER_SET_CONTEXT_MGR already set [ 681.634274] binder: BINDER_SET_CONTEXT_MGR already set [ 681.640009] binder: 11980:11982 ioctl 40046207 0 returned -16 [ 681.653313] binder: 11979:11981 ioctl 40046207 0 returned -16 [ 681.663791] binder: 11979:12002 unknown command 0 07:38:51 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)="637075616363742e75736167655f73797377356984d3e3398f84f881203f8ae2269522682b50991414000b263bb7fd77", 0x0, 0x0) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000280)=@req3={0x10001, 0xbba, 0x4, 0x5, 0x9, 0x800, 0x7}, 0x1c) read(r1, &(0x7f0000001140)=""/20, 0x5) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@local, @in=@multicast2}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f0000000000)=0xe8) readv(r0, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/203, 0xcb}, {&(0x7f00000003c0)=""/192, 0xc0}], 0x2) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) r3 = open(&(0x7f000000cff8)='./file0\x00', 0x80040, 0x0) perf_event_open(&(0x7f00000007c0)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x1) openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000340)={0x206, &(0x7f0000000300)=[{0x40, 0x81, 0xe864, 0x5}, {0xfffffffffffff804, 0x0, 0xdb, 0x8000}, {0x8, 0x10001, 0x100000001, 0xfffffffffffeffff}]}, 0xfffffeca) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x2, 0x0, 0x0, 0x286, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x6}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f00000004c0)={{{@in=@dev, @in6=@dev}}, {{@in6=@dev}, 0x0, @in6}}, &(0x7f0000000440)=0xe8) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000005c0)={0x0}, &(0x7f0000000600)=0xc) getpeername$inet6(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, @loopback}, &(0x7f0000000400)=0x1c) ptrace$poke(0x4, r6, &(0x7f0000000780), 0xc9) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000380)={"6272696467653000800000000040f400"}) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/mcfilter\x00') alarm(0x7fffffff) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x1, 0x81}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000280)={r8, 0x7}, &(0x7f0000000840)=0x8) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x89a1, &(0x7f0000000100)={'bridge0\x00', 0xfffffffffffffffd}) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r9, 0x40045431, &(0x7f00003b9fdc)={0xfffffffffffffffe, 0x1000, 0x400000, 0x4, 0x49f, 0xf687, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x200, 0x1}) 07:38:51 executing program 6: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f00002b9ff8)='./file0\x00', &(0x7f0000cbeff8)='./file0\x00', &(0x7f00000001c0)='devpts\x00', 0x0, &(0x7f000002f000)) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x2102020, &(0x7f0000000040)=ANY=[@ANYBLOB="6d6f646e4332303030207c3030343030483030303030300f343030302c00497db23ddef2e7699780267383312451af4a16e5b3fd98ea16038917123b1bd8ac5bd3a3fcbcd1dac30e928a400000000000000089a25f0138dcef32c2b5d685b5a69bc72efc41c9dd2c7d2ee70ade1da6591a568547683798"]) 07:38:51 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="a49f536ffa6a0ca3691acaa6881509b6d2b3e120b304a09db6a137863397a91a25e1b77e20b4e90365a232d70da6dfe8ea451c5648527eec67a40e34314e8c365e44bda0b12d195508bf5c0030abb43ef366ea68fb102e36b682902146dcf9dc0ec4610b98a204b1fab2220f5727f494b1034189ff68f5facfff020023489337ad2df0ad420e2e6a355c18a64df31fd94c4866f2c2acf6dfa456de41bc37815c3dfa68cd7bac3e393607fb858785b02e47f94dfb0ae0b392"]) read$FUSE(r0, &(0x7f00000020c0), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, 0x1, {0x7, 0x1b}}, 0x50) getxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)=@known='system.posix_acl_access\x00', &(0x7f00000001c0)=""/162, 0xfffffc7f) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, 0x2, {0x7, 0x1b}}, 0x50) r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, @multicast1}, &(0x7f0000000180)=0x10, 0x80000) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000003c0)={0x2, 'team0\x00'}, 0x18) 07:38:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x1200, &(0x7f0000000400)}) [ 681.684419] binder: 11979:12002 ioctl c0306201 20000080 returned -22 [ 681.756050] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.757340] devpts: called with bogus options [ 681.762768] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.786824] devpts: called with bogus options [ 681.925948] binder: 12028:12030 unknown command 0 [ 681.928691] device bridge_slave_1 left promiscuous mode [ 681.930915] binder: 12028:12030 ioctl c0306201 20000080 returned -22 [ 681.936377] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.954114] binder: BINDER_SET_CONTEXT_MGR already set [ 681.959529] binder: 12028:12030 ioctl 40046207 0 returned -16 [ 681.965789] device bridge_slave_0 left promiscuous mode [ 681.971474] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.992516] binder: 12028:12032 unknown command 0 [ 681.997462] binder: 12028:12032 ioctl c0306201 20000080 returned -22 [ 682.605565] FAULT_FLAG_ALLOW_RETRY missing 30 [ 682.610132] CPU: 1 PID: 11997 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 682.618612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.627948] Call Trace: [ 682.630522] dump_stack+0x1c9/0x2b4 [ 682.634132] ? dump_stack_print_info.cold.2+0x52/0x52 [ 682.639311] ? kasan_check_write+0x14/0x20 [ 682.643528] ? do_raw_spin_lock+0xc1/0x200 [ 682.647748] handle_userfault.cold.33+0x47/0x62 [ 682.652401] ? userfaultfd_ioctl+0x5430/0x5430 [ 682.656976] ? trace_hardirqs_on+0x10/0x10 [ 682.661192] ? trace_hardirqs_on+0x10/0x10 [ 682.665411] ? update_load_avg+0x389/0x27d0 [ 682.669738] ? trace_hardirqs_on+0x10/0x10 [ 682.673957] ? userfaultfd_ctx_put+0x810/0x810 [ 682.678540] ? rb_erase_cached+0xc82/0x32c0 [ 682.682843] ? trace_hardirqs_on+0x10/0x10 [ 682.687071] ? trace_hardirqs_on_caller+0x540/0x5c0 [ 682.692071] ? rb_next+0x140/0x140 [ 682.695602] ? rb_erase+0x3550/0x3550 [ 682.699389] ? cpuacct_charge+0x2eb/0x5d0 [ 682.703524] ? trace_hardirqs_on+0x10/0x10 [ 682.707746] ? cpuacct_charge+0x2eb/0x5d0 [ 682.711877] ? lock_acquire+0x1e4/0x540 [ 682.715834] ? __handle_mm_fault+0x3a38/0x44a0 [ 682.720397] ? lock_downgrade+0x8f0/0x8f0 [ 682.724528] ? kasan_check_read+0x11/0x20 [ 682.728654] ? do_raw_spin_unlock+0xa7/0x2f0 [ 682.733042] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 682.737606] ? kasan_check_write+0x14/0x20 [ 682.741824] ? do_raw_spin_lock+0xc1/0x200 [ 682.746044] __handle_mm_fault+0x3a45/0x44a0 [ 682.750458] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 682.755297] ? reweight_entity+0x7ed/0x1100 [ 682.759600] ? lock_release+0xa30/0xa30 [ 682.763557] ? lock_acquire+0x1e4/0x540 [ 682.767526] ? handle_mm_fault+0x417/0xc80 [ 682.771751] ? lock_downgrade+0x8f0/0x8f0 [ 682.775881] ? lock_release+0xa30/0xa30 [ 682.779835] ? rcu_note_context_switch+0x730/0x730 [ 682.784747] ? mem_cgroup_from_task+0xcb/0x1f0 [ 682.789322] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 682.794064] handle_mm_fault+0x53e/0xc80 [ 682.798111] ? __handle_mm_fault+0x44a0/0x44a0 [ 682.802684] ? find_vma+0x34/0x190 [ 682.806209] __do_page_fault+0x620/0xe50 [ 682.810253] ? mm_fault_error+0x380/0x380 [ 682.814382] do_page_fault+0xf6/0x8c0 [ 682.818181] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 682.823616] ? vmalloc_sync_all+0x30/0x30 [ 682.827747] ? lock_acquire+0x1e4/0x540 [ 682.831703] ? __might_fault+0x12b/0x1e0 [ 682.835745] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 682.840572] page_fault+0x1e/0x30 [ 682.844011] RIP: 0010:__get_user_4+0x21/0x30 [ 682.848394] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 682.867525] RSP: 0018:ffff8801b3c5f538 EFLAGS: 00010202 [ 682.872880] RAX: 0000000020013e98 RBX: 1ffff1003678beae RCX: ffffc90005630000 [ 682.880233] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 682.887492] RBP: ffff8801b3c5fcb8 R08: 1ffff1003678be84 R09: 0000000000000000 [ 682.894740] R10: ffffed00321451c9 R11: ffff880190a28e4b R12: ffff880190a28dc0 [ 682.901990] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 682.909251] ? __might_fault+0x1a3/0x1e0 [ 682.913300] ? sctp_setsockopt+0x1e13/0x6db0 [ 682.917690] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 682.923386] ? migrate_swap_stop+0x850/0x850 [ 682.927775] ? kasan_check_write+0x14/0x20 [ 682.931998] ? trace_hardirqs_on+0x10/0x10 [ 682.936213] ? __account_cfs_rq_runtime+0x770/0x770 [ 682.941209] ? set_next_entity+0x2dd/0xb00 [ 682.945436] ? trace_hardirqs_on+0x10/0x10 [ 682.949667] ? update_load_avg+0x27d0/0x27d0 [ 682.954076] ? __enqueue_entity+0x10d/0x1f0 [ 682.958383] ? __unqueue_futex+0x2e0/0x2e0 [ 682.962601] ? pick_next_task_fair+0x999/0x16e0 [ 682.967251] ? kasan_kmalloc+0xc4/0xe0 [ 682.971119] ? alloc_empty_file+0x72/0x170 [ 682.975334] ? run_rebalance_domains+0x4c0/0x4c0 [ 682.980083] ? finish_task_switch+0x1d3/0x870 [ 682.984562] ? lock_downgrade+0x8f0/0x8f0 [ 682.988712] ? finish_task_switch+0x18a/0x870 [ 682.993200] ? lock_acquire+0x1e4/0x540 [ 682.997157] ? __fget+0x4ac/0x740 [ 683.000596] ? lock_downgrade+0x8f0/0x8f0 [ 683.004737] ? lock_release+0xa30/0xa30 [ 683.008692] ? finish_task_switch+0x2ca/0x870 [ 683.013176] ? __fget+0x4d5/0x740 [ 683.016610] ? ksys_dup3+0x690/0x690 [ 683.020305] ? __schedule+0x884/0x1ea0 [ 683.024185] ? __fget_light+0x2f7/0x440 [ 683.028138] ? fget_raw+0x20/0x20 [ 683.031577] ? get_unused_fd_flags+0x1a0/0x1a0 [ 683.036162] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 683.041694] ? schedule+0xfb/0x450 [ 683.045215] ? alloc_file+0x430/0x430 [ 683.049000] sock_common_setsockopt+0x9a/0xe0 [ 683.053499] __sys_setsockopt+0x1c5/0x3b0 [ 683.057632] ? kernel_accept+0x310/0x310 [ 683.061678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 683.067199] ? syscall_slow_exit_work+0x500/0x500 [ 683.072035] __x64_sys_setsockopt+0xbe/0x150 [ 683.076424] do_syscall_64+0x1b9/0x820 [ 683.080301] ? finish_task_switch+0x1d3/0x870 [ 683.084790] ? syscall_return_slowpath+0x5e0/0x5e0 [ 683.089701] ? syscall_return_slowpath+0x31d/0x5e0 [ 683.094621] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 683.099618] ? prepare_exit_to_usermode+0x291/0x3b0 [ 683.104613] ? perf_trace_sys_enter+0xb10/0xb10 [ 683.109261] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 683.114088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.119269] RIP: 0033:0x455ab9 [ 683.122435] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 683.141574] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 683.149264] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 683.156511] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 683.163762] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 683.171012] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 683.178260] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:53 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) r5 = request_key(&(0x7f0000000140)='id_legacy\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000002c0)='\x00', 0x0) keyctl$get_security(0x11, r5, &(0x7f0000000300)=""/191, 0xbf) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getdents64(r8, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) r9 = socket$packet(0x11, 0x3, 0x300) close(r0) fstatfs(r9, &(0x7f00000003c0)=""/190) close(r1) 07:38:53 executing program 0: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000e000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt(r0, 0x1114e89a, 0x6, &(0x7f0000000000)="2d6200d0d271fb33be2eca22e26eb9583cc95ee6b43d6be8ad80c776d1888ff5b1e970cf46702780106c0c8a6e0d0206d72f20dd", 0x34) r1 = open(&(0x7f0000000080)='./file0/file0\x00', 0x3fffa, 0x0) write$eventfd(r1, &(0x7f00000001c0), 0x1e9a) write$cgroup_type(r1, &(0x7f0000000380)='threaded\x00', 0x378) 07:38:53 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000040)={0x0, @rand_addr, 0x0, 0x0, 'lc\x00'}, 0x2c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r1, 0x80045400, &(0x7f0000000080)) 07:38:53 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000001480)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75c01f0200f58d26d7a071fb35331ce39c5aeeff5083cf07dd46455c914d4aff1e7cf7ed57c0c2056f5ca933f03cbf82bd13534737339245d31b0041be6281d7e1b4b7099114c571872298dd7f2120e2b6fa2a2e2a2c9c6e0034750b7961fa2c1584c0b5a500ae0ac39bc76a78d9158266759f766a3e8c84c09cf35a214a200421dcbc4cb6ee55476d8ead8882947ffa1fb4c050727beb12c57e06ff59") r1 = getpid() write$FUSE_LK(r0, &(0x7f0000000000)={0x28, 0xffffffffffffffda, 0x4, {{0x5, 0x81, 0x0, r1}}}, 0x28) ioctl$SG_GET_NUM_WAITING(r0, 0x6611, &(0x7f0000000180)) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) 07:38:53 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) io_setup(0x438e, &(0x7f0000000140)=0x0) ioperm(0x3, 0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000001600)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000080)="45d4b4e6", 0x4}]) 07:38:53 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000300)) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x113002, 0x0) mq_unlink(&(0x7f00000002c0)='\x00') ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000200)={0x15, 0x73, &(0x7f0000000340)="e9ae91066ea6265aeb70603b2f688724a26bfca337d1c0a326e045a94136d2923a29cadb9086a73afebed222275298e884d4cc0854e21ca733e5c8ac215ad03e39f9fe97f3c68d8c12eb7e49ac2952f7c61d079dbfc261c06e7a780972b38817533d6d4aef1658966834c6d9906d85a030d60c"}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001740)=""/163, &(0x7f0000000540)=""/246, &(0x7f0000000640)=""/4096}) r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000100)=@assoc_value={0x0, 0x1}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000180)={r4, 0x2}, 0x8) recvfrom(r3, &(0x7f00000003c0)=""/159, 0x9f, 0x1, &(0x7f0000000480)=@ethernet={0x6538342a396b382d, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x80) close(r3) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001800)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000f1dff8)={0x0, r3}) syz_emit_ethernet(0x66, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0086dd6006f52600303a00fe8000000000000000000000000000ffff0200000000000000000000000000010200907800000000600a07ec00000000fe8000000000000000000000000000ffff1e0000000000000002ffffac140000"], &(0x7f0000000000)) 07:38:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x634040, &(0x7f0000000400)}) 07:38:53 executing program 7: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f00001ed000/0x4000)=nil, 0x4000, 0x0, 0x4012, r1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000000600)="bfbffc9b6ca44f6ff7df1be8f692499790a434ffe1513f544c73677a40e2bdcee0a3b2f9d3c0be6c6ac2005a2f7f394a7bed0edd506cb729aa62ad67aceb800e0c295c5f98a2f484be7fe6b6c3f928b63ce211a1d286f52ee4ddce3375f57eaba53aac4165378057958c51d77504f9d6af518abde031bb385b15a2795785c7633e966be5ed6381a5d67df25c5fe6071411c5c8c76c3e026dea0ba91a8a8a0ac6349c41b8e49f44916535d00c325685e31fd967a4cd7ff0dd46793312c55c709762e58ed831de3270d992bab28c145f387aefe6b784abbb024d26e859bc6bec8b8580807a5c1a84e288c3e272a18b68a049204bd304abd08ad4f06e8888daa73979d58c5ae8412606cc8f9ce038914e21ed69f460d6d515a48bd0ec8059dd44a1ae8813b9ee77f207087851812ef17f806aeba9a2d177fc9000030fc12445ef4ba2ad9e008af08ddc9e2d51119a87a9740cc0bbfbf3da7da8f180565d7d2344bd6ffea422d1cb9bee7ea0aa9a4b395e926714b2e9cc4c1850e49d3073bf101cd009941e0ba439da408ae459e23affac40638e8bddf95f1e0c4461ebac58253bda8e3541a485775a2faf01d9278c229a9bcb18991ac1e1512fe708e6d75655d20c299a0266f1e01111e01a41b56b15e62a90930c20b8b5ed0a88a7efdc62d5a628f4f6d5d292b087aad68d72e670ab7747bd2f8328c19df4da409ca5265010b38c81f0008d2a4f0bb19e6cbdc6b0d042926a9580f0608c60db73012d9770e2f3b0f0329124283c9480ea960d4c5f255ca97be92dabbfca13d3f45311655bf16ab2e04720bb94446a216d9ad85b45b42a1d0a8af995fb6eebec390ce72de8e1096933095c279f424975870c694cf0c7bad462a3fe8574111fe761e61beb7d08073e351a0e86a98ab98313e5f75ff2f85b97be18726e785c6385a3384b05ceba0eb969c0ed2380ede4dd8b2a17aea680dc78bc9fd7132b7aa53e0d7e354f1d0bce40d6775aff514238e7bb39e05cdb502b825db358e298ad186d268294993a337824c0fc78f983395ac4877b044ec36aeab8edbdbd4110951d72b67fa8fc717b72abe3ffe868c7052e590f10a9d77dd5f4d365e895ce0d1b2d512ad17f82222167a578f96db1ce93fc396e2db4b9abd01a6d9fd6ea16cfe43fe2a6d2efcab84bb0e229fb648ac643ad9c97d7c5b2f1c391b4d32b1a246665ce3e11dc236036eceda3f397e5e1d62175b77cd5ec20be3703f7d3286932fdb5e6d545748cc32a3568695d755dedfc66182860b36749dcfc89722adfbddffda61bba8722a71ba5e244fe445c18fc5e053801b3f44ae68d782f1b7925bbe0fdfe95d55de18795d1ea3e4b7660c2a8dfc76823dfb81880887b9d36558961264c6a921c84ecac9f6df82134177bbefc1c73eea3518064ce99e773dcb24bd97258a2459e2673275c74fe4478ed2f6243b86ac5cd738fa6341f0c173ec47d19a94919341662f5e8ff2d50e21d6d674f86ae1e2c0d6c6c87ea98084bf838841a2566bc9d85e15d0a168f52f80f6474a87cc7568e156f19b95f762f926d12ac242627ba1ded393cfd16c3a44f12a5d4b8447472166daacfa2d430787f58397387466e36fde8b9a96d5c02b1e7f32a654c926e9136d16b52c1ece887dee4538a211cb8103a0c7c7118c23a47af69b94a9a512468c789555f7eeccfcfff4e893ef2146b49f2720d9b2232c797e16324d54d5b2347731de2c72e785d8cbfa0ef75e636b9feafca0afaa3968990bad350630f0ab105eea6027b4b9e98c88fdf4d8aea375980f891db9c863389a7a0dd9da06f5a603d7fd1c93e21cddd50760018c4438dbd5ea8d24ba8dfc43fee4dedb61f7c6beb8200f04f4252c35058d33fd0c54ae734c78c53900006c21d102c0cf4b17d9d5fc1802500e5accd81790ae6cd22b6b812e4c9449418152bdae8db766cfa15eb2c55142dfee2147becb778b5fb3aa2c55fa2c3403f2951c5f5971ef751a72455d96b706c166d63192d1d1f86c9147b1b76ae74dca35a1c7938986907dfb814e86066acd1e342240986cbfb8394d36f01b6f3a6d96578c0b4d8bd73f3e56e20c836e0016e48fabbe169ca8fb48c8e084a110a1cb8916f8a59adc5f61c164d63e39cd2270f7d724380931203e4b30d430db0ccbf75c9a997f080dcc7d43c6586483d9281ac86258313abb8c21a0259816c59f613ddb350d3f3b81b9ced61da6d22552681888a6429683fdd24a2761746c8d67e9e84dcfbe2bfbc728debbb8fc2665a226addd3f5ce9fa991eddf57ce24d640a560a698284120ccc5f1f8152f656f23d7b13cd43b4d3537f126a0f386a35e04606b7623e6e141ccced4e51d4ac051e48caf30adc614e9cd408f567b6ccd8b1177f051c92084f36b252c83fb7291427204c3e3f65dba92a9ca067bb403de3ba27d53e50ee158e7aed6dea0584d18e373cc6051a8084cf02d5716ac666cb48eff33c9ba18b557be9351beb919d82077dc47db880b525b72e08ca949a7386a1bf3d7dea38096347ec8437cbc2e4e5f6775785514d5479567c0802b50122e7af2922f048f48a8584aab8c1ce7f04fb4a4b4cc13f5a4e2c9318078bc8c634710272104f08c822efab2f9f9b174068621f7cec424a100289a7a884b51da75a5c61be653b4467a59285746496f8a7fc7288413c07629e4baf61e7142c50abc59bd23cdccaafde5b4ff8c2384dfddbf70f28fe10551bab875aa329a9f0ea4ab6732f51870df4030b38831fafa4c8408f8092c4c929cf13675ed056c750cfaa5b12ba3273c4858fc0c88957b84417375c9ef0a91b7ab52c8225d449e268bd9dbfb137885370d9f7afacd41884b4e68548ac28ef96f9fdf287cce84dbb2d788cd95f4962550247ee228cc930b4a938902bc20ca81a0a8c2e5a59fbb4ac4c611909e4f155a1c52bb8d95fb6d24337310bf32f7b0d3949e4c89048ac2153a40a875f89ac6aed185a5652e3b76f67794d3d9c62aadf949136efec6af8ec5fcdd64824994d2c48e3aee4a98191a574f208e40fcee03ad68003a6cfd6dd310096471e30034817a269d2a7ab8adaf3a0e3027e42a7c13494f5434610e1d3f6a472755f40539c80e7f8a2eb69a3466a4288ac9336ece8d17834eb235ff5232c3e8d9a4522cce4ad2ac3934197796baca5e6d22290b204e7bd9791d934941bf87a22435f91928f46bfc2dce38a9642913720ca8249b4cf7043567ba668ee49a8218a2cad42115d405eac16900ac6f39a90836d3fa5ed7679ae8341adc9dbb755e11c5488de0f8c348d586b6a43e8c4e9128641f5ea881c3e1bb6dfbc3da8629c53ae0d97d73c1f6e49d4fb701e0c21d13d4f35a81956f760e895991f8c0a11c02a0c13c0b43e21e84d8ec9404334577d142b90cb2e1b00a4b19a31035e0ffd99b82a032bcbaee8133b2f748e3c448185f2cf154c198a5e84e8d1c420c43e92e27f69a936ef4519d173adbd6635cc116391bbc2ddc15fd088d33218a565115bcb1f603ff6ffa8ab5e0ccc9c80c5d57997b3272596b7bb1e20a49d51dee0f9607fd90682a7be72eed1a25d65ed193d66544667fe4a5eca809f9bdb7e644e2dcffc92117b81057916568e375986deec0df95cf9cabc2dd4e6266a1dbf7dfedb2dcafb602dc842502fea3e3413026643236faa0853b127ceb897af3274ed901832b751d02401a712007faee5ae8f6901c0e7414a234644002ba66847c7734d0649ecfeb5cc1ef752c94c632083bb9c454ac66962ac3f92b0e64bf2c9ad23aa4ee8f3b985349aa02f70b269dd531a6314e240d0e936065b46bc115d2fe814c6d875e52a0d5664c5c5f53b9d433817048b9e0a6bcc9745999a14ae62ba8da9d12ea871317803f7770e8c197c8216b23706c6c0cd28444fb5efe381de00735c6793167a3e0a4565a9ffc2b08a87350d69cbed0162db74c54f7fa773d6f5a376deed340ac6bbc73eadfb4b78983eb6e807848802753eb4b26dee4a9e8b796ab97c02084c76f73eed89128210e9fd5f46f76a87d3a1dd82ce7a5747dd81c01d4796823bad91ed57f553a715786a7c260f83e2a969e81c627db6769253d62a9c077da2b9e2716de77567a1407a528ee7c24a4090ea705be5620c7ddc67dfa4de4d8753ab2be2cdfb7a4f1ee563946e33e11c6f280b8a0b7b2f22cc5d8c69498980b2c5a135fede810d326aa4f5f6489ff620f8a9a3246fb56fcbcd26ddd12652b421264bc8167f8d5b83bb72622d3c0ac0de289bcc9cd233221287a34db3ad8564b224907eead0441feeae031ea1528eafa0e929194943466efff884bb925ea7f93c0cae6c7b0c02641a69512b11846bd932f050c5c69999889e8e742eaaa0e42bf9635fa762b535b45b193c475b27fa209ee599cb63ac8df698973326ae4bdc304067ea50da348531315938fa2ae7bd2684fcd682159037b6bfe446a143e8d0642d53df4b8b53ad67e6dccd208b2fa16af37bac06dc4c1a154a5dd7ba88020cd6ad680b9c5a9e1437c22c681aabe2b74480bac34524368f134907b684a6194bc4094f2679ebbe0d2241333c0c7217c8f28273bcf2802224c51d6e111d4dbdcbed0c7ad5a868e08eacc285199a0e64e1ff096becb53ab2bf100c69f7653bda6fa50fc71c5541d17ce341833a1d1b06b7f8899475615820d69f56aacf603e8977558816de4316afb81c24e53411feca65bc84da171a291251abfe3f07c3d5af2e3cf7eb61823dda9100872aa7f0a0b1631b22b0241ccfb6f4fba43e9b1a57ce7451b3a56fc7d5a91227e66b47cdadd35945fc3d694d2c5f09c4b0e8cd0fefde5e8c13b907ad3ddccee5a1fb5ceee00ad0e7e8b556548a40061b56316b5899e5e92d6d0bb822fe1b29a337dc6ec1a7e758f441353bbd69dd6c9e8f09f9e9dac93a4dd6cc5855228c2bd2ca6e702100cc18dfa6b2b90e964e2bc398e38702270e2f36954c563e5077979c765dd8639c2580062dad6546045e528b1aaefce93edcb27942a497df73363cfe3ef1dd9bd36fcb7c1427c2a650ccf09fbfaf1fa356a4976abe2ada744fe93e190a0ba0b5b8de8f984e31c9f2b2cc0f73d94bb31548518e96d2c0a23d89b66dd567709134ffd0600c5593a80e5470fca3883a685b9e2616254fc33f1eed13c6e3a9a75d3c7ce67e254aecbeb91b1c0812207b26ea2c55dc8542aa99e4593ec3142e0203ee944ba7918c648ede46c7656d642619f78fd426ca5b485cc919bff461249288b6709406781306d72bdf8c01c23a6b030d1d8417996c2b8615f1ef1eade7b7f424c187efcf4abd4e6de56a32ebb7011fc409e130462385fe345233b6129066041231d87912b24143327a7a9ce1fa4e08506598fc3d6e3939bfe4288624a772b9a8dbf621432405e9cc15f24985f5e57673b51f23c4cb3aa1ae546dff31d2fbab81bb2f9729ee7b1d5a9674be4b771b18ee7374bb8c0323ea22e33178d208e2e5c17a2a5087f2cf75dcf038d66a4f6ee5cd0f5f757fc371f8f9efc1644e26c2478362561eafb9c534973fb3b32d8e69079bc5e44c064c293fd558c3283cf7648d25b49202515f69c4b2f6aadac15335c5d99dc278af7cfdf6cca8d7d7ec980c16caa8f2ff598a7f552c800ebb98afbfacd084f4f5ca1d72deacc4e1b3f83d8238b0e066da13d6c568a274fbb3cf86b4c7d40320140388425a8c4ab44fe4d703efffcedac918fb89ea7884684f0c43fbbeadf81af5e62e7a64414da41dc4be590fb037be9d3d62a9e6a38d40b7052ea15c84621633f80f8c6b1c4841d503e47616874fddfeda77743937fc70218", 0x1000, 0x0, &(0x7f00000000c0)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000000)) shutdown(r0, 0x2) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000240)={&(0x7f00001ee000/0x2000)=nil, 0x2000}, &(0x7f00000002c0)=0x10) setsockopt$inet_int(r0, 0x0, 0x31, &(0x7f0000000040)=0x5, 0x4) [ 683.546504] binder: 12055:12063 unknown command 0 07:38:53 executing program 5: r0 = socket(0xf, 0x80000, 0xffff) bind$inet(r0, &(0x7f0000000840)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendto$inet(r0, &(0x7f0000000000)="4df48640d1fda2c8c88414b15830c5", 0xfffffffffffffef6, 0x0, &(0x7f000069affb)={0x2, 0x10000000008000, @loopback=0x7f000001}, 0xfffffffffffffee8) clock_gettime(0x0, &(0x7f0000004f00)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000004d40)=[{{0x0, 0x0, &(0x7f00000048c0), 0x0, &(0x7f0000004940)}}, {{&(0x7f0000004980)=@in={0x0, 0x0, @local}, 0x80, &(0x7f0000004bc0), 0x0, &(0x7f0000004c40)=""/228, 0xe4}}], 0x2, 0x10000, &(0x7f0000004f40)={0x0, r1+30000000}) 07:38:53 executing program 7: r0 = socket$vsock_dgram(0x28, 0x2, 0x0) fcntl$setpipe(r0, 0x407, 0x766) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000700)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000001c0), 0x0) r2 = accept4(r1, 0x0, &(0x7f0000000380), 0x0) sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x0, 0x0, 0x0, 0x0, {0x5}}, 0x14}, 0x1}, 0x0) [ 683.566805] binder: 12055:12063 ioctl c0306201 20000080 returned -22 [ 683.597533] binder: BINDER_SET_CONTEXT_MGR already set 07:38:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x4, 0x105201) ioctl$TIOCSTI(r2, 0x5412, 0x800) sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="02314c00", @ANYRES16=r1, @ANYBLOB="210000000000000000000c0000000800040000000000"], 0x1c}, 0x1}, 0x0) 07:38:53 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x8, &(0x7f0000000100)=0x0) io_getevents(r2, 0x0, 0x0, &(0x7f0000000240), &(0x7f0000000000)={0x77359400}) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='\\keyringvmnet0\x00', 0xffffffffffffff9c}, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r4, 0x61a, 0x70bd2c, 0x25dfdbff, {0xe}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1={0xff, 0x1, [], 0x1}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback={0x0, 0x1}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000080}, 0x20040000) close(r3) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1, 0x0) io_submit(r2, 0x2000000000000026, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000140), 0x4000}]) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) setsockopt$inet6_tcp_int(r0, 0x6, 0x1, &(0x7f00000003c0), 0x26f) 07:38:53 executing program 6: mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000080)='./file0\x00', &(0x7f0000000580)='fuse\x00', 0x7a00, &(0x7f00000001c0)=ANY=[]) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000100)='./file0\x00', 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0}, &(0x7f00000002c0)=0xc) getresgid(&(0x7f0000000300), &(0x7f0000000340)=0x0, &(0x7f0000000380)) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x804080, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x7000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other='allow_other', 0x2c}, {@max_read={'max_read', 0x3d, 0x9}, 0x2c}, {@blksize={'blksize', 0x3d, 0x1c00}, 0x2c}, {@max_read={'max_read', 0x3d, 0x2}, 0x2c}]}}) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)) unlinkat(r0, &(0x7f0000000040)='./file0\x00', 0x200) [ 683.630302] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001) [ 683.637496] FAT-fs (loop0): Filesystem has been set read-only [ 683.645329] binder: 12055:12063 ioctl 40046207 0 returned -16 07:38:53 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4207, r2) ptrace$setopts(0x18, r2, 0x0, 0x0) r3 = memfd_create(&(0x7f0000000000)='eth0[\x00', 0x2) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x2, 0x30, 0xff000000000, 0x7f}, &(0x7f00000000c0)=0x18) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000100)={0xd1, 0x9, 0x203, 0x7, 0x6, 0x5262ac4a, 0x2, 0x7, r4}, 0x20) 07:38:53 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x4, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2}, @in={0x2}], 0x20) r1 = creat(&(0x7f0000000040)='./file0\x00', 0xc8) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000080)=0x8, 0x4) 07:38:53 executing program 5: r0 = dup(0xffffffffffffff9c) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000003a80)={0x3, [0xffffffff, 0x7, 0x3]}, &(0x7f0000003ac0)=0xa) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000040)="9b83722ba1663fa820e3d4c8909a899d4fce80ae00000200000000") getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x100000169) r4 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x40) bind$bt_rfcomm(r4, &(0x7f0000000080)={0x1f, {0x6, 0xffffffffffff7fff, 0x1ff, 0xffffffffffff7fff, 0x1, 0x7}}, 0xa) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000640)='fuseblk\x00', 0x1410, &(0x7f00000007c0)=ANY=[@ANYBLOB="c0b87b01b09b315269b4594ec6ee3b3df6004d5ba2ca1cb38c4d670173901901e62819c9ed44c466963a4d84bfd0ea8e7ab9d83ab588f5120667699d37e5d4fda5f9701bbf29b8929e3b1851f1480ce1a9dbaded9ee7759b50e40b9136c5ad5957e60f66a5a784f6d5ef7871685b195d7882bf43871fee2c1575559d599b6e06f5e34ae0025394207b801461f09b1f0ec1176f9b", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYPTR64=&(0x7f0000000700)=ANY=[@ANYRESHEX=0x0, @ANYBLOB="76ed8cb5a5b01bde71f4d176263ddf7f48bda3863abe2774b8b88708fce5660edf302ddfdadda57b0364bea9d10de71282bb335b6dd90f0e5507e167e087e39a13613e59b1605f65e8da83db7ffc56f019052daad841067b704f127f5591f0b0f8902e42c1efa56ad6f5101aeeb0eb2b1b5c37f2cf62b294a093a7aff3a44a63a6c65f0d316bd1d717c3d8b4ece2cee88e"], @ANYBLOB=',max_read=0x0000000000010000,blksize=0x0000000000001000,\x00']) uname(&(0x7f00000000c0)=""/85) getsockname$netlink(r4, &(0x7f0000000680), &(0x7f00000006c0)=0xc) syz_mount_image$hfsplus(&(0x7f00000001c0)='hfsplus\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0xaaaaaaaaaaaac7a, &(0x7f0000000580)=[{&(0x7f0000000280)="1c93b5bcc8e780633f1bb54d2699193b85e24b8ca772c3f87e361cc360b4aae0bf61f73da06b1f62912bd58ba6b51fe6b387806a860959926341071ef29e1feda4949aaee8db72b53d80c198f2342dae04c6d1340f69afc287e33f74e00f697fba3ee6cc2c9c98b282af6f0a90418c1409bb1ed9cd43ed79c42f6222c27ca288b05074cfd3c0a42728bbf1f8e4304466db8cc62eafffb23bf1b4ceeef108504f1768c7031176afd21fb8ed9e2393230f8be9190c20d80edcfe79b4a74dffdf22b6dae1cf5c5dc8a3", 0xffffffffffffffd0, 0x4}, {&(0x7f0000000380)="f47bb1d61d611583c87a5631835a3a72cc173f140df1226d55da64fd26e78a45ddecbec90cb87c33619a51699127c8d055f8f42ec30b6a45eefd9b4b6dcdb6d80d4c0600357eed6988bb6f09fe0cf46e50a9feb44dbfdf93eb6e430a6344376b8c09070c557e7e7169c22b59b0e93dffe5e4da6e675cc955fdf083b7ac7f5306d1af3dbe2aaa22a53aa581458a0469db3a2492ec5f0fd5b95baf800687536c93b45deb3489492c322c93dc591731c38c8c1884450c71b0d085e9a4e944f27d4e159f805a87558e67efcdc2cc19752251ab0bcf1aa15fde1b337231d25d30297f154d27b42b2f3fab", 0xe8}, {&(0x7f0000000480)="e2d1a91c826dd7b8a3bc5b81089fdff34f6de2b4ea47756b6c88fffc100b07032f11c876602cf2f54f4bf47409e575486f696498e8981fdbb9e23996d95017aad2f1c27288befcda7e706987bee9cc01060663ee0b757b029f340c29bd6cf1a5863e27649727e08f3eed136bb38aed1a4af7b8fa5916eafe7e2240fb493435e4dba6e0710c987515ab4758711bc6d6161fa25bb64785cb7fbf5cbc9ba299edce76a9cfee43f27af291a20879c13693b19d8316c007dd79078298b2d9e69ccae707167373bee27229b54c95bdbeb2e5bee6e27240a005af927a0962e82bab0736909d", 0xe2, 0x3}], 0x0, &(0x7f00000015c0)={[{@gid={'gid', 0x3d, r3}, 0x2c}]}) read(r4, &(0x7f0000000900)=""/107, 0x6b) ioctl$RTC_IRQP_SET(r4, 0x4008700c, 0xe5d) [ 683.671049] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1041) [ 683.674490] binder: 12055:12079 unknown command 0 [ 683.699821] binder: 12055:12079 ioctl c0306201 20000080 returned -22 [ 683.709724] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1041) [ 683.745315] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1041) [ 683.847074] hfsplus: unable to find HFS+ superblock [ 683.921367] hfsplus: unable to find HFS+ superblock [ 684.572961] FAULT_FLAG_ALLOW_RETRY missing 30 [ 684.577541] CPU: 1 PID: 12077 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 684.586013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.595354] Call Trace: [ 684.597933] dump_stack+0x1c9/0x2b4 [ 684.601544] ? dump_stack_print_info.cold.2+0x52/0x52 [ 684.606717] ? rb_erase+0x3550/0x3550 [ 684.610504] handle_userfault.cold.33+0x47/0x62 [ 684.615160] ? plist_check_list+0x7e/0xa0 [ 684.619292] ? plist_check_list+0xa0/0xa0 [ 684.623424] ? lock_acquire+0x1e4/0x540 [ 684.627383] ? userfaultfd_ioctl+0x5430/0x5430 [ 684.631962] ? trace_hardirqs_on+0x10/0x10 [ 684.636185] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 684.641532] ? plist_del+0x4a1/0x9d0 [ 684.645265] ? perf_event_update_userpage+0xd30/0xd30 [ 684.650442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.655967] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 684.661142] ? cgroup_rstat_updated+0xe6/0x470 [ 684.665712] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 684.670103] ? update_curr+0x200/0xc00 [ 684.673976] ? __update_load_avg_se+0x65d/0xb80 [ 684.678652] ? trace_hardirqs_on+0x10/0x10 [ 684.682874] ? kasan_check_read+0x11/0x20 [ 684.687010] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 684.691576] ? compat_start_thread+0x80/0x80 [ 684.695973] ? lock_acquire+0x1e4/0x540 [ 684.700009] ? __handle_mm_fault+0x3a38/0x44a0 [ 684.704580] ? lock_downgrade+0x8f0/0x8f0 [ 684.708718] ? kasan_check_read+0x11/0x20 [ 684.712847] ? do_raw_spin_unlock+0xa7/0x2f0 [ 684.717237] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 684.721805] ? kasan_check_write+0x14/0x20 [ 684.726021] ? do_raw_spin_lock+0xc1/0x200 [ 684.730244] __handle_mm_fault+0x3a45/0x44a0 [ 684.734642] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 684.739467] ? __sched_text_start+0x8/0x8 [ 684.743600] ? reweight_entity+0x7ed/0x1100 [ 684.747906] ? lock_release+0xa30/0xa30 [ 684.751865] ? lock_acquire+0x1e4/0x540 [ 684.755823] ? handle_mm_fault+0x417/0xc80 [ 684.760039] ? lock_downgrade+0x8f0/0x8f0 [ 684.764175] ? lock_release+0xa30/0xa30 [ 684.768133] ? mem_cgroup_from_task+0xcb/0x1f0 [ 684.772698] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 684.777441] handle_mm_fault+0x53e/0xc80 [ 684.781485] ? __handle_mm_fault+0x44a0/0x44a0 [ 684.786048] ? find_vma+0x34/0x190 [ 684.789571] __do_page_fault+0x620/0xe50 [ 684.793619] ? mm_fault_error+0x380/0x380 [ 684.797770] do_page_fault+0xf6/0x8c0 [ 684.801571] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 684.807001] ? vmalloc_sync_all+0x30/0x30 [ 684.811147] ? lock_acquire+0x1e4/0x540 [ 684.815105] ? __might_fault+0x12b/0x1e0 [ 684.819153] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 684.823993] page_fault+0x1e/0x30 [ 684.827431] RIP: 0010:__get_user_4+0x21/0x30 [ 684.831813] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 684.851061] RSP: 0018:ffff8801940b7538 EFLAGS: 00010202 [ 684.856405] RAX: 0000000020013e98 RBX: 1ffff10032816eae RCX: ffffc90005630000 [ 684.863658] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 684.870909] RBP: ffff8801940b7cb8 R08: 1ffff10032816e84 R09: ffff8801940b7260 [ 684.878161] R10: ffffed003afa1da9 R11: ffff8801d7d0ed4b R12: ffff8801d7d0ecc0 [ 684.885410] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 684.892669] ? __might_fault+0x1a3/0x1e0 [ 684.896720] ? sctp_setsockopt+0x1e13/0x6db0 [ 684.901115] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 684.906808] ? migrate_swap_stop+0x850/0x850 [ 684.911201] ? kasan_check_write+0x14/0x20 [ 684.915422] ? trace_hardirqs_on+0x10/0x10 [ 684.919640] ? __account_cfs_rq_runtime+0x770/0x770 [ 684.924649] ? perf_trace_lock+0xde/0x920 [ 684.928786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.934307] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 684.939771] ? zap_class+0x740/0x740 [ 684.943467] ? perf_trace_lock+0xde/0x920 [ 684.947597] ? perf_event_update_userpage+0xd30/0xd30 [ 684.952861] ? zap_class+0x740/0x740 [ 684.956562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.962081] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 684.967254] ? perf_trace_lock+0xde/0x920 [ 684.971399] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 684.975792] ? alloc_empty_file+0x72/0x170 [ 684.980026] ? finish_task_switch+0x1d3/0x870 [ 684.984505] ? lock_downgrade+0x8f0/0x8f0 [ 684.988635] ? finish_task_switch+0x18a/0x870 [ 684.993115] ? lock_acquire+0x1e4/0x540 [ 684.997071] ? __fget+0x4ac/0x740 [ 685.000519] ? lock_downgrade+0x8f0/0x8f0 [ 685.004654] ? lock_release+0xa30/0xa30 [ 685.008615] ? trace_hardirqs_on+0xd/0x10 [ 685.012747] ? _raw_spin_unlock_irq+0x27/0x70 [ 685.017225] ? finish_task_switch+0x18a/0x870 [ 685.021705] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 685.027151] ? __fget+0x4d5/0x740 [ 685.030605] ? ksys_dup3+0x690/0x690 [ 685.034313] ? __schedule+0x884/0x1ea0 [ 685.038191] ? __fget_light+0x2f7/0x440 [ 685.042149] ? fget_raw+0x20/0x20 [ 685.045604] ? get_unused_fd_flags+0x1a0/0x1a0 [ 685.050171] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 685.055700] ? schedule+0xfb/0x450 [ 685.059222] ? alloc_file+0x430/0x430 [ 685.063010] sock_common_setsockopt+0x9a/0xe0 [ 685.067490] __sys_setsockopt+0x1c5/0x3b0 [ 685.071622] ? kernel_accept+0x310/0x310 [ 685.075671] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.081192] ? syscall_slow_exit_work+0x500/0x500 [ 685.086016] __x64_sys_setsockopt+0xbe/0x150 [ 685.090421] do_syscall_64+0x1b9/0x820 [ 685.094288] ? finish_task_switch+0x1d3/0x870 [ 685.098765] ? syscall_return_slowpath+0x5e0/0x5e0 [ 685.103687] ? syscall_return_slowpath+0x31d/0x5e0 [ 685.109034] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 685.114036] ? prepare_exit_to_usermode+0x291/0x3b0 [ 685.119046] ? perf_trace_sys_enter+0xb10/0xb10 [ 685.123696] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 685.128524] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.133694] RIP: 0033:0x455ab9 [ 685.136864] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 685.156026] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 685.163716] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 685.170968] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 685.178231] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 685.185482] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 685.192732] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:55 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) sendto(r3, &(0x7f0000000280)="4498414ab683879933750b8ecb6d9652b737654a316fcd8362fe8b55bf9700b46dfb50a0288dd095ebc0139d42b9327e429f64d24bbcb5aa3c3192353bdef8b453ccfd05448a30b0740c540d9e32f1b4a49e6f1753fb7477e56c63e5514d9d0afa7f9afd0517188d4c93ae51afa565f20653c962a7a411eca0404bccaaa5a131574151e60aa1333d734dbe99a3f52ad53df7e29dde8d3697a782dc0593cc891d", 0xa0, 0x10, &(0x7f0000000340)=@sco={0x1f, {0x7f, 0x1, 0x1, 0x7f, 0x0, 0x7}}, 0x80) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:55 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) getpgrp(r1) ptrace(0x4207, r1) ptrace$setopts(0x4201, r1, 0x0, 0x709000) 07:38:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x3000000, &(0x7f0000000400)}) 07:38:55 executing program 6: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000000, 0x50, r0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f00000000c0)="025cc83d6d345f8f762070") sendto$inet6(0xffffffffffffffff, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="080000000000000000000000028000007a0a00fffffffffd630148"], &(0x7f0000000000)="47504c00bc3047eb525f484f89fc96dd6ca64da40ff023122e66f6", 0x0, 0xce, &(0x7f0000000300)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000040)=@framed={{0x18}, [@jmp={0x5}], {0x95}}, &(0x7f0000000200)='syzkaller\x00', 0x84000001, 0xbb, &(0x7f0000000300)=""/187}, 0x48) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080)={0x3, 0x1000, 0x7f, 0xb7, 0x5}, 0x14) 07:38:55 executing program 4: r0 = socket$inet6(0x10, 0x5, 0x0) sendmsg(r0, &(0x7f000000bfc8)={&(0x7f0000000000)=@nl=@proc={0x10}, 0x80, &(0x7f0000002000)=[{&(0x7f0000001000)="5500000018007fafb72d1cb2a4a280930206020000a843096c2623692500160000c90200f0ff66039848a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83c43ab8220000bf0cec6bab91d4000000000000", 0x55}], 0x1, &(0x7f0000002040)}, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0xea2, 0x200000) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) ioctl$sock_proto_private(r0, 0x89ed, &(0x7f0000000140)="4ccddeedb39ac4883d3f29f9e91d695508770729d71a16965c34245813e9dcd3cab90fd071a8575204b5d7c2e0d8757cd0bee24686eb6f0a45d23e213c3810381ba613cfbaea5fb97d6ce7e8237cf4b4be73a08a56da635eef806a96cde99652f6db8665cae0d369e6742f1b9e8098d3654e56a9e98de171973fc2957bc481634a146c2741a6eb6392f71fd569d1222b5f9ed1497bf8256ca0ee07b6f06172a449048532c407f7c30a961a9b154261360bde13bc921d51a3814176c690c88146d0418ecf63338e5d71a922b0e877ada672d00e70ee110d123108c8d9fb6f702e9b903bf63f37eddfb7ca13a354528cd57c18266e9f") r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x80, 0x0) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000000c0)=0x1010, 0x4) chmod(&(0x7f0000000240)='./file0\x00', 0x4) 07:38:55 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x2000, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) bind$inet(r1, &(0x7f00008a5ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) sendto$inet(r1, &(0x7f0000f7db7f)="ba", 0x1, 0x0, &(0x7f0000000200)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10) recvmsg(r1, &(0x7f0000000080)={&(0x7f00000000c0)=@can, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000480)=""/2, 0x2}, 0x20) 07:38:55 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x401, 0x2000) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="fc000000", @ANYRES16=r2, @ANYBLOB="180526bd7000fcdbdf250b0000002c000100080004004e240000080004004e2400000800080000100000080009004d00000008000900560000000800060081000000180003001400020076657468315f746f5f626f6e640000001800010014000300000000000000000000000000000000003800010008000800090000000c0007001a0000002200630ee99b0600727200000800090043000000080009003d00000008000b000af687d3200003001400020073697430000000c4321a12ea88d71a5796c594c442000800000000000000080008000000000008000400060000002400020008000900a808000008000b000a000000080008000200000008000b000a0000006169fdfe1fdb130e4759213cb1af0236a19d34c08e408e7d5352dc08dcaf7a52c159145f270d1e2f4893648d1c84912e78ad8ad445e5770f469d0143f7af67614105de237acf83ddade0f06ee2"], 0xfc}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) dup3(r0, r0, 0x80000) r3 = dup(r0) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @multicast2=0xe0000002}, 0x10) ioctl(r1, 0x661, &(0x7f0000000380)="bc5c200ad09d63fec4d2aee07e227d26e34f62b15236876d83f449ef7983fa64650aba173b879b8ca4a192ee0e2fe640016274b6ec09ecc076598853eede944eeb5c00000000") 07:38:55 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x8000, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x4}, 0x1c) sendmmsg(r0, &(0x7f000000ac80)=[{{&(0x7f0000001240)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000001600), 0x0, &(0x7f0000001640)}}, {{0x0, 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000040)=[{0x18, 0x29, 0x3b, "4bc3"}], 0x18}}], 0x2, 0x0) 07:38:55 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-generic\x00'}, 0x58) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x80, 0x400000) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000040)={0x4, 0x0, 0x8, 0xfffffffffffffffe, 0x7d14, 0x200}) r3 = accept$alg(r0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000000900)=[{{&(0x7f0000000280)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000480)=""/255, 0xff}], 0x1}}, {{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x2, 0x0, &(0x7f0000001380)={0x77359400}) 07:38:55 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000680)='mountstats\x00') bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58) r3 = accept4$alg(r1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="4cd4d394cb3c9f695ae515eff31cc50a53b945a51964f0df30e63409", 0x1c) sendfile(r3, r2, &(0x7f000025d000), 0x734) dup2(r2, r3) socket$rds(0x15, 0x5, 0x0) 07:38:55 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000240)='/dev/input/mice\x00', 0x0, 0x0) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000380)="fb9054348eeb16ce059d25b4c388bf227e2ad001e92de31658039eb58e76950452b1dbad0c322ef79e25f7c2de4fb7a4e29983bcec91bd11d7d04133604170b84665e411fd76c75807e16759704f1d1d2c1c726a0d8a4e025df61d9c3100df72a70b") ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000400), &(0x7f0000000440)=0x4) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000040)={"7369743000000000b5c7b9026c7fc5e5", @ifru_addrs=@in={0x2, 0x4e20, @rand_addr}}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000200)=0x8000, 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="b9c70b0000b802000000ba000000000f300f21bcc42175d08cf6d66a0000c4624d93443a00b9980100000f3265f2410f0866470fe07d001d0000000043d9fe66baf80cb85cc87b8fef66bafc0ced", 0x4e}], 0x1, 0x0, &(0x7f00000002c0), 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @pic={0x0, 0xabc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x0, 0x0, &(0x7f00000000c0), 0x33e) ioctl$KVM_RUN(r5, 0xae80, 0x0) 07:38:55 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f00000002c0)={0x10, 0xf000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1e4bf05ba540470f743ba164f4140000001800ffff000000000000000005000000"], 0x14}, 0x1}, 0x0) 07:38:55 executing program 0: r0 = socket$inet6(0xa, 0x3000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x10000, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r2, 0x300, 0x70bd2a, 0x25dfdbff, {0xe}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xc24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000800000850000000000c80095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0xce, &(0x7f0000000180)=""/206}, 0x48) r3 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x100, 0x0) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000002c0)={0x0, @empty, @rand_addr}, &(0x7f0000000300)=0xc) bind$bt_hci(r3, &(0x7f0000000380)={0x1f, r4}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x10, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x2, 0x1}, @call={0x85, 0x0, 0x0, 0x3d}], &(0x7f0000000140)='GPL\x00', 0x100000000041, 0xa7, &(0x7f00000004c0)=""/167}, 0x48) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f00000005c0)=[{0x0, 0x3ff}, {0x4, 0x7}, {0x3, 0x400000000000}, {0x2, 0x80}], 0x4) [ 685.476642] binder: 12137:12140 unknown command 0 [ 685.488096] binder: 12137:12140 ioctl c0306201 20000080 returned -22 [ 685.495904] binder: BINDER_SET_CONTEXT_MGR already set [ 685.509211] binder: 12137:12140 ioctl 40046207 0 returned -16 07:38:55 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) capget(&(0x7f00000000c0)={0x399f1336, r1}, &(0x7f0000000100)={0x9e, 0x3cd2, 0x7, 0xfff, 0x9, 0x100000001}) ioctl$sock_ifreq(r0, 0x8983, &(0x7f0000000280)={"060000006170b002002000", @ifru_settings={0x0, 0x0, @sync=&(0x7f00000001c0)}}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x2, 0x0) ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f0000000200)) userfaultfd(0x80800) 07:38:55 executing program 6: r0 = userfaultfd(0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x2) setsockopt$inet6_dccp_int(r1, 0x21, 0xa, &(0x7f0000000040), 0x4) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2a9a39ba80abba70}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r2, 0x8, 0x70bd27, 0x25dfdbff, {0x8}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2082}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}]}, 0x2c}, 0x1}, 0x80) close(r1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0xfffffffffffffffe}) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) write$FUSE_ATTR(r1, &(0x7f0000000240)={0x78, 0x0, 0x7, {0x7fff, 0x8, 0x0, {0x0, 0x20, 0x7, 0xf8, 0xc55, 0x65, 0x35, 0xcf05, 0x7, 0x2, 0x9, r3, r4, 0x80000001, 0x7f}}}, 0x78) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f00000001c0)) [ 685.546813] binder: 12137:12155 unknown command 0 [ 685.562053] binder: 12137:12140 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 685.572253] binder: 12137:12155 ioctl c0306201 20000080 returned -22 07:38:55 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x800000000002, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x107001, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f00000000c0)={0x9, 0x4004}) recvmsg(r1, &(0x7f0000002680)={&(0x7f00000033c0)=@hci, 0x80, &(0x7f0000002600)=[{&(0x7f0000001380)=""/125, 0x7d}, {&(0x7f0000000200)}, {&(0x7f0000003440)=""/4096, 0x37c}], 0x3, &(0x7f00000014c0)=""/251, 0xfb}, 0x0) bind$inet(r1, &(0x7f0000eed000)={0x2, 0x4e21}, 0x10) syz_emit_ethernet(0x423, &(0x7f000018f000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @multicast1=0xe0000001}, @dccp={{0x0, 0x4e21, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d73cde", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) sendmsg(r1, &(0x7f0000000140)={&(0x7f0000000040)=@in={0x2, 0x4e21}, 0x10, &(0x7f0000000100)}, 0x0) [ 686.468697] FAULT_FLAG_ALLOW_RETRY missing 30 [ 686.473265] CPU: 0 PID: 12152 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 686.481752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.491102] Call Trace: [ 686.493689] dump_stack+0x1c9/0x2b4 [ 686.497337] ? dump_stack_print_info.cold.2+0x52/0x52 [ 686.502531] ? kasan_check_write+0x14/0x20 [ 686.506768] ? do_raw_spin_lock+0xc1/0x200 [ 686.511079] handle_userfault.cold.33+0x47/0x62 [ 686.515733] ? userfaultfd_ioctl+0x5430/0x5430 [ 686.520301] ? trace_hardirqs_on+0x10/0x10 [ 686.524518] ? lock_release+0xa30/0xa30 [ 686.528472] ? task_numa_work+0xf00/0xf00 [ 686.532600] ? cpu_load_update+0x380/0x380 [ 686.536842] ? userfaultfd_ctx_put+0x810/0x810 [ 686.541416] ? reweight_entity+0x7ed/0x1100 [ 686.545719] ? __account_cfs_rq_runtime+0x770/0x770 [ 686.550725] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 686.556253] ? should_fail+0x246/0xd86 [ 686.560127] ? trace_hardirqs_on+0x10/0x10 [ 686.564356] ? task_fork_fair+0x680/0x680 [ 686.568486] ? reweight_entity+0x1100/0x1100 [ 686.572888] ? trace_hardirqs_on+0x10/0x10 [ 686.577115] ? set_next_entity+0x2dd/0xb00 [ 686.581331] ? dequeue_entity+0x400/0x15e0 [ 686.585547] ? update_load_avg+0x27d0/0x27d0 [ 686.590256] ? lock_acquire+0x1e4/0x540 [ 686.594226] ? __handle_mm_fault+0x3a38/0x44a0 [ 686.598791] ? lock_downgrade+0x8f0/0x8f0 [ 686.602923] ? kasan_check_read+0x11/0x20 [ 686.607057] ? do_raw_spin_unlock+0xa7/0x2f0 [ 686.611445] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 686.616010] ? kasan_check_write+0x14/0x20 [ 686.620226] ? do_raw_spin_lock+0xc1/0x200 [ 686.624452] __handle_mm_fault+0x3a45/0x44a0 [ 686.628845] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 686.633681] ? kasan_check_read+0x11/0x20 [ 686.637812] ? lock_acquire+0x1e4/0x540 [ 686.641765] ? handle_mm_fault+0x417/0xc80 [ 686.645983] ? lock_downgrade+0x8f0/0x8f0 [ 686.650118] ? lock_release+0xa30/0xa30 [ 686.654083] ? rcu_note_context_switch+0x730/0x730 [ 686.658990] ? mem_cgroup_from_task+0xcb/0x1f0 [ 686.663554] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 686.668292] handle_mm_fault+0x53e/0xc80 [ 686.672336] ? __handle_mm_fault+0x44a0/0x44a0 [ 686.676914] ? find_vma+0x34/0x190 [ 686.680440] __do_page_fault+0x620/0xe50 [ 686.684481] ? mm_fault_error+0x380/0x380 [ 686.688609] do_page_fault+0xf6/0x8c0 [ 686.692396] ? vmalloc_sync_all+0x30/0x30 [ 686.696535] ? schedule+0xfb/0x450 [ 686.700067] ? lock_acquire+0x1e4/0x540 [ 686.704022] ? __might_fault+0x12b/0x1e0 [ 686.708066] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 686.712898] page_fault+0x1e/0x30 [ 686.716337] RIP: 0010:__get_user_4+0x21/0x30 [ 686.720722] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 686.739856] RSP: 0018:ffff8801a910f538 EFLAGS: 00010202 [ 686.745199] RAX: 0000000020013e98 RBX: 1ffff10035221eae RCX: ffffc90005630000 [ 686.752450] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 686.759700] RBP: ffff8801a910fcb8 R08: 1ffff10035221e84 R09: 0000000000000000 [ 686.766963] R10: ffffed003afa1ca1 R11: ffff8801d7d0e50b R12: ffff8801d7d0e480 [ 686.774211] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 686.781475] ? __might_fault+0x1a3/0x1e0 [ 686.785528] ? sctp_setsockopt+0x1e13/0x6db0 [ 686.789917] ? get_futex_value_locked+0xcb/0xf0 [ 686.794567] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 686.800271] ? trace_hardirqs_on+0x10/0x10 [ 686.804484] ? futex_wake+0x760/0x760 [ 686.808280] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 686.813452] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 686.818966] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 686.824047] ? futex_wait+0x5d2/0xa20 [ 686.827831] ? futex_wait_setup+0x410/0x410 [ 686.832141] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 686.837317] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 686.842833] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 686.847914] ? futex_wake+0x304/0x760 [ 686.851703] ? lock_acquire+0x1e4/0x540 [ 686.855668] ? percpu_ref_put_many+0x119/0x240 [ 686.860228] ? lock_downgrade+0x8f0/0x8f0 [ 686.864366] ? lock_acquire+0x1e4/0x540 [ 686.868321] ? __fget+0x4ac/0x740 [ 686.871756] ? lock_downgrade+0x8f0/0x8f0 [ 686.875883] ? lock_release+0xa30/0xa30 [ 686.879836] ? lockdep_init_map+0x9/0x10 [ 686.883877] ? exit_robust_list+0x290/0x290 [ 686.888181] ? __mutex_init+0x1f7/0x290 [ 686.892137] ? __ia32_sys_membarrier+0x150/0x150 [ 686.896874] ? kasan_unpoison_shadow+0x35/0x50 [ 686.901435] ? __fget+0x4d5/0x740 [ 686.904880] ? ksys_dup3+0x690/0x690 [ 686.908586] ? lock_acquire+0x1e4/0x540 [ 686.912538] ? __fd_install+0x2b2/0x880 [ 686.916579] ? lock_downgrade+0x8f0/0x8f0 [ 686.920710] ? select_collect+0x610/0x610 [ 686.924846] ? lock_release+0xa30/0xa30 [ 686.928815] ? __fget_light+0x2f7/0x440 [ 686.932768] ? fget_raw+0x20/0x20 [ 686.936209] ? get_unused_fd_flags+0x1a0/0x1a0 [ 686.940774] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 686.946305] ? alloc_file_pseudo+0x281/0x3f0 [ 686.950694] ? alloc_file+0x430/0x430 [ 686.954477] sock_common_setsockopt+0x9a/0xe0 [ 686.958952] __sys_setsockopt+0x1c5/0x3b0 [ 686.963080] ? kernel_accept+0x310/0x310 [ 686.967120] ? do_futex+0x27d0/0x27d0 [ 686.970902] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 686.976426] ? fput+0x130/0x1a0 [ 686.979692] __x64_sys_setsockopt+0xbe/0x150 [ 686.984084] do_syscall_64+0x1b9/0x820 [ 686.987949] ? finish_task_switch+0x1d3/0x870 [ 686.992426] ? syscall_return_slowpath+0x5e0/0x5e0 [ 686.997345] ? syscall_return_slowpath+0x31d/0x5e0 [ 687.002263] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 687.007265] ? prepare_exit_to_usermode+0x291/0x3b0 [ 687.012271] ? perf_trace_sys_enter+0xb10/0xb10 [ 687.017022] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 687.021847] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 687.027016] RIP: 0033:0x455ab9 [ 687.030190] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 687.049336] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 687.057022] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 687.064280] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 687.071537] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 687.078794] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 687.086040] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:57 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x78, &(0x7f0000000280)=[@in={0x2, 0x4e24, @loopback=0x7f000001}, @in6={0xa, 0x4e23, 0x9, @dev={0xfe, 0x80, [], 0xb}, 0x80000001}, @in={0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xc}}, @in={0x2, 0x4e21}, @in6={0xa, 0x4e23, 0x5, @mcast1={0xff, 0x1, [], 0x1}, 0x6110}]}, &(0x7f0000000300)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x6d, &(0x7f0000000340)={r8, 0xe2, "83a4e99dc264914b2895af76a0969ebff4e244540260e6dafcd8d9e9e1dd73b01d18d5d29d10018e395310325a71e2ab2fad0b41659a17ca8f66769836e55cc1c79d3662ee577358b5f16c795ed09ab8a3916fb61e838666d40b1d9a620dcbb375d4190cd191df4e6ed1455d3173897429c49809cd016562fff3aba3107aa71f2e6adccc595b4bc6242e98669b8ac6b2f2a8a43f287de04620f4f2ff2f345d66a4dc13328d20383bc8d3a38c958fd9fb8e6fd9ca33e5fb3dd0c911640e4b79d159fa724092d9eba20bb6732a70d3958db7a7e7a1416cb76938305df159e8d6ccd5a1"}, &(0x7f0000000440)=0xea) ioctl$void(r3, 0xc0045c77) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:57 executing program 7: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x800, 0x0) ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000140)) r1 = socket$inet6(0xa, 0x80011, 0x1ff) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet(0x2, 0xb, 0x0) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000002c0)=0xbb, 0xef) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x102, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000000c0)={r1, r4}) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={0x0}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r5, 0x8, 0xdf}, 0xc) sendto$inet(r2, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) connect(r2, &(0x7f00000012c0)=@nl=@unspec, 0x80) 07:38:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x630b, &(0x7f0000000400)}) 07:38:57 executing program 4: r0 = socket$inet6(0xa, 0x4, 0xe00000000) ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070") r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x84000, 0x0) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000040)={'bond0\x00', {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={0xffffffffffffffff}, 0x117, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000180)={0x16, 0xd8, 0xfa00, {&(0x7f0000001280), 0x3, r3, 0x3f, 0x1, @in6={0xa, 0x4e20, 0x8, @local={0xfe, 0x80, [], 0xaa}, 0x7fff}}}, 0xa0) epoll_pwait(r1, &(0x7f00000000c0)=[{}, {}], 0x2, 0x6, &(0x7f00000012c0)={0xba}, 0x8) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000280)=""/4096) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004, 0x100010, r0, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0x8, &(0x7f0000000240), 0x4) 07:38:57 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x3) r1 = memfd_create(&(0x7f0000000000)='lo\x00', 0x0) r2 = dup2(r0, r1) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xa8100000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r3, 0x2, 0x70bd2a, 0x25dfdbfc, {0x10}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffffffffff5c}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x11) shutdown(r1, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x0, {0x7}}, 0x14}, 0x1}, 0x0) 07:38:57 executing program 3: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ustat(0x4, &(0x7f0000000000)) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000fec000/0x12000)=nil, 0x12000}) restart_syscall() fcntl$setlease(r0, 0x400, 0x2) getpeername(0xffffffffffffffff, &(0x7f0000000040)=@pppoe={0x0, 0x0, {0x0, @broadcast}}, &(0x7f00000000c0)=0x34e) 07:38:57 executing program 6: syz_extract_tcp_res$synack(&(0x7f0000000080), 0x1, 0x0) syz_emit_ethernet(0xffffffffffffff02, &(0x7f0000000040)={@random="b100485caa2a", @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @broadcast=0xffffffff}, @igmp={0x11, 0x0, 0x0, @multicast1=0xe0000001, '\b\a\x00\x00'}}}}}, &(0x7f0000000000)) 07:38:57 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xffffffffffffffe1) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000400)=""/4096) close(r1) close(r2) 07:38:57 executing program 5: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000180)="2e2f66692e65318c", 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x100000000, 0x410000) setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000080), 0x4) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)="2e2f66692e65318c00", 0x1, 0x2, &(0x7f0000000280)=[{&(0x7f0000000200)="65e67218199e6cd8748c6d306069661b63b14dce2efbfaabe7314d26fbe24009dc5aab702b966827188da8147f1419d10c6fd3a2c211e16fdb8e1760ebc1e7c32e67da2c", 0x44}, {&(0x7f0000000340)="844ca030d21f6005fabe0a7db16d6a4e2aa6b523572011524c6cbb047e29c504ebce2b829a2fbd7307faa3a6ecb3983b7fce3caf455e10a31d77a815b2534c7ec75f93ce36f94dda79e93ab41d09745d64f4632c271d39a2a0817bed6104adee73bdb896c79b8ec64e7fa42c501f5e3724299cdf88063c3aa6a7637847b55a40f634f4ba19942db56a0521767c04499474e1c56bedbc98ccfe2c7bd5ca93bf9957b5", 0xa2, 0x8}], 0x0, &(0x7f0000000500)={[{@lazytime='lazytime', 0x2c}, {@resgid={'resgid', 0x3d, r3}, 0x2c}, {@grpjquota_path={'grpjquota', 0x3d, "2e2f66692e65318c"}, 0x2c}, {@dioread_lock='dioread_lock', 0x2c}, {@min_batch_time={'min_batch_time', 0x3d, 0xffff}, 0x2c}, {@data_err_ignore='data_err=ignore', 0x2c}, {@abort='abort', 0x2c}]}) fanotify_mark(r1, 0x25, 0x2, r0, &(0x7f0000000300)="2e2f66692e65318c00") [ 687.425338] binder: 12203:12204 unknown command 0 [ 687.439679] binder: 12203:12204 ioctl c0306201 20000080 returned -22 07:38:57 executing program 6: r0 = syz_open_dev$ndb(&(0x7f0000000700)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x2000, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000140)={0x0, 0xffffffffbb8dd201, 0x4, 0x1, 0x101, 0x401}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000240)={r4, 0xffff, 0x7ff, 0x848, 0x10001}, &(0x7f0000000280)=0x14) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(0xffffffffffffffff, &(0x7f0000000000), 0x0) openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000500)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, &(0x7f0000000580)={0x5, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) dup2(r1, r0) 07:38:57 executing program 7: r0 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000) ioctl$KVM_GET_PIT2(r0, 0x8070ae9f, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents(r1, &(0x7f0000000400)=""/69, 0xfd67) 07:38:57 executing program 3: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'veth0_to_bond\x00', {0x2, 0x4e22, @loopback=0x7f000001}}) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}}, 0x32) [ 687.469134] binder: BINDER_SET_CONTEXT_MGR already set [ 687.477395] binder: 12203:12204 ioctl 40046207 0 returned -16 [ 687.508750] binder: 12203:12225 unknown command 0 07:38:57 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x8002, 0x0) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f00000000c0)) r1 = socket(0x10, 0x2, 0x0) chmod(&(0x7f0000000040)='./file0\x00', 0x8) write(r1, &(0x7f0000000000)="240000002a00070032f00008004a7700fbffffff010000ffffff0e00ff10e4814cce125c", 0x24) fchdir(r1) [ 687.508955] binder: 12203:12204 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 687.528308] FAT-fs (loop5): bogus number of reserved sectors [ 687.531964] binder: 12203:12225 ioctl c0306201 20000080 returned -22 [ 687.534176] FAT-fs (loop5): Can't find a valid FAT filesystem 07:38:57 executing program 7: unshare(0x60000000) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x6, 0x40000) r0 = socket$inet6_udp(0xa, 0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x0, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000000)={'filter\x00'}, &(0x7f00000000c0)=0x54) 07:38:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x7000000, &(0x7f0000000400)}) 07:38:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000023ff0)={&(0x7f00000009c0)={0x1c, 0x20, 0x8aff, 0x0, 0x0, {0x11}, [@nested={0x8, 0x1, [@typed={0x4, 0x0, @binary}]}]}, 0x1c}, 0x1}, 0x8000) [ 687.579220] EXT4-fs (loop5): VFS: Can't find ext4 filesystem [ 687.605996] FAT-fs (loop5): Unrecognized mount option ".gÚ" or missing value [ 687.653125] IPVS: ftp: loaded support on port[0] = 21 [ 687.672580] EXT4-fs (loop5): VFS: Can't find ext4 filesystem [ 687.679378] binder: 12259:12260 unknown command 0 [ 687.699201] binder: 12259:12260 ioctl c0306201 20000080 returned -22 [ 687.717690] binder: BINDER_SET_CONTEXT_MGR already set [ 687.726246] binder: 12259:12260 ioctl 40046207 0 returned -16 [ 687.738478] binder: 12259:12268 unknown command 0 [ 687.742549] binder: 12259:12260 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 687.743391] binder: 12259:12268 ioctl c0306201 20000080 returned -22 [ 688.460650] FAULT_FLAG_ALLOW_RETRY missing 30 [ 688.465266] CPU: 1 PID: 12224 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 688.473749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.483082] Call Trace: [ 688.485667] dump_stack+0x1c9/0x2b4 [ 688.489285] ? dump_stack_print_info.cold.2+0x52/0x52 [ 688.494461] ? rb_erase+0x3550/0x3550 [ 688.498261] handle_userfault.cold.33+0x47/0x62 [ 688.502929] ? plist_check_list+0x7e/0xa0 [ 688.507075] ? plist_check_list+0xa0/0xa0 [ 688.511209] ? lock_acquire+0x1e4/0x540 [ 688.515181] ? userfaultfd_ioctl+0x5430/0x5430 [ 688.519747] ? trace_hardirqs_on+0x10/0x10 [ 688.523968] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 688.529317] ? plist_del+0x4a1/0x9d0 [ 688.533016] ? perf_event_update_userpage+0xd30/0xd30 [ 688.538196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.543717] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 688.548907] ? cgroup_rstat_updated+0xe6/0x470 [ 688.553486] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 688.557883] ? update_curr+0x200/0xc00 [ 688.561752] ? reweight_entity+0x1100/0x1100 [ 688.566152] ? trace_hardirqs_on+0x10/0x10 [ 688.570375] ? kasan_check_read+0x11/0x20 [ 688.574505] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 688.579072] ? compat_start_thread+0x80/0x80 [ 688.583464] ? lock_acquire+0x1e4/0x540 [ 688.587453] ? __handle_mm_fault+0x3a38/0x44a0 [ 688.592024] ? lock_downgrade+0x8f0/0x8f0 [ 688.596161] ? kasan_check_read+0x11/0x20 [ 688.600297] ? do_raw_spin_unlock+0xa7/0x2f0 [ 688.604687] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 688.609253] ? kasan_check_write+0x14/0x20 [ 688.613483] ? do_raw_spin_lock+0xc1/0x200 [ 688.617964] __handle_mm_fault+0x3a45/0x44a0 [ 688.622362] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 688.627188] ? __sched_text_start+0x8/0x8 [ 688.631332] ? kasan_check_read+0x11/0x20 [ 688.635468] ? lock_acquire+0x1e4/0x540 [ 688.639423] ? handle_mm_fault+0x417/0xc80 [ 688.643642] ? lock_downgrade+0x8f0/0x8f0 [ 688.647772] ? lock_release+0xa30/0xa30 [ 688.651735] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 688.657170] ? mem_cgroup_from_task+0xcb/0x1f0 [ 688.661733] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 688.666478] handle_mm_fault+0x53e/0xc80 [ 688.670526] ? __handle_mm_fault+0x44a0/0x44a0 [ 688.675089] ? find_vma+0x34/0x190 [ 688.678614] __do_page_fault+0x620/0xe50 [ 688.682660] ? mm_fault_error+0x380/0x380 [ 688.686805] do_page_fault+0xf6/0x8c0 [ 688.690587] ? vmalloc_sync_all+0x30/0x30 [ 688.694719] ? schedule+0xfb/0x450 [ 688.698247] ? lock_acquire+0x1e4/0x540 [ 688.702201] ? __might_fault+0x12b/0x1e0 [ 688.706247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 688.711073] page_fault+0x1e/0x30 [ 688.714515] RIP: 0010:__get_user_4+0x21/0x30 [ 688.718897] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 688.738145] RSP: 0018:ffff8801949df538 EFLAGS: 00010202 [ 688.743496] RAX: 0000000020013e98 RBX: 1ffff1003293beae RCX: ffffc90005630000 [ 688.750758] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 688.758022] RBP: ffff8801949dfcb8 R08: 1ffff1003293be84 R09: 0000000000000000 [ 688.765276] R10: ffffed0032793701 R11: ffff880193c9b80b R12: ffff880193c9b780 [ 688.772529] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 688.779788] ? __might_fault+0x1a3/0x1e0 [ 688.783837] ? sctp_setsockopt+0x1e13/0x6db0 [ 688.788227] ? get_futex_value_locked+0xcb/0xf0 [ 688.792892] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 688.798590] ? trace_hardirqs_on+0x10/0x10 [ 688.802812] ? futex_wake+0x760/0x760 [ 688.806686] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 688.811863] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 688.817381] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 688.822466] ? futex_wait+0x5d2/0xa20 [ 688.826251] ? futex_wait_setup+0x410/0x410 [ 688.830557] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 688.835733] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 688.841250] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 688.846336] ? futex_wake+0x304/0x760 [ 688.850127] ? lock_acquire+0x1e4/0x540 [ 688.854082] ? percpu_ref_put_many+0x119/0x240 [ 688.858649] ? lock_downgrade+0x8f0/0x8f0 [ 688.862782] ? lock_acquire+0x1e4/0x540 [ 688.866738] ? __fget+0x4ac/0x740 [ 688.870173] ? lock_downgrade+0x8f0/0x8f0 [ 688.874302] ? lock_release+0xa30/0xa30 [ 688.878263] ? lockdep_init_map+0x9/0x10 [ 688.882308] ? exit_robust_list+0x290/0x290 [ 688.887564] ? __mutex_init+0x1f7/0x290 [ 688.891522] ? __ia32_sys_membarrier+0x150/0x150 [ 688.896370] ? kasan_unpoison_shadow+0x35/0x50 [ 688.900933] ? __fget+0x4d5/0x740 [ 688.904368] ? ksys_dup3+0x690/0x690 [ 688.908065] ? lock_acquire+0x1e4/0x540 [ 688.912022] ? __fd_install+0x2b2/0x880 [ 688.915989] ? lock_downgrade+0x8f0/0x8f0 [ 688.920124] ? select_collect+0x610/0x610 [ 688.924253] ? lock_release+0xa30/0xa30 [ 688.928217] ? __fget_light+0x2f7/0x440 [ 688.932172] ? fget_raw+0x20/0x20 [ 688.935606] ? get_unused_fd_flags+0x1a0/0x1a0 [ 688.940173] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 688.945693] ? alloc_file_pseudo+0x281/0x3f0 [ 688.950083] ? alloc_file+0x430/0x430 [ 688.953885] sock_common_setsockopt+0x9a/0xe0 [ 688.958363] __sys_setsockopt+0x1c5/0x3b0 [ 688.962493] ? kernel_accept+0x310/0x310 [ 688.966552] ? do_futex+0x27d0/0x27d0 [ 688.970340] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 688.975868] ? fput+0x130/0x1a0 [ 688.979131] __x64_sys_setsockopt+0xbe/0x150 [ 688.983525] do_syscall_64+0x1b9/0x820 [ 688.987398] ? finish_task_switch+0x1d3/0x870 [ 688.991875] ? syscall_return_slowpath+0x5e0/0x5e0 [ 688.996786] ? syscall_return_slowpath+0x31d/0x5e0 [ 689.001700] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 689.006698] ? prepare_exit_to_usermode+0x291/0x3b0 [ 689.011697] ? perf_trace_sys_enter+0xb10/0xb10 [ 689.016347] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 689.021187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 689.026356] RIP: 0033:0x455ab9 [ 689.029523] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 689.048687] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 689.056376] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 689.063637] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 689.070885] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 689.078135] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 689.085388] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 07:38:59 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) clone(0x200, &(0x7f0000000300), &(0x7f00000000c0), &(0x7f0000000040), &(0x7f0000000140)) mknod(&(0x7f0000000140)='./file0\x00', 0x1040, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000280)='/dev/input/mice\x00', 0x0, 0x10000) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f00000002c0)={0x2000d000, 0x31be1a10958d8b60}) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000180)={0x0, @local, @broadcast}, &(0x7f00000001c0)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vcan0\x00', r2}) execve(&(0x7f0000000400)='./file0\x00', &(0x7f0000000600), &(0x7f0000000140)) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x6, 0xffffffffffffffff, &(0x7f0000000680)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x100000000, @empty, 0x8000}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) process_vm_writev(r0, &(0x7f0000000f80)=[{&(0x7f0000000e00)=""/65, 0x41}], 0x1, &(0x7f0000000240)=[{&(0x7f0000001480)=""/218, 0xda}], 0x1, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x27d, 0x0) 07:38:59 executing program 4: socket$inet_smc(0x2b, 0x1, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa}) getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f0000001580)={@remote, 0x0}, &(0x7f00000015c0)=0x14) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000180)={@ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x13}}, 0x1f, r2}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000100)=0x1, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000200), 0x8) mq_unlink(&(0x7f0000000140)='\x00') close(0xffffffffffffffff) close(r1) r3 = memfd_create(&(0x7f0000000000)='&\x00', 0x1) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x3}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f00000000c0)={r4, 0x5}, 0x8) 07:38:59 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) socket(0x12, 0x0, 0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) getsockopt$inet_tcp_int(r0, 0x6, 0x15, &(0x7f00000015c0), &(0x7f00000000c0)=0x2) 07:38:59 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/raw6\x00') setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000100)={0x36, @multicast2=0xe0000002, 0x4e21, 0x0, 'wrr\x00', 0x3, 0x7, 0x40}, 0x2c) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000004c0)="b9800000c00f3235004000000f300f091e0fc76ff50f060ff369002e0f01c866b8bc008ec8b9800000c00f3235000100000f3066ba4300ed", 0x38}], 0x1, 0x0, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000040)="66b9720900000f320fd489cc0066b80e0000800f23c80f21f86635080060000f23f8660f57a2c1000fc0f3f30f16526d0f32273e0f30f7fd", 0x38}], 0x1, 0x0, &(0x7f00000000c0), 0x0) 07:38:59 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x102d}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x5, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x4c00}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0x3bc, &(0x7f00001a7f05)=""/251}, 0x2e) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0) bind$pptp(r0, &(0x7f0000000040)={0x18, 0x2, {0x1, @broadcast=0xffffffff}}, 0x1e) 07:38:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x60000000, &(0x7f0000000400)}) 07:38:59 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r7 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r7, &(0x7f0000000280)=""/239, 0xef) getdents64(r7, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:38:59 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x101000, 0x110) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000140)={0x9, 0x0, 0x7, 0x6, 'syz1\x00', 0x5}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000180)={0x401, 0x4, 0x80000000}) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000280)='/dev/snd/seq\x00', 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000200)={0x2, @empty, 0x4e24, 0x3, 'fo\x00', 0x30, 0x9, 0x61}, 0x2c) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r3) [ 689.375392] binder: 12289:12291 unknown command 0 [ 689.393331] Unknown ioctl 1078743882 [ 689.402892] binder: 12289:12291 ioctl c0306201 20000080 returned -22 07:38:59 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000000080)=@ethtool_coalesce={0xf}}) recvmsg(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@pppoe={0x0, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000140)=""/250, 0xfa}], 0x1, &(0x7f0000000280)=""/54, 0x36, 0x3}, 0x20) 07:38:59 executing program 4: r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 'rose0\x00'}}) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=""/45, &(0x7f00000000c0)=0x2d) ioctl$fiemap(r0, 0x40086602, &(0x7f00000000c0)=ANY=[]) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000003, 0x11, r0, 0x0) 07:38:59 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000300)='/dev/admmidi#\x00', 0x2, 0x2) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000340)=0x6, 0x4) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f000037bff4)) openat$audio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/audio\x00', 0x84000, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=0x0, &(0x7f0000000080)=0x4) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0x2, 0x8, 0x5, 0x7, r3}, 0x10) r4 = dup3(r2, r1, 0x0) getsockopt$inet6_mreq(r4, 0x29, 0x14, &(0x7f0000000100)={@ipv4, 0x0}, &(0x7f0000000140)=0x14) munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f00000002c0)=r5) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f0000000200)={0x7ff, 0x4, 0x8, 'queue1\x00', 0x6f}) [ 689.427008] binder: BINDER_SET_CONTEXT_MGR already set [ 689.435123] binder: 12289:12291 ioctl 40046207 0 returned -16 [ 689.450831] binder: 12289:12311 unknown command 0 [ 689.466408] binder: 12289:12291 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 689.474849] binder: 12289:12311 ioctl c0306201 20000080 returned -22 07:38:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x10630840, &(0x7f0000000400)}) 07:38:59 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair(0x400001, 0x80000000, 0x1, &(0x7f0000000040)) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000180)=@getlink={0x3c, 0x12, 0xf31, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bond={{0xc}, {0x4}}}, @IFLA_MASTER={0x8, 0xa}]}, 0x3c}, 0x1}, 0x0) [ 689.509947] Unknown ioctl 1078743882 07:38:59 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000100)}) r2 = dup2(r1, r0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x40046304}], 0x0, 0x0, &(0x7f0000000300)}) 07:38:59 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') fchdir(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)="070000007202000400000000000000fb813ece000000", 0x1ff) write$FUSE_INTERRUPT(r0, &(0x7f0000000040)={0x10, 0x0, 0x6}, 0x10) 07:38:59 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="182000000000000000000040000000009500000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r3 = socket$kcm(0x29, 0x200000000000002, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @broadcast=0xffffffff}}}, &(0x7f0000000040)=0x84) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RCREATE(r5, &(0x7f00000002c0)={0x18, 0x73, 0x2, {{0xa0, 0x3}, 0x401}}, 0x18) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000080)={r4, 0x7, 0x20, 0x100000001, 0x7ff}, &(0x7f0000000100)=0x18) getsockopt$inet6_mreq(r6, 0x29, 0x0, &(0x7f0000000500)={@dev, 0x0}, &(0x7f0000000540)=0x14) getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000580)={{{@in=@local, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@loopback}}, &(0x7f0000000680)=0xe8) accept$packet(r5, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000740)=0x14) sendmsg$nl_xfrm(r6, &(0x7f0000000b80)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10001}, 0xc, &(0x7f0000000b40)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="880300001600180026bd7000fbdbdf25ac1414bb000000000000000000000000ff0200000000000000000000000000014e2200204e2400040200a08016000000", @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="fe80000000000000000000000000001d000004d533000000ff020000000000000000000000000001020000000000000004000000000000002e000000000000005949000000000000020000000000000001010000000000000100000000000000000100000000000000020000000000001f00000000000000000000000000000009000000000000000295000007000000800000002dbd7000063500000a0005ff060000000000000005000000030000002c001300ac1414aa000000000000000000000000e0000001000000000000000000000000000000000a0000000c0015005b0735006d09000094000100676861736800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005002000021958a1d8ac90c61450f8ae8d3d256424a0b2bd6239432f598b3d6aa83b51236704d38374e18a55152344e4a3bdeb14153b8ef425c8dd5f2e8824288486b8db0a13dffa8ec23bb8c89020000240009000400000000000000090000000000000002000000000000006f060000000000000c001c00", @ANYRES32=r9, @ANYBLOB="02000000cc0102006563622d6369706865725f6e756c6c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080400006bba52a697152039bc85cb2170621b847100b6ef497bcb9c559861c4633f7208db54a7ffc4762c988668bfc36258fa9636c1bc8771b065f56b7d84719b653fb8d0a19a20ee8cf43ff36f6a63da5922287bc47a7ad0be218fa68b45141502095acd36f346b6716094addb53b8d9e732195b055af6aaf46a17546ac7574ea378a17156940000002400090000800000000000000101000000000000020000006b000000ff01000000000000a400120072666334353433286165676973316c2d6165736e692900000000000000000000000000000000000080000000000000000000000000000000000000000000a8020000800000002b4d6b1f2ef0f78f41ad21ee48df6cafd8d9cc40fe763f5d48b8505b62531b6834c95b3e94efab30178205cf64c4066ef5bb76c08aefdcbd48182f00417434417723494ad275b4240638ae2e7bd87a9dc681c6749aff5859b92a6568042fa129e46059a1060000000000111366f99bb15d2ced0510"], 0x388}, 0x1, 0x0, 0x0, 0x4004}, 0x8000) epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r0, &(0x7f0000000300)={0x40000000}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000000c0)={r1, r2}) shutdown(r1, 0x1) [ 689.556917] binder: 12326:12327 unknown command 0 [ 689.563832] binder: 12326:12327 ioctl c0306201 20000080 returned -22 [ 689.601360] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 689.621323] binder: BINDER_SET_CONTEXT_MGR already set [ 689.632230] binder: 12326:12327 ioctl 40046207 0 returned -16 [ 689.671924] binder: 12326:12338 unknown command 0 [ 689.679991] binder: 12326:12327 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 689.706657] binder: 12326:12338 ioctl c0306201 20000080 returned -22 07:39:00 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x10d001, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x0, 0x0) getsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001380)=ANY=[@ANYBLOB="24c1cecd"], 0x4) ioctl$KVM_NMI(r2, 0xae9a) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001380)=ANY=[@ANYBLOB="f10f6f"], 0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:00 executing program 6: r0 = socket$inet(0x2, 0x80003, 0x2) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x12, &(0x7f0000000100)={0x0, {{0x2, 0x0, @multicast1=0xe0000001}}}, 0x90) r1 = gettid() ptrace$getenv(0x4201, r1, 0x0, &(0x7f0000000000)) 07:39:00 executing program 7: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) recvfrom$llc(r0, &(0x7f0000000040)=""/31, 0x1f, 0x12003, &(0x7f0000000080)={0x1a, 0x30d, 0x2, 0x4, 0x0, 0xa3}, 0x10) ioctl$EVIOCGID(r0, 0x80084502, &(0x7f00000000c0)=""/4096) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000010c0)={0x5, 0x100, 0x8190, 'queue1\x00', 0xff}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001180)={{{@in=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@loopback}}, &(0x7f0000001280)=0xe8) bind$packet(r0, &(0x7f00000012c0)={0x11, 0xf6, r1, 0x1, 0xcc, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x14) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x1f, 0xe, &(0x7f0000001300)=@raw=[@map={0x18, 0x6, 0x1, 0x0, r0}, @jmp={0x5, 0x0, 0x3, 0x8, 0x3, 0x1, 0x14}, @jmp={0x5, 0x0, 0xd, 0x3, 0x5, 0xffffffffffffffe0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x200}, @map={0x18, 0xf, 0x1, 0x0, r0}, @map={0x18, 0x4, 0x1, 0x0, r0}, @map={0x18, 0xd, 0x1, 0x0, r0}], &(0x7f0000001380)='syzkaller\x00', 0x20, 0x2b, &(0x7f00000013c0)=""/43, 0x41f00, 0x1, [], r1, 0x3}, 0x48) ioctl$sock_ifreq(r0, 0x0, &(0x7f00000014c0)={'ip6gretap0\x00', @ifru_data=&(0x7f0000001480)="3b583dbd2453972ab5b3e1efc38bf199251573ca4a98e60bab89172cd7e4a5ac"}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000001500)={0x10000, 0xffffffffffff8001, 0x454461b0, 'queue1\x00', 0x10001}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000001ec0)=0x0) getgroups(0x1, &(0x7f0000001f00)=[0xee00]) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000001f40)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001f80)={0x0, 0x0, 0x0}, &(0x7f0000001fc0)=0xc) r8 = getpgrp(0x0) stat(&(0x7f0000002000)='./file0\x00', &(0x7f0000002040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000020c0)=0x0) r11 = getgid() sendmmsg$unix(r0, &(0x7f00000027c0)=[{&(0x7f00000015c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001c00)=[{&(0x7f0000001640)="b5ffd3ce138a81d239a7b2e8e0d05123117fb78d1ef042738d04ea4c3e150a120a5a92c200c42184fd83d9e8e965c8579daf7300c0ed1fc5588e0fac11a4632ec810a745a7347549e30a6d7523dfb3227e4ceb61a6f65ecfa25377dc443c0cd0adc67dac7a192990aac815ccd8cc9bc035ec66237a04afe33fc5cb6cd5e4350220250b5b4a1c5120c7b22492a129b63bd4a13a844092f92ca89baff5e83f26cfa7646f63f5f470d865e90a498322cd0064e43a20c1b87d52e169f3a8c0d25927f44eaa0c429bd363120de991a822e1b88dc223b1ce69a5cf89296688169549e02623f6c00a59a1d582c3433b53faf4f1179daed89de8ba473399fee184", 0xfd}, {&(0x7f0000001740)="a9f1845ad117398790bf0bb053d47dc408e57df41717d69a95b9f9d7f2b1ab960b8e9768df3790201182845db673702c2c2d27182c04bd544a532b8de150178b9c31e121315be1b1a5e339182ad4d600f394e27d6555e74bbe09945837609c694382a9d122b383511d805dfde0abe76b2f56d7ee572dae655aa3cc10b57de6e93099cb86f0192503ce4dee0804b94a87bc6ed27f4cc76e4dd68085c1ec3b26bdab08296a73320959f9438ab21e3bb7ace5b6d3f19671e51041920c952464c1442aa60bbe651cb5fd75a3f937fca805067aee846fb54ca377329f8319db9f8f0a738cc3ee47e662643d35b7714961a96dbf88393325cb", 0xf6}, {&(0x7f0000001840)="5639b4a0fe3bf57d3d6403ceea30daa6de9bcbc4b4946506ba34e31e7fe68a04d229a5165bdcebaa9cec8b2ac9ce", 0x2e}, {&(0x7f0000001880)="a72d381a28b4481ff18eab66acac623dce0ee9737a93d5a3f6dce5e6dc434fe696ba92a920f70faf1835be6d140654fc88fab636c4d6ffd4b5f367b091f0d6ba8465bc7d3808b2c07ac33a37ef12f6f6de216aaa3bf5b6f9768ae89aef1c4e3262dd7db5fa1b453e86e00ccb46dd39ea5c5d5d9b1aa91c794fcc151827813db830e1edfbe5ccef483bf8f38a116a90d9fc4dba66f75a478759ac33806caf9b76ba09a7d86df0ff827a160d2f386acc983c3b6e660ce0", 0xb6}, {&(0x7f0000001940)="269ffadfbad19ec4", 0x8}, {&(0x7f0000001980)="c415bb0455cadf14c7482fdadf8e0dd9e5ad598887791423f89c28193c1f944044fd242108f6e1219f238fa3ae2d87488e738487ee8dfb08dfef601bbaee16df1237be7dbea3375f103cf933739740d094c030befe284614856c70064d38c0925224c67588c7bb938bbd83c5fd961a30b8742d37eeb8a19d9090844d8de4bc93aa0a0a419b07ba33e77fc8688a6c737e3caf2ee39ebe4e122b196f7f330779637f211dab22e2269ea2159eac7099868e6b5f0511a6e27068013e27288fdfce9576886ff0a9100d324a7a6d0eccfbc1c539255c813533cbe5c9163e95bcae59594a9b12de", 0xe4}, {&(0x7f0000001a80)="de319b8bae1a14f519861a5d5554d92f1b459cfd495e6d9be62b44731f57689a76f91f47a6291f7544c4a6b150e1c200d3097f3b7a3933d9d1978c03e811346c2fe8158f0e0e2a7db2a0d56861e565339dede0054045a024d0817f8a1b8a8d697c7f78943c0492ec8d99f9edd64e883130fa4d57235b98", 0x77}, {&(0x7f0000001b00)="f841dd21da2bbdb17f47aa37b734a37174325060bcf2c52bbe6175ee5e6bdc31e5f46d08933da8ed84bb10770e515f0d62a905e6f5ec37f4455eb14e901f329aab9865637703904cfa78d7c6d1bd021662d6fab4f24e18bf0c847f59ed93065319378b5614c1bf182fd516447b2517d985cc3a5f6ec55f0375e3db6a43c851607e42722d0e41b0f6051cb829358c9bd0c4048591c8d83d02c7cb8aa7fd4d77d3973b14799b92600f2710e3db8248c9f844c65e1d3cd0b8668b1146c8e4e1505631bf8c7e402afef8c69390a50a", 0xcd}], 0x8, 0x0, 0x0, 0x8000}, {&(0x7f0000001c80)=@file={0x9e738599da76f2f5, './file0\x00'}, 0x6e, &(0x7f0000001e80)=[{&(0x7f0000001d00)="a984e4875a7843596067df4aaa1d196f0cdedd5f3fe88c6bf992b309765f3265dac9d1d152aeb4f22c186845f8427c3103eaa58ab3a59b66a85340e1a91c", 0x3e}, {&(0x7f0000001d40)="74d6c9e4b671577169b2d4e6cbe1f0199c8bf224c05979f4f72039b1cc731c2b31fc673f20996883a4992396048257e4c1285f022e6cc923619f49a4d266e8de13097d9468869c6f3db90aab4aca07445684ad360c8d65c244cd625da8bf5a63d160e1aa848fd77cfa767f93ebf5ab43f5b03bcf9d2d7155cccc90c2221e8b385d3d05fe50e52131b3abffdba4dc69371796d4053ef641251f7d03c81165380c6b62175f6ecc354fc64dddeab1067e5495dfa31590571b0eb373f5e3c1ddd22561b96b89", 0xc4}, {&(0x7f0000001e40)="106124a878bfb4ef179d539e9e6ba1b7ce9733908225e7a86677dda8c408a3b307e3d39309ac28", 0x27}], 0x3, &(0x7f0000002100)=[@cred={0x20, 0x1, 0x2, r4, r2, r5}, @cred={0x20, 0x1, 0x2, r6, r2, r7}, @rights={0x20, 0x1, 0x1, [r3, r3, r3]}, @rights={0x20, 0x1, 0x1, [r3, r3, r3, r3]}, @cred={0x20, 0x1, 0x2, r8, r2, r9}, @rights={0x20, 0x1, 0x1, [r0, r3, r0, r3]}, @cred={0x20, 0x1, 0x2, r10, r2, r11}, @rights={0x18, 0x1, 0x1, [r0]}], 0xf8, 0x4}, {&(0x7f0000002200)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002740)=[{&(0x7f0000002280)="3c9d2ca92ba414265153cd8c71c21de640215802842a50646afa007a0707b1fc892f8ef7b9d93a62aa3f8a3e9614ebca7235a7b530692a94a0aa35ca84e9c0a7a108cf02d044b38bfa94be6e86ea3dd5a63f56048240c0b325b20556d8c7c89504483b9914bf47292fe7927977d403d278e3e3fc7933a4b7e6fadee0402e1496209b", 0x82}, {&(0x7f0000002340)="b56e96356913175cc78aea90efddafed009bcf741bc260618ea89c22fca9fee07236f88f00fae65c401277dc9b32631d2b", 0x31}, {&(0x7f0000002380)="36eab1aafed954f1a25876", 0xb}, {&(0x7f00000023c0)="6e8d1a399e875b35e568651c708eddbd0e1a678cc86f4748810463c22a78533226f288a301ebf023d8f86773f3bcee71b9d7cd8a77b5d568688cdc7855f67ba28d9123493c3ef1f88b7b14132dc02c0325261b94b93c4878d0667258b5dd4ec95851f7e0268c198cb26445b7fad914af286c84393e4f1cf476aeabbfd0b02be8db50e72d5db2106ed7ef4bd70710d5055196919175ab9b3dc31bc9e0ea3797711236b3b5", 0xa4}, {&(0x7f0000002480)}, {&(0x7f00000024c0)="7c3980331f75704cfb3968c0e8e4d6aa16cb73a13e1a9ab194acc427dccda245571dd7d99fc44e641488029fe292d11db84cdaf82667e1af84b5c8bbe6e1f51d17f385585f135f8c8e0d4c7cb9f73310db2f0400465551365a02ec5bf7b182cc3493154d16fcc161a8f0eeb7f2c8e80a57a386f01ca99c4c741aef31aaadcbecfbfe775a1b6f84e1d67511d96ded688ec3ebb0e365b975d5cb1bdab35284768ece18bf920b806f129b8d7fde3155f828613fad8257824ba2d08e588559aad98bb4338ebd3f1de0dfb2b2ae116a6186fee9a7c3991fcf23", 0xd7}, {&(0x7f00000025c0)="a837ef459e73524c40cd94ad0c7b783ec22f7c5ffbdaba220972887433b901a966bde3e443380cffe0010901433a1b9c629a1daf976197df2e360a62ad6d2925359b12ff73226dbe0196e5d6e5d0cb1bbe4065d21298272e17c578e26ec61ea8c814fc34a1015707f52180387c6c64ef4469ed6eeb37cee5df8889a09bad744cd5377b634c71abe5de027de32952ca6affbad355d691c2fb482a35e9732e77d03e2658ca0a24af95413375cdcc979de8438f0bf40b0e599497217403194ff717ce0512", 0xc3}, {&(0x7f00000026c0)="4aa9a03ac74c15c8d7a025d651c464fc8250e3c0ba1809f825dea0b5c71e668c8bdd90c65b1d11343f59bc371a21f4a0f35b9018f5b935934f07d13a55affd5a855ef6501ab7550d41dd869132afa51a07dcde", 0x53}], 0x8, 0x0, 0x0, 0x44004}], 0x3, 0x0) recvfrom$unix(r0, &(0x7f0000002880)=""/55, 0x37, 0x40000000, &(0x7f00000028c0)=@file={0x1, './file0\x00'}, 0x6e) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000002940)={0xffff}, 0x4) setfsgid(r9) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000002980)=""/4096, &(0x7f0000003980)=0x1000) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f00000039c0)={0xef, "cc88b77317b53a598aa8cfdec473d1d50cb8cfee7f9aa3fa00d5fec3b3076612a7ff10e7a9adb496205f3af68777588040977edbe6772f2696a1f81be8e0d222c9f938d742ffd2de09ea9c28ddfb6f3a5addaf7b1b53b0fe76ece929254c1af0808763a5dd05644bbe0a086426d8a43b0ea267ff32a312324975e6c8b6e4f80dd115cb5acdce8e6cb9e64e97e28116b678c7ae81b374ac69c5cec08dee5a07721028ba74267ce314c29d65e94949a7347f71cae30df9614485331ba9d5f49ebbc4a3fa3b4a958a403dc2b37954a5e3b974229444086d814a5421f9b8703c012f79d5c72fbf451ba5ad2230c60dbbc0"}) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000003ac0)=0x6) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000003b00)="7f4c99f19da3798902640042b91d7e721d3dcde0dbdda575dad74ff2eb8be234c1aa983696a2e13e7075556c390cde49c7959382a7b5890d3d5725674af6a5b794f9a93a1f4900a54b0437") modify_ldt$write2(0x11, &(0x7f0000003b80)={0x5c911abf, 0xffffffffffffffff, 0x3400, 0x0, 0x0, 0x800, 0x6, 0x4, 0xfffffffffffffffa, 0x8}, 0x10) signalfd4(r3, &(0x7f0000003bc0)={0x2}, 0x8, 0x80800) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000003c00)={0x1, {{0xa, 0x4e22, 0xcdb0, @mcast2={0xff, 0x2, [], 0x1}, 0x1f}}, {{0xa, 0x4e22, 0x0, @empty, 0x3f}}}, 0x108) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0x5) ptrace$peekuser(0x3, r6, 0x400) 07:39:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x12000000, &(0x7f0000000400)}) 07:39:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000080)=@sack_info={0x0, 0x120000000, 0x2}, &(0x7f00000000c0)=0xc) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={r1, 0x80000000}, 0x8) writev(r0, &(0x7f0000e11ff0)=[{&(0x7f0000000000)="580000001500192340834b80040d8c560a02000000ff81004e227e00000058000b4824ca944f64009400050028925aa8000000000000008000f0ffffffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0xffffffffffffffaa}], 0x1) 07:39:00 executing program 4: sched_setattr(0x0, &(0x7f00000010c0)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) io_setup(0x6, &(0x7f0000000040)=0x0) io_getevents(r0, 0x2, 0x8f, &(0x7f0000d83f60)=[{}, {}], &(0x7f00005cfff0)={0x4000000000001, 0x7}) io_destroy(r0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x800) ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000080)) [ 690.356304] IPVS: ftp: loaded support on port[0] = 21 [ 690.404660] FAULT_FLAG_ALLOW_RETRY missing 30 [ 690.409272] CPU: 0 PID: 12308 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 690.417756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 690.427091] Call Trace: [ 690.429667] dump_stack+0x1c9/0x2b4 [ 690.433278] ? dump_stack_print_info.cold.2+0x52/0x52 [ 690.438454] ? rb_erase+0x3550/0x3550 [ 690.442245] handle_userfault.cold.33+0x47/0x62 [ 690.446913] ? plist_check_list+0x7e/0xa0 [ 690.451046] ? plist_check_list+0xa0/0xa0 [ 690.455181] ? lock_acquire+0x1e4/0x540 [ 690.459142] ? userfaultfd_ioctl+0x5430/0x5430 [ 690.463718] ? trace_hardirqs_on+0x10/0x10 [ 690.468200] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 690.473556] ? plist_del+0x4a1/0x9d0 [ 690.477269] ? perf_event_update_userpage+0xd30/0xd30 [ 690.482451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.487970] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 690.493149] ? cgroup_rstat_updated+0xe6/0x470 [ 690.497748] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 690.502170] ? update_curr+0x200/0xc00 [ 690.506053] ? reweight_entity+0x1100/0x1100 [ 690.510456] ? trace_hardirqs_on+0x10/0x10 [ 690.514679] ? kasan_check_read+0x11/0x20 [ 690.518810] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 690.523377] ? compat_start_thread+0x80/0x80 [ 690.527769] ? lock_acquire+0x1e4/0x540 [ 690.531733] ? __handle_mm_fault+0x3a38/0x44a0 [ 690.536304] ? lock_downgrade+0x8f0/0x8f0 [ 690.540449] ? kasan_check_read+0x11/0x20 [ 690.544582] ? do_raw_spin_unlock+0xa7/0x2f0 [ 690.548983] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 690.553546] ? kasan_check_write+0x14/0x20 [ 690.557760] ? do_raw_spin_lock+0xc1/0x200 [ 690.561984] __handle_mm_fault+0x3a45/0x44a0 [ 690.566377] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 690.571203] ? __sched_text_start+0x8/0x8 [ 690.575333] ? kasan_check_read+0x11/0x20 [ 690.579463] ? lock_acquire+0x1e4/0x540 [ 690.583424] ? handle_mm_fault+0x417/0xc80 [ 690.587640] ? lock_downgrade+0x8f0/0x8f0 [ 690.591771] ? lock_release+0xa30/0xa30 [ 690.595992] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 690.601426] ? mem_cgroup_from_task+0xcb/0x1f0 [ 690.605986] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 690.610725] handle_mm_fault+0x53e/0xc80 [ 690.614768] ? __handle_mm_fault+0x44a0/0x44a0 [ 690.619349] ? find_vma+0x34/0x190 [ 690.622876] __do_page_fault+0x620/0xe50 [ 690.626921] ? mm_fault_error+0x380/0x380 [ 690.631054] do_page_fault+0xf6/0x8c0 [ 690.634836] ? vmalloc_sync_all+0x30/0x30 [ 690.638971] ? schedule+0xfb/0x450 [ 690.642494] ? lock_acquire+0x1e4/0x540 [ 690.646450] ? __might_fault+0x12b/0x1e0 [ 690.650494] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 690.655329] page_fault+0x1e/0x30 [ 690.658778] RIP: 0010:__get_user_4+0x21/0x30 [ 690.663163] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 690.682313] RSP: 0018:ffff88018f3c7538 EFLAGS: 00010202 [ 690.687660] RAX: 0000000020013e98 RBX: 1ffff10031e78eae RCX: ffffc90005630000 [ 690.694909] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 690.702165] RBP: ffff88018f3c7cb8 R08: 1ffff10031e78e84 R09: 0000000000000000 [ 690.709430] R10: ffffed00327934f1 R11: ffff880193c9a78b R12: ffff880193c9a700 [ 690.716682] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 690.723949] ? __might_fault+0x1a3/0x1e0 [ 690.728000] ? sctp_setsockopt+0x1e13/0x6db0 [ 690.732390] ? get_futex_value_locked+0xcb/0xf0 [ 690.737040] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 690.742745] ? trace_hardirqs_on+0x10/0x10 [ 690.746972] ? futex_wake+0x760/0x760 [ 690.750758] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 690.755932] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 690.761451] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 690.766548] ? futex_wait+0x5d2/0xa20 [ 690.770346] ? futex_wait_setup+0x410/0x410 [ 690.774666] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 690.779848] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 690.785378] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 690.790465] ? futex_wake+0x304/0x760 [ 690.794262] ? lock_acquire+0x1e4/0x540 [ 690.798217] ? percpu_ref_put_many+0x119/0x240 [ 690.802783] ? lock_downgrade+0x8f0/0x8f0 [ 690.806911] ? lock_acquire+0x1e4/0x540 [ 690.810865] ? __fget+0x4ac/0x740 [ 690.814299] ? lock_downgrade+0x8f0/0x8f0 [ 690.818425] ? lock_release+0xa30/0xa30 [ 690.822380] ? lockdep_init_map+0x9/0x10 [ 690.826419] ? exit_robust_list+0x290/0x290 [ 690.830718] ? __mutex_init+0x1f7/0x290 [ 690.834671] ? __ia32_sys_membarrier+0x150/0x150 [ 690.839407] ? kasan_unpoison_shadow+0x35/0x50 [ 690.843970] ? __fget+0x4d5/0x740 [ 690.847407] ? ksys_dup3+0x690/0x690 [ 690.851112] ? lock_acquire+0x1e4/0x540 [ 690.855063] ? __fd_install+0x2b2/0x880 [ 690.859025] ? lock_downgrade+0x8f0/0x8f0 [ 690.863158] ? select_collect+0x610/0x610 [ 690.867296] ? lock_release+0xa30/0xa30 [ 690.871264] ? __fget_light+0x2f7/0x440 [ 690.875226] ? fget_raw+0x20/0x20 [ 690.878660] ? get_unused_fd_flags+0x1a0/0x1a0 [ 690.883226] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 690.888747] ? alloc_file_pseudo+0x281/0x3f0 [ 690.893138] ? alloc_file+0x430/0x430 [ 690.896943] sock_common_setsockopt+0x9a/0xe0 [ 690.901422] __sys_setsockopt+0x1c5/0x3b0 [ 690.905551] ? kernel_accept+0x310/0x310 [ 690.909598] ? do_futex+0x27d0/0x27d0 [ 690.913381] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 690.918899] ? fput+0x130/0x1a0 [ 690.922172] __x64_sys_setsockopt+0xbe/0x150 [ 690.926574] do_syscall_64+0x1b9/0x820 [ 690.930446] ? finish_task_switch+0x1d3/0x870 [ 690.934923] ? syscall_return_slowpath+0x5e0/0x5e0 [ 690.939845] ? syscall_return_slowpath+0x31d/0x5e0 [ 690.944753] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 690.949845] ? prepare_exit_to_usermode+0x291/0x3b0 [ 690.954853] ? perf_trace_sys_enter+0xb10/0xb10 [ 690.959503] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 690.964361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.969539] RIP: 0033:0x455ab9 [ 690.972703] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 690.991828] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 690.999527] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 691.006785] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 691.014042] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 691.021305] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 691.028566] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 [ 691.085890] binder: 12354:12374 unknown command 0 [ 691.090934] binder: 12354:12374 ioctl c0306201 20000080 returned -22 [ 691.202806] binder: BINDER_SET_CONTEXT_MGR already set [ 691.208341] binder: 12354:12374 ioctl 40046207 0 returned -16 [ 691.243534] binder: 12354:12380 unknown command 0 [ 691.248545] binder: 12354:12374 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 691.256058] binder: 12354:12380 ioctl c0306201 20000080 returned -22 [ 691.677933] team0 (unregistering): Port device team_slave_1 removed [ 691.686869] team0 (unregistering): Port device team_slave_0 removed [ 691.695899] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 691.707972] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 691.732350] bond0 (unregistering): Released all slaves 07:39:01 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write(r0, &(0x7f0000000280)="e7172377fb93eda78d8f9ca405d5e369e066fa2730d13500700fc198b29d1261220b59ae61d5afa96e946a9dc46e8a8af439c02b06ce6c424a4dfa98185a69f338c155eb9099f25ad27240e70cc724b2f6b0038f810ec4f89e0de910382a0543227095d785b120d8b96b5a6f9cd9ce09cf4b744a01d508d71648ae33f36cb6c95653472167485f7a368772fb8ca2077614a308cfc83affb042483553531d3e0292d18d65cb04e980e1a6fe163dd24d7eaf7667378b0bb2164b14c4785a6b8dfe3502ef193bc88d232801721a1c897b938c2088e18924d6f047139fb740484d6136dfdf851ea5222480ae8d6cae110cc45ea909aa0f2790ae32af36938fa15ad666183db733b849aa90154e10e6971a71b8f339f05af9b1312aeb052c3820946b17d9c2c5c47fd673e57f75b366501d6b0dc2f0ae165b9436176ffd20b21b31d9df8f0672ef940ed4084d3c20c9d4c7308b2c0e4dce133ddcf794d7d232345cd4299647a14f75f1084ca06dcfea3503de2d034e0987a3c9f5ab577b5bfdd52ddf3b2abc57f6318213197ce2c6fd83d22c618c39a3e32fe696dc25dee553419373ef7374a2876ccb6f6761ccbbba27285b9df5df591940d8028db337dd65aca492dce1eaf1acb5d04b20191529db595e39a1467d97386a326af0825cbee040b714f928aa4e947bcd7b3070917ffe603d406165133cebc28135560dcec5a776e4b051f439e2a69e966979669531d15f6a6c3b7564b6888db2bbeb22ef39b3f14e8d9c28c7cf7d12a098d26c58bd967050f15c70c198919a209656f50d03656b4ba71a4af7aecf45c69bf95f48b8312357d012f31020fa79443fc7ac7611aa1450af47afa40ae1bbbacb6c9339dca8159e3c3a23be7773847561180d39206dfd9625ea86b1afde374c378a15f440ca87602118fc55c3256274cd611414fa2167770beeb778c93dd589b8081d0cebac77f48a24f203f5b14c646a7c517104e6bf6a4bcc32cc650a3919926ee722d3b633b573de502cebc6b48de693cf4c09959122b58de868e4e098e469f2627de860e7b7ccb802f77288942c10c365c3e49d3c63d012eecade41d44363dc54230c97f5f59327b82bc5ed59b5e27d3ddeef9c5f5ea06f2b8e9f7f16b0dbbd5e3c0bc32e85daad240a50f35402e8ac72239806e3d286d13cf5e03eb4bea145e461bc147230a95124f507d55ff3f84b2ff3d85a8cfabee850aa43d94423d45416bd5da8c48508a281a0fe0492ede5b771c071fc3d80b515fde982f749f75be18ec09f708b68a3e8da34c80a736d64a78735a75cfb613fb11f6e445833377d1b9d34ddcfe8970337fd0546dc7ab2814ddff03f1f084c1e216c93526ba255b00bea215c39e99e974e1a3c5408d42fc4e9e9421fa9e412f19d9aa8221c49c7a66375964a8c68be8441c68c4b14c62ec18fd048d12af45ba63f2ca47fde540393718f207d0bc59800c6f247e31f19d7d016133288b83b88d17511a9d77abea4d5fb9367ba48fb98ffe6ecc2c709b281a15e191c1c4c7b437f0258739ecbc1d032583ef122f8442433ebe579e1a2bfea14ae13a90932f822819d8a069ba56bc96c5fe061c438c4f835334c0633d08c000ff74350704ff652223169511e10a42bc0510f2f56e24d2fdd26d7957a1c18e04e50ee91260bbc3383eedf88030dd10f66c3f04067cab4cb7432c23f68be9d72ff2992aedef21f98dfb3db08e60297461e1586bc9854be458742dfe406d6e1046dbe440a8e59d00f881e00ca1a8b540bb9d9de2a0da70a062bedf25ecd84901728ba776fb7b10473ad3bb98fc9219e7f36de9cbbf4491e7e8098422255cb43be7fe5e294073d761164339357521d38ac45b839e7e9bc6eaf6622a1fd708c07a437a5489dfd4c6bb126e84ed1a360ed1b7303dc027d040347fb81facbfc32f8d194971b238e5e5c153722b6c4bab6e623c669d22041ff288c4a3ac94ff4f45a4e46a93dcffe2396656760c2ec85498167bd6d344e149fd4d000473bba4473128dd83275a7353ab5d300191bb7d32fdbb92532b2aba6993c6684a7e4e75d6301ca5a96b7c89af3c572b4c4dd0618ade271c615e7ef57a277273b6153d90c79ef7dfe90d5f8b9d5d5745a842b62db50cd3de5fc7ee47b1ac274f76352c9d58ef9b8b3410f8587080849b74a5c37b600bc0d32c6ee553ea04907aaaa40006c44d31fcd16cedbdbfd953d9fed2c958ef820f3c969063ecef0dc0e5f7f6fe85f264cfd962ffa5991cdce5f4c01cac31ab953ad07ac3b922a650aeff2ec759ae5698eaeab444cae2d7160a98728267aaa50358c4324b8992f54f65cdb296a9ae3d48db63ada9b5bd87d87fa015ce3a1c9b298304ada11f818fabc954c542389f538ca23c6d78a519b8fe354d358bad985064345e5162497a07a5fe9bfe692fc5a931aef6739dcbbde9fbbbd030fae7f8cc92c6d293af87b005fecfaa600ca10d7a4adf1690a66573e4df59a58a5b271eab1a4b0ce0dbf2cdb0604b29a3219a67ff4311c8dd48ea5f0374e4563d7eb56d7a69d607ca38176503bd37c7b7a89c5f65373bb37c575cd475e3829ba85b32702048bf13454d2672f9a421c7f7fd1336b6ffc8eb10d7495989fff642c60498a73b43206d6745a08009bd3f94d3f5f9848abd07c687f1bf2442ed9b72bac7c3ebb84e9c58d470041f74bf0e142ca4a7c45ed0eb57125b9bfd6a5655b906f80bcb71c80d36e73c28417462cee1ca359542dd157d0d592770e4483abe27e9b25c6e9e3533d27a3d907559fd7ded5ce24b60b7dd8d8dd0039b3f6fd8f960b75aa4cb240b7e05839591dba062b06f7cd5fa374e71873176709f69f97c4545b69ed5059590c6a5f9d587af7131ef5e1945ff7e5fd3e7ce344b5f56691da05cbb6eaedd55aad564f407f343e2c9dd3ec47be49b9d870f8f6346c1b6a15ae88405880a272d8c53ad11eb4cc6fbf86738b0e5fbfa0f28189820a4d8b3c050f9da1aae1ad8339ade28b30f2f0af5a13f7c87e291e186d6de547e6fae11008e48b44a977159804b9034357d45a938e3583626cace8838ea3b6db5c22db3e8c898fce6f5fd87466e1d81f776487b0b2b4c5daff57e0e30419170269cc5352e6a678efe766740d817e5f7c1125a1744f729ecef3350b307892ff8273510679b6485f06fc48cf0741091bfc969a6907ed5a6bbf75108d2040f7f1bbf495329a42002d62db6e29560d17624d285f21f15b2d10a97ef2e288247cd341e9eef409da67f24e9b6de5fe2942239308dc5670c57a99eb5eb24581ef4a14902bfb5dd3fae9a1e29bc74a13e5459932eeb06c7b571054880b6958471fc92e443776f31a6559df183d80497045a250964236289241b8a9d0bb5061a1b5553bb719d5e227fd9f77ceb3d400c5b6cdea88c85d4b1ce4856005ce6f6d690cbff1c8b8241bb8cbb8f0091593aeed0e80d70baec3527681a9080fa0a2ca4871f593e6930cfc26b017e026248aca95150bf08b5d71ccef25e0f4b84e7fae20defde7de98046acf4d069d4a4a32f08f1a3d1f4682b4485269988b2951788ebd16f67b41b556700e6d48eada4032c7aaa11366647d79ac79c7301dd0bc2f9bfaadddedf4c537a4a59c3eababcf45dcc6dc62a3771bf14493e1b93dc072527963d6011f24cdbbd253ff5b850f96aa658638d0a34ee949b664ff00e16e413e3c322b585c003ce54f043fac6bbd765cc2b1548929cb9db16e07385a3a7377356546afc285954c379cb96c47845fbba826bb4e0ba57b364e140ec5d18cbe8cfc8ed835aec41ff4e4c760cb6cc5b98670e1452f4690107d8594db3f3f43ff69d534a06e9702e158390057851f4bb3f14d2604f55480c3d884bc563aa7df5f4f43a33803fa52d6863e82d5d4b1249e2f6418b2dae2413eb2f297f805d1690af633b67f33d1197c685ef3d5dbf967fa8929ecf59eee15f2a63d0623c33323ea312015ccc3b816d031d1cb931f3f1f0537303d1c790c59fe1966abf3173a0c9ee1da765558dbe416c8226afadc40c039094259ba6cf2feb6be36c3bfad6b1bfa1f24caa67e298b97e31ce4f9652d62bcdc6a94494a8da685605ed6ab315055eab058e5e72d27cb12ba91bb486f2ba8d6e05c338e89d2558d71a2a862330533e212002a1605639cd07794210ef867b32786d710731ecfe1b3cf615f1f711ff5d122deb8000f5d8ac787719ff9341e58817fb3467943bf2e441780cb410f2fef060352efdb59300b9999bbacbaf6b175933350085906ed831b33d15b665a35b7f20d9dce2472cbabfa62ceab62b0f6db7f9da520c4ff0adcc73fbad4747fe408079d54715eea32d4a9fea264b63ba3594774fcb62ad7b4447341fec0f17314f76e85e6511c1a60ebf1028436f9f9b58557d1d26a9093782166cb1174d393676a11b298ff6fb1e833b30c2f45300897455b2ce7ce6cbae48e09119095ab2982fe1eec7865422737826bbc040373e9dcfc24308d1ec249d19ee604fe249c02acec1b285abf0a90a9f7224943f6a7beb914c98c788662e7a8b2861a2df9210ed9d5f566c2093bcc7bd01d991e669fcbdddd6b2ee5900c8a38292779f578d8536f91d0b6e5faf53bc9547a7cb43a3789938faaaf2a0d3ee7ffab42e7adc9718b82700190c2293d08cb0c7800fb3226d320ee3d63eee2fd6b02db297ff6a9eaa2f4f54554d1458f5c02ec34013f125a94ca97f955c35866b26af6ad2dbaf99e5d1b02a88b1734b9252a8bcab2c4d495a297b227d29d982bff5b9e9de49a7c3ccb63bf7c8b87519d61acf48ac4bee750ccfa62f33b9e8d9d5dc6dad9f0125308632b81767c42b39224d1b4c0dadc23b4eb4988354f2a94de4f81369cd267f71badf67bddffa6e2779d2ee867086ef901ddc2e6f55d82142cfc8e5fb6590c03a312d9b433ee571f048c724096a2fe265e4e7196b260fa0b53c97300307c6fc997f021c78ec413cdbe34564be4b9343de703fc45722cea7483c79157c51d24176e3dbc75a2abd94113a183cf22d709bcc2d83eaaf6d9a035480dea7edcda5f1ba346c8f2111c1ceff15bf5c9629a1ff0de09fa7575f89a4b894e8b4604b5cd81228984d09b4b459eb296bd048f68d974ef50d3af36f993713ba7a845bf9c0d2a2eca598abfc4a0c20af7aa56016c90fd2d32a6e25d21ac4c51a83d74334499336634d502ff48acfd77d0326fd87c55c98fabbc73f673326c8b466945f6be9bcd96c9e3b70d1ba046ae3e3a7339200961f1d0334e4caf693776efbf94b3787d428c6947d4998e5cf1c51430426be59e3d0b3b5835e11bbcc3d9e91a7c512737aa50e04c8f832ac53c338b4bdebc357fe3b374ec46f71ce2d5168fd23c4fe2ded13f94ef176eccecf5042cbfb4a00913ccd5285286021b323b28bc5409ea50d02bca9cae3410b9e2dc02c3dd0818fa40ffe780243420f7ad287a29851d435812f8434e9aca2c5af28f8752a206c3b9f0050ab5182f80c5598386b14200eb3d324bff72c1d53ff823d17a06b42145bace34fe4fb997eeaea79e2d0dd3d3d5f8167b9f2228ec362f673ba8549472757357f3c731cbcf57c2a113afe2c6df9d9375f327aaae65fe0da7eb91b5d233f7ba9230702e7b0a8aabb4cc450addd857d39d452c558fafd9d301079822e44a59715fce0f87cb3a0f381cfa4f8cef0a337e39a6a137bdcfb123ce4fe8aa9ddb562e4aec959a6982dfadbea38cb4c2e7b1242d9a90a9efca459eff5a7344773a45bedbdfae027be574f0e119f1938c750dac0cb7dfafdc8674593a36c79bfcebabe8772e793b336094", 0x1000) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000001480)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa}) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x20200, 0x0) getsockopt$inet6_mreq(r2, 0x29, 0x1f, &(0x7f00000012c0)={@dev, 0x0}, &(0x7f0000001300)=0x14) sendmsg$can_raw(r6, &(0x7f0000001400)={&(0x7f0000001340)={0x1d, r7}, 0x10, &(0x7f00000013c0)={&(0x7f0000001380)=@can={{0x1, 0x3f, 0xffff, 0x5}, 0x8, 0x2, 0x0, 0x0, "9a992742f4797c4b"}, 0x10}, 0x1, 0x0, 0x0, 0x40080}, 0x4) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r8 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r8, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r9 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000180)=""/239, 0xef) getdents64(r9, &(0x7f0000000000)=""/188, 0xbc) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) 07:39:01 executing program 6: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x100, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000100)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [], 0xd}, 0x4}, r1}}, 0x30) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'team0\x00'}) 07:39:01 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0), 0x100000331) ioctl(r1, 0x2, &(0x7f0000000200)="3d6a89e94e50df2cc1275c85581f25f56b73bc4a92c7c66f53ecb201cfb74d2329b1fc1bc31f4a73d359f31466f99155abdb2aaa36c4ef72d3bcabd70cba649e77e288b06701a829a842c5c8ad0e5bbd736b25d6c074177da2a103dd85a6495c3fe901032aa1851bb99d13dba99958f487803aef899621d7282f1c8542fdeafed1d3ece8fa9c5e0f6933c07a9f1af679a347f902663c76fb03d9cf55b7f0404101f07a0ee72ebf1f96b0487b0f1b16949c904a6c5085a380cc901796a76a6b178ff56130121fd279c8792a1661aca94e71ff8303af50fc42e220814b4be40e5e6808f1f1d7659256e8") ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00'}) close(r0) 07:39:01 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000000)={0x1f}, 0x8) r1 = memfd_create(&(0x7f0000000040)='\x00', 0x1) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f00000001c0), 0x0) fcntl$setstatus(r1, 0x4, 0x400) 07:39:01 executing program 3: r0 = socket$inet6(0xa, 0x40000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0xbff, 0x4) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r1, 0x8040ae69, &(0x7f0000000080)={0x800, 0x8001, 0x4, 0x1, 0x7262}) r2 = dup2(r1, r1) ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f00000000c0)={r0, r0, 0x6110, 0x1, &(0x7f0000000140)="031fcc7a8de675ce2dc3847710defe0597c362b7a662e2519e626902479eb781d7cf78da2995b579f10969d56cc2620542eb793bf2a4aa2d1b3d24bb5a3f94c04e663279a6e4264991beaeea004e2cb69d1cf39ae4c3be80f86c161445395c337e1ce79ba86354300e12885b0454dac5533afa960842c8446657449ceb61494921992a3c54bab2283fe5fd3bb6d5cdb1028a75da47248540278bae6a7e9595a6046e38da522556a9721b0bd09ce5cb758f175a2a8d4ab1caa4e68ce9b174f85b2100f1d852576cd6db00d8e5f5f7c506bc80a036b57a3fbb1353bb9d63f8403139c190c21aca57bdbf53142d94286bbe3f1c9d3ab96390dc0550d7296e8c721f3e79314a221418493fbd654371d7af1954b94ca29a63a129da2396a077a4be8b7c7165287e3c8602cae91d1280c6c53bcf47a8bb9f292fb2aeea869b4b3dd1c5824df146b1bcdbea937b56e0ea4b20230ebd53a6b2390e16178aa6c455fb4d1e7533be300df66ada0b205eaadde44ac9b1c8f148c1363f8f93455896fb82d7a3c0645c9d570879ef101d13cea2351bac29e96461576c1d793804ee8a891dba45c103eb7bac375fe07f6c90b46670a3f94739328a310c6b0f2aebb90639121ae84409ad32e5486207b14ab45102fbb51fde52bf328fa1f2870f4399ff684a73941fe8c81c46305f542a5299a5e430be2762cd1783f3df188d72a221f94fc3c4b16315ffded4410be9302f913c057fa56fc4439b94258488fc8bde3bd133ebc9c6f481fe530fe796a5567e4aef0d7b4c85935e3ee3b2d0f3673225ea45199e122ac0f027f548c39f427946c6b235b454d98e4232ef47dd82dd9d8a8df915dda52443db37e18d27083bd99c01b6a25401e4e1d7eb6492f047093d7523a5489466229929a21bde76af3099fd1ac5595e88198f39a04f420235952c34d96e0d37f66a125c620a457eb6ae38e6eeeed9b5d45762b49dcf3f6ab8574c9580d5eec3a421152ed5dbee853c7921b247be5b13d76d233f9fb675ae8cc85ff5e7a0b34c44d6b8098e13ed42c9326d0d7e50d436fb761e94c21041cb7086dfd9bd183b79d7c2969ba86aa849888aa87d72bdde1a3953c8be3f8d29850cafcfbd1942b1fedbc670b61bedeb915b63fd63c431c9f9f1854695b8b3cd4fa2aaf8111baee74dad8546242059ad0a8eb3ba47537e6e845d52475d2ae159d99fa5925070353fa7d39253bf8d54035f27c29a02cdfed0c5f7fadd907ed2442f51e25f703c795a61df7d5646ff69a119f312f25b87a36b0ed0356a41e442440d295e1b1f9866032a230a668080520b1dedc9108315c3b92d5b0527660215435494cd39deab44ea27d4498b20e5abc6a945c478aa405eb9398d55ea067796122e14d0bf7a48434032b797d280dcf7beee9d9de672c389d6cef86ec01c6ae57f0abc01365b97086e8f7cbd7a0a106f47a0acf0f26f8d2489de721ffcc926d9771359b2766184accff9037d5d76f025d58b8cbefa840e1b3d671dba182fe9ab8fde196aa697632d7b3d8e116d0eb2fee42ca3ccfd92b6ffdfa6750f525ea71438c5980056db40a2423235c067463cfe2364c2cfd5248d75b4e41798d6ef53b3d98c5cb2a0d6d301ea9a8beb7bdbe38eb9dbd4a760a9604af4a6e773dc9529b23a94802537dda1a1427e39902592372d05e34fa2a4e1d2cd1a5704b14d9870c72f8efb8a539e7c2ba05e519ee15f47903d4c906e693b944e99eb0cb5207684779c0eb383399c5089f31f5c277f8d21560dc15eadcdda3fa2a1c84b46d172cf1ffaf484cad1bfe0d1c1cc380bcb2326b06335b9f4e8244971be42e6de7118d94fd900f8f98573457ce72eff884ed1a5155eb38d7b64bd1fdfc0a76626bcfc2c65d36154ebb3e125c168823ed5c3a742d6ed5810867725e7376377b3aca5301ff3c955b383a5baabf179b6680cabfac94f5ec150417ec8981fbc7b86fe7ea7d365842f14928cee673f748faa874ef2dc3f4435ef591665079dfbdb20d280338fb1de5b86ccb87c574797a12c2e97fdeed7bcc8483a6c8a5b0f259fd180ee50739007a589e2f215171175eeea5871dbed74265650968c219d4df098592e2e60328cbf8e2eefdea6b4efb0786963fc20df25918f20a5dec13fbc97c355c66964cf6663362079cd664043ccc5d3b1c751c4db3de7bd944de78299ff1cd25f71cd386a04f803f2d293693398928c71fe56c4a0f91ec471a4c6d1ffb67583e98fc667b84373844cf5ad006011783f38a699f4ea5471fe3a5e776bfb9060f1fff22e8dc2e0a95a46e10f2e55c6df342eb7b59f66937645a6f333de34d0ecd664d6d1d44063b773c6a202756819bff8e3756fcca9f111ed0e179b0aa5a79149c3b6379d6c1d5e9f96f0799283da89ed8ee1323173de8228835f6f7b36ed0db17f8c3e11279d54c89e15ad2d9e425b6039c62a4e96f5ca745e06808acbf68c86c047c58ec7008209f16c602287e77b83d40a11eeeb6893368f983ef0a99697ec45f826d31aba11b558837f62813ad1537a58a191d549b3d8c55b9f345b9ad177204a3718f46a38711032ca1223f851bab3bfb95e75b694666c2d67e2021fa448ade883ce60aeaca1fd0df44fc41f129d0376b01c757aa22152273550a2295dbe10ab76b8eeded83bd0f93f492cc8c96cbc2218def0f89a9d436b2b80ec98adbda646900579678c6fcb1938b0c662d07425357ce633f4f133d884c2e235107fe6b5e0a1d5a00a45fda1f03c5d7228e6660c6af90d8bc42de517bcd8b0f5fb8e3592be0026fbc89106ce3e0a61f5ed561a5c79558e6fe8ed954766aecde919c95adfe09a90d3c60a5d014c6ec0ff5ba013d4b22304d3fcf0dc1f5674fd1d63084e040899c3cd47ee60ef0cf086884bc2c58342e7fe90e2024c22e3df8f87210b5142cbcc31997ad295cbda72b1a9498429e8fb37ab3f4bbacefe31d01702bb527fe814f1451d04e5834512e257927a880845cec8a95ff0cf5280be4cb0e78774d90667461780ab9a1cefb867781d67fc0e86627051f6d59c6d89b77cd948489a29de8a5a83e2e9fb8c70d7d45f187f241fbcfd0a31fe972bfd1391ea38663ce6ba03eb9d352aa6783d29868523f4ad4fb88c4ed58c291109805c185b37eed31ae5593af7bbee351f73c626ea2d77d52fbced485e67b9720d37f9021d3f31e1c4bbf12e4e96f2275bb4384adb17e6a912accf4ead4382e5b318749d56136790a464c90c508f21329c87cd98e8f8d8a650962f37390ca1507072c05e88277496fd4252c2540e9ce5aba062cf107dd1e38144186c1a622763ef319c4c653ea735d04570ad8affacc254ac3b5f5457ff7d3f268afa03ddadb13b751c84038bed2967ce006ca1e26371a627d5ff21ceebb8dbef32a7f81c6133845f778eecc313eede1d59bd7a64bb2e47ada053c99fd299024ee897e8d039774f68bad7b9d67ebdc8d2073fcb6bdfaa39280a08e1af5779d9e930b40712afccc8ca645fd6274c516c60640207c36b024cda7a9b628700b740d6077119e8b388d262def2a7d6c52493d5037e4dd7ce45e1d95032b2e3a10155e9f16e15818ae35b3438fb2c1127668fc78d70234d4ec7e25509b1fac93c4df7b1cfc219db544e17b343a549def367dce2542f5d35d533563eb0cabf7d15cbb059bba751c4f7897bf207109dfa969a3d6025b3fded2931c1f17d0a0c64994848a5f794b15dfb9c9e7303b05c72ba07cc442f23bdd0259c122a810d0b8bd7b0eeea11e86a32c566bdc80bb48ea8eff60a1ebafed9929633c95039ea40950c9818c6189169b9af76fd46df706acb5a2419ea62d9dd06d51ffb947b9c2e4b5107c50da0cfe82b5baefdb9e757b9c837cc52e05077cb87be4ae8b783ccd8f38e4860f2c2d454fd99076fd591f674aad09be01e6162f4fbd2af154339b351bf56ea444fd20daf4b6ff943f56a3b6a182088bb59d48ea33f28022184babd1f20bf761f1c1562fd4d5e58483e6e64e9e89d563250ecc77e081074c2deda2ed2c0b42224c92bb39717a7e36b5040cd09f15ed986a2880a3d44ec533eb43de32884a4a8470cafd2f67fd2dc4a368ed41e73f43eac12b14724d39097236c0ceba835180a9dfb7b69305f20950ed2880a357f21d4f240ad65f70617700620981c31608c703b228ad56101f68664659c9f29e8cbdddd8974a390167c042339a533c769499a4ba3e566b78bb8109418197e281c74b8d5c67942b14c9c01d6d2b90825a48113bc848849932cbb42a96046708febe26c65b9b03c38102ce1b40f295b964644d2eac8b64a322e732117cf1af389d07d1ebc4b8f9e788ef6a8224dfe4bebc291fa71ec0ddca1530bf0cd86e390e46b722bd6831f1d26684fab32c2d9d0ece9a0dd2c39c205b03190e3d7a0d0810598e547f82747788a655d89bcbc82f3b1abf2b4c277119d8bc727478776af69f54fea346fd57dd3204547b53253e7899e5ac0ebef7bd5cb237921a74b671255ca9b9df5edf22bd99e069277d3bf9d48874a4bd22eaee8ff29ee9092630e313517c7fbc9d161d588c28a32b778e270a803c2301482d41d26018bb21a7726e902a5827115de7ac7a236dc28cb3a16252409ffcd63a3e6afe47476b25acae28648b1149b8b31778362db2a608492e34b87069c83fa337e4b19f6e8862a2793809327f06a5dbd4ca29351084d6eb6926b493edad7422b5c1a77c9d43df3620aa5b714228ee4dac264d9645f9df4a85052bc8473b4d21d9857731abf70bf81c3b94e7bbc8480fb8e9bb60182e1a526115422415b822996cb35f7c4fa5fa07f27f7ed0cd233ae0d9706b5dcb3ca49cb4134ce8ab4c6095085387a207e9d8ff3a0b8d0723bb0f33cdc4353d333eee3852595e5167ebec1bf18a5c2f146e9fdc7148da739e623d174b6b826431541ce46a0f259b9bb7043d68034cc0795677ded07b78e1cf700dd26341c42f99123d68784129138be8d0e115ae3f8015771369dc3205aa42ad4bfa4514ca6ea8ce7b97a62feb8a83d85d6adbc4ce563d1b1c5e92f82746fd17a6083a722db3072eca963cdc747fd708ab601a2b3591f0918e286cf109366b393ad09a59fccc365d613c51c12ca5b95354b69630bf8061fa14754efc1e2a766df1a8ccdd5908347a125cfaa1f4f94bf8f6e49b1d8cee574a3f8744104ddf2bf793e752569ad86baa381ee7d73e2af9ecca49a1b74a708e7a497cfafd2193afcdf9c8d6fa25ee37029cf52cd70a4ba1218dd2cfee1f3856317c58456a79a7dfcc6b7e9069130284fcfa5b949073e522b9ae649865444ee6b5cc945f60ae7a8a4efe019545454114e4a99d0d49055e9dde3f059fbff40bc1b386e3e99dadc2dd5b37a003c3482fe94cf45f53b0ba7a4effc036e8d5075957b1e4bc7ab981580a407573883440f6f968829a85ad88536a0e5fc35a1cd2367e28d64cf4ccf6dca6e866930c845e93547d453f8acf3199333163794b889144376bfa0f54c64c4dff62167c2ecc5e72266a4342a9f76c77f2b601299d7e7cb780a71c8b94f3e4640ff1d4cbbeb452ad632e35a8ae08b43b8c901a59b8f9d3282c3ae058b933487053e82a667fef4d806a5dc4de8226b568cefcffd35e4e3bd1e5330ab930b1beb613f93146cc8b5e37566093ed7d878e8f500265d821efe552a87f04ecdb137131086d9a87e4f3b30f7b9b4280b79c5959b6fae406551ce74d2aede3e3a89a503909ad01fcd9c4fd274aafebe94d37ef05bec977293a6fe25c8e791965983e2448ec8c071ba27b4938bd74965ecb90452d1f0e7ded86c4f", 0xdd66, 0x81, 0x0, 0x83, 0x4, 0x40, 0x0, "984468f3bb88"}) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x4}, 0x1c) write$P9_RCLUNK(r2, &(0x7f0000001140)={0x7, 0x79}, 0xfffffffffffffde5) 07:39:01 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000100)="025cc83d6d345f8f762070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000080)=""/81) sendmmsg(0xffffffffffffffff, &(0x7f000000b0c0)=[{{&(0x7f0000004080)=@ax25={0x3, {"bc188afd7eb914"}}, 0x80, &(0x7f0000004300), 0x0, &(0x7f0000004340)}}], 0x1, 0x0) 07:39:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xa63084000000000, &(0x7f0000000400)}) 07:39:01 executing program 3: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x200, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040)=0xf8, &(0x7f0000000080)=0x4) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000140)=[0x24d1dcdc, 0x1]) r1 = getuid() r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$get_persistent(0x16, r1, r2) fstat(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, r2, r1, r3) r4 = fcntl$getown(r0, 0x9) ioprio_get$pid(0x1, r4) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000280)={0x0, 0x2}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000300)={r5}, &(0x7f0000000340)=0x8) r6 = syz_open_dev$mice(&(0x7f0000000380)='/dev/input/mice\x00', 0x0, 0x0) ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/fuse\x00', 0x2, 0x0) kcmp$KCMP_EPOLL_TFD(r4, r4, 0x7, r6, &(0x7f0000000400)={r6, r7, 0x80}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000440)={r5, 0x2}, &(0x7f0000000480)=0x8) keyctl$link(0x8, r2, r2) setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f00000004c0)={@multicast2=0xe0000002, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xc) ioctl$KDADDIO(r0, 0x4b34, 0x7) fcntl$addseals(r7, 0x409, 0x8) getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000500), 0x4) write$P9_RUNLINKAT(r0, &(0x7f0000000540)={0x7, 0x4d, 0x2}, 0x7) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000580)={0x4, [0x100000000, 0x8001, 0x6, 0x3ef]}, &(0x7f00000005c0)=0xc) write$FUSE_DIRENT(r6, &(0x7f0000000600)={0x1e0, 0x0, 0x7, [{0x3, 0x4, 0x11, 0x7ff, '/dev/qat_adf_ctl\x00'}, {0x2, 0x7f, 0xb, 0x0, 'eth0[}GPL\\#'}, {0x2, 0xb31, 0xa, 0x1ff, '/dev/fuse\x00'}, {0x2, 0x2, 0x10, 0x1, '/dev/input/mice\x00'}, {0x0, 0xc31, 0x11, 0xffffffffffff8000, '/dev/qat_adf_ctl\x00'}, {0x5, 0x6, 0x10, 0x10, '/dev/input/mice\x00'}, {0x6, 0x6, 0x3a, 0x10001, 'ppp1#-^nodevcpuseteth1selinux)procposix_acl_accesscgroup,%'}, {0x1, 0x2, 0x2, 0x3, '!!'}, {0x5, 0x7ff, 0xa, 0x5, '/dev/fuse\x00'}, {0x6, 0x100000000, 0x11, 0x8000, '/dev/qat_adf_ctl\x00'}]}, 0x1e0) ioctl$FICLONERANGE(r7, 0x4020940d, &(0x7f0000000800)={r7, 0x0, 0xa, 0x0, 0x3}) ioctl$EVIOCSREP(r6, 0x40084503, &(0x7f0000000840)=[0xfffffffffffffffd, 0x95f2]) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000880)='/dev/sequencer\x00', 0x101000, 0x0) write$P9_RFSYNC(r0, &(0x7f00000008c0)={0x7, 0x33, 0x1}, 0x7) 07:39:01 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = dup3(r0, r0, 0x74e4ecc06313c848) setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f0000000040)=0x5, 0x4) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000)=0x2) r2 = socket(0x400020000000010, 0x2, 0x0) write(r2, &(0x7f0000a1cf6c)="1f00000054000d0000000000fc07ff1b070404390000000007000100010039", 0x1f) 07:39:01 executing program 7: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0xffffffdffffffffd, 0x0, 0xffe}, 0x4) [ 691.818138] binder: 12390:12399 unknown command 0 [ 691.831807] binder: 12390:12399 ioctl c0306201 20000080 returned -22 07:39:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x20000, 0x0) ioctl$KVM_GET_XSAVE(r1, 0x9000aea4, &(0x7f0000000500)) sendmsg$nl_route(r0, &(0x7f00000004c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)=@newlink={0x30, 0x10, 0x301, 0x0, 0x0, {}, [@IFLA_LINKINFO={0xf, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4, 0x2}}}]}, 0x30}, 0x1}, 0x0) [ 691.862805] binder: BINDER_SET_CONTEXT_MGR already set 07:39:01 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x5, 0x5, 0x3) pipe2(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f00000003c0)=0x3) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f00000002c0)={'filter\x00', 0x4f, "10d84d81cf6699de097b6a668b4c0462881fee93c2a48e36dccae29514408d9c2276c884ef2ab3d6148a7fa265ad04df074f185280e1ff26d04b3caf89fe810edce7ef5effa93407ef8ce7ac591a4a"}, &(0x7f0000000340)=0x73) pselect6(0x40, &(0x7f0000f33fc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000000040), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f00000000c0), 0x8}) sendmsg$nl_netfilter(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x148, 0x6, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x9}, [@nested={0xcc, 0x67, [@generic="b8fee58cd20edb10bccf6ddff0c290b78d38dfdc4121e70980612e519ec1a084ef2fe1260fe8869c9056ccfda9bdc81cbb188cd1e6b2472cdb5cb863dbc6ff08073cdf071738b0c109f3d0ef4c7da4c413c250dd578ae2b2ac6d019eb4a3390e6c5eb39bc50fd242a29d51a3db9bf48e54c7ab56bf27c5930d6564071e4f19a5892acc726c59d20d40cddaf77450177b75e859db9e3149fe3329349f7865c704ec56a25d14785eaf6c0cb85683c97f20fdfdb85eb3afcd4a7f18056cc31f8c6c835709e6652658"]}, @generic="3f66dbc029f827dbc998ddb33fbf84b1198fd11cb26b8d87b8a85109fe5b6ffe6ab37b7cf54ca7b8ea1259a93857abce69160df5420bb735099da7d521876fd0d73a7912f4948f7f6d39798510aac70af29790ecde54d6d7abb33635354d0312b6da2dc86bd7"]}, 0x148}, 0x1, 0x0, 0x0, 0x40000}, 0x4008810) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000400)={'team0\x00', 0x0}) setsockopt$packet_drop_memb(r3, 0x107, 0x2, &(0x7f0000000440)={r4, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2}}, 0x10) 07:39:01 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x21d) ioctl(r0, 0xffffffffffff8000, &(0x7f0000000100)="dc2dbfba0f7f2e6aff4505d0ba9b38a1e560ec2aef85abc86771370867785b00c04cec9c24b4bbc4924305fea8f7dc8db39e1b8b81214851abde7257fb1edb19d1a0e58eb4899e7cec1c61c613c6df3425f3b42c10a592a04ee95aad52112d2c76bb283f05bc4af0cc7e0cef0dc2515397b9e2353d85ec00030e5223e371d3a2af6287a6bfdf56f2cb03e13b058b0c1995e5acaab022119ca1ef0ed1a879c1cd106befb901a4c5924676dbcbaa4a26fa15da7132493beb4aa29b7d56f060a09eacba10fab06a333d56a4557171a28cc4b4d9725cae611140f9d9c039d4948c33634b626f98ed") setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a933d559166593ae164c990a0", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000022c0)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000480)="7be9a97762e58724962cc8bc3fb3804f03a09bc13681ecb0a3ee919d30e07a1e", 0x20}], 0x1, &(0x7f0000000000)}], 0x1, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="b964bfc83828a03c9df4cb8afcfa92f633b787a6b9c6d7772352aa33f49f6bca6cc87f595297e49c469a1bc033034db189b703efe7a40212aada9257a60830819fab8e74240c49f88aa7abef906755aa0da0287be6c83d39db7a11e5411738af40fe7799cb4a456e5e59612d78ecb854eb61137cf92e1f87758c86bf3d02c5e01baa6c82a0487bee9a4bce6031881eaba0ef", 0x92) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000280)=""/129, 0x81}], 0x1) r2 = dup2(r0, r0) openat$cgroup_ro(r2, &(0x7f0000000000)='memory.stat\x00', 0x0, 0x0) [ 691.884475] PF_BRIDGE: br_mdb_parse() with invalid ifindex [ 691.890534] binder: 12390:12399 ioctl 40046207 0 returned -16 [ 691.907926] PF_BRIDGE: br_mdb_parse() with invalid ifindex [ 691.913831] netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'. [ 691.922812] binder: 12390:12405 unknown command 0 [ 691.927917] binder: 12390:12405 ioctl c0306201 20000080 returned -22 07:39:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0xb80b, &(0x7f0000000400)}) 07:39:01 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xfffffffffffffffa, 0x0) write$FUSE_POLL(r1, &(0x7f0000000040)={0x18, 0xffffffffffffffda, 0x4, {0x8001}}, 0x18) bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381b3010000ed5c54dbb7", 0x10) r2 = accept$alg(r0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") recvmmsg(r2, &(0x7f000000a700)=[{{0x0, 0x0, &(0x7f000000a680)=[{&(0x7f000000a580)=""/200, 0xc8}], 0x1}}], 0x40000000000015f, 0x0, 0x0) [ 692.008302] binder: 12431:12432 unknown command 0 [ 692.047355] binder: 12431:12432 ioctl c0306201 20000080 returned -22 [ 692.074450] binder: BINDER_SET_CONTEXT_MGR already set [ 692.084521] binder: 12431:12442 unknown command 0 [ 692.087414] binder: 12431:12432 ioctl 40046207 0 returned -16 [ 692.102863] binder: 12431:12442 ioctl c0306201 20000080 returned -22 [ 692.426371] bridge0: port 1(bridge_slave_0) entered blocking state [ 692.432761] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.439748] device bridge_slave_0 entered promiscuous mode [ 692.470559] bridge0: port 2(bridge_slave_1) entered blocking state [ 692.477016] bridge0: port 2(bridge_slave_1) entered disabled state [ 692.483951] device bridge_slave_1 entered promiscuous mode [ 692.504942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 692.532391] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 692.586958] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 692.608375] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 692.803792] FAULT_FLAG_ALLOW_RETRY missing 30 [ 692.808355] CPU: 0 PID: 12398 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 692.816830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.826171] Call Trace: [ 692.828749] dump_stack+0x1c9/0x2b4 [ 692.832364] ? dump_stack_print_info.cold.2+0x52/0x52 [ 692.837546] handle_userfault.cold.33+0x47/0x62 [ 692.842216] ? userfaultfd_ioctl+0x5430/0x5430 [ 692.846796] ? trace_hardirqs_on+0x10/0x10 [ 692.851016] ? lock_release+0xa30/0xa30 [ 692.854971] ? task_numa_work+0xf00/0xf00 [ 692.859100] ? cpu_load_update+0x380/0x380 [ 692.863340] ? userfaultfd_ctx_put+0x810/0x810 [ 692.867908] ? reweight_entity+0x7ed/0x1100 [ 692.872213] ? zap_class+0x740/0x740 [ 692.875910] ? trace_hardirqs_on+0x10/0x10 [ 692.880128] ? task_fork_fair+0x680/0x680 [ 692.884257] ? reweight_entity+0x1100/0x1100 [ 692.888646] ? zap_class+0x740/0x740 [ 692.892346] ? trace_hardirqs_on+0x10/0x10 [ 692.896567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.902090] ? lock_acquire+0x1e4/0x540 [ 692.906050] ? __handle_mm_fault+0x3a38/0x44a0 [ 692.910629] ? lock_downgrade+0x8f0/0x8f0 [ 692.914760] ? kasan_check_read+0x11/0x20 [ 692.918886] ? do_raw_spin_unlock+0xa7/0x2f0 [ 692.923275] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 692.927844] ? kasan_check_write+0x14/0x20 [ 692.932068] ? do_raw_spin_lock+0xc1/0x200 [ 692.936289] __handle_mm_fault+0x3a45/0x44a0 [ 692.940689] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 692.945514] ? kasan_check_read+0x11/0x20 [ 692.949646] ? lock_acquire+0x1e4/0x540 [ 692.953603] ? handle_mm_fault+0x417/0xc80 [ 692.957819] ? lock_downgrade+0x8f0/0x8f0 [ 692.961960] ? lock_release+0xa30/0xa30 [ 692.965914] ? rcu_note_context_switch+0x730/0x730 [ 692.970843] ? mem_cgroup_from_task+0xcb/0x1f0 [ 692.975410] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 692.980158] handle_mm_fault+0x53e/0xc80 [ 692.984209] ? __handle_mm_fault+0x44a0/0x44a0 [ 692.988769] ? find_vma+0x34/0x190 [ 692.992303] __do_page_fault+0x620/0xe50 [ 692.996351] ? mm_fault_error+0x380/0x380 [ 693.000480] do_page_fault+0xf6/0x8c0 [ 693.004261] ? vmalloc_sync_all+0x30/0x30 [ 693.008390] ? lock_acquire+0x1e4/0x540 [ 693.012346] ? __might_fault+0x12b/0x1e0 [ 693.016392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 693.021229] page_fault+0x1e/0x30 [ 693.024673] RIP: 0010:__get_user_4+0x21/0x30 [ 693.029056] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 693.048207] RSP: 0018:ffff8801d8d07538 EFLAGS: 00010202 [ 693.053552] RAX: 0000000020013e98 RBX: 1ffff1003b1a0eae RCX: ffffc90005630000 [ 693.060802] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 693.068062] RBP: ffff8801d8d07cb8 R08: 1ffff1003b1a0e84 R09: ffff8801d8d07260 [ 693.075322] R10: ffffed0032812299 R11: ffff8801940914cb R12: ffff880194091440 [ 693.082571] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 693.089835] ? __might_fault+0x1a3/0x1e0 [ 693.093882] ? sctp_setsockopt+0x1e13/0x6db0 [ 693.098271] ? get_futex_value_locked+0xcb/0xf0 [ 693.102922] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 693.108617] ? trace_hardirqs_on+0x10/0x10 [ 693.112836] ? futex_wake+0x760/0x760 [ 693.116620] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 693.121792] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 693.127309] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 693.132396] ? futex_wait+0x5d2/0xa20 [ 693.136183] ? perf_trace_lock+0xde/0x920 [ 693.140311] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 693.145491] ? zap_class+0x740/0x740 [ 693.149193] ? futex_wake+0x304/0x760 [ 693.152984] ? percpu_ref_put_many+0x119/0x240 [ 693.157547] ? lock_downgrade+0x8f0/0x8f0 [ 693.161676] ? lock_acquire+0x1e4/0x540 [ 693.165628] ? __fget+0x4ac/0x740 [ 693.169061] ? lock_downgrade+0x8f0/0x8f0 [ 693.173204] ? lock_release+0xa30/0xa30 [ 693.177166] ? lockdep_init_map+0x9/0x10 [ 693.181220] ? exit_robust_list+0x290/0x290 [ 693.185519] ? __mutex_init+0x1f7/0x290 [ 693.189476] ? __ia32_sys_membarrier+0x150/0x150 [ 693.194215] ? kasan_unpoison_shadow+0x35/0x50 [ 693.198777] ? __fget+0x4d5/0x740 [ 693.202215] ? ksys_dup3+0x690/0x690 [ 693.205909] ? lock_acquire+0x1e4/0x540 [ 693.209864] ? __fd_install+0x2b2/0x880 [ 693.213817] ? lock_downgrade+0x8f0/0x8f0 [ 693.217962] ? select_collect+0x610/0x610 [ 693.222088] ? lock_release+0xa30/0xa30 [ 693.226066] ? __fget_light+0x2f7/0x440 [ 693.230020] ? fget_raw+0x20/0x20 [ 693.233459] ? get_unused_fd_flags+0x1a0/0x1a0 [ 693.238025] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 693.243541] ? alloc_file_pseudo+0x281/0x3f0 [ 693.247928] ? alloc_file+0x430/0x430 [ 693.251716] sock_common_setsockopt+0x9a/0xe0 [ 693.256192] __sys_setsockopt+0x1c5/0x3b0 [ 693.260322] ? kernel_accept+0x310/0x310 [ 693.264363] ? do_futex+0x27d0/0x27d0 [ 693.268172] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 693.273702] ? fput+0x130/0x1a0 [ 693.276966] __x64_sys_setsockopt+0xbe/0x150 [ 693.281360] do_syscall_64+0x1b9/0x820 [ 693.285231] ? finish_task_switch+0x1d3/0x870 [ 693.289708] ? syscall_return_slowpath+0x5e0/0x5e0 [ 693.294619] ? syscall_return_slowpath+0x31d/0x5e0 [ 693.299530] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 693.304525] ? prepare_exit_to_usermode+0x291/0x3b0 [ 693.309520] ? perf_trace_sys_enter+0xb10/0xb10 [ 693.314180] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 693.319015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.324189] RIP: 0033:0x455ab9 [ 693.327359] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 693.346483] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 693.354175] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 693.361430] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 0000000000000015 [ 693.368681] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 693.375931] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 693.383185] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 [ 693.395581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 693.402417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 693.423095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 693.429968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 693.482246] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 693.489397] team0: Port device team_slave_0 added [ 693.645138] FAULT_FLAG_ALLOW_RETRY missing 30 [ 693.649737] CPU: 1 PID: 12398 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 693.658212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 693.667546] Call Trace: [ 693.670124] dump_stack+0x1c9/0x2b4 [ 693.673735] ? dump_stack_print_info.cold.2+0x52/0x52 [ 693.678908] ? kasan_check_write+0x14/0x20 [ 693.683136] ? do_raw_spin_lock+0xc1/0x200 [ 693.687364] handle_userfault.cold.33+0x47/0x62 [ 693.692022] ? userfaultfd_ioctl+0x5430/0x5430 [ 693.696587] ? trace_hardirqs_on+0x10/0x10 [ 693.700801] ? lock_release+0xa30/0xa30 [ 693.704756] ? task_numa_work+0xf00/0xf00 [ 693.708886] ? cpu_load_update+0x380/0x380 [ 693.713108] ? userfaultfd_ctx_put+0x810/0x810 [ 693.717673] ? reweight_entity+0x7ed/0x1100 [ 693.721978] ? __account_cfs_rq_runtime+0x770/0x770 [ 693.726987] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 693.732507] ? should_fail+0x246/0xd86 [ 693.736375] ? trace_hardirqs_on+0x10/0x10 [ 693.740589] ? task_fork_fair+0x680/0x680 [ 693.744715] ? reweight_entity+0x1100/0x1100 [ 693.749114] ? __account_cfs_rq_runtime+0x770/0x770 [ 693.754125] ? trace_hardirqs_on+0x10/0x10 [ 693.758353] ? set_next_entity+0x2dd/0xb00 [ 693.762568] ? dequeue_entity+0x400/0x15e0 [ 693.766783] ? lock_release+0xa30/0xa30 [ 693.770736] ? lock_release+0xa30/0xa30 [ 693.774691] ? update_load_avg+0x27d0/0x27d0 [ 693.779084] ? lock_acquire+0x1e4/0x540 [ 693.783041] ? __handle_mm_fault+0x3a38/0x44a0 [ 693.787606] ? lock_downgrade+0x8f0/0x8f0 [ 693.791736] ? kasan_check_read+0x11/0x20 [ 693.795864] ? do_raw_spin_unlock+0xa7/0x2f0 [ 693.800254] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 693.804831] ? kasan_check_write+0x14/0x20 [ 693.809047] ? do_raw_spin_lock+0xc1/0x200 [ 693.813276] __handle_mm_fault+0x3a45/0x44a0 [ 693.817680] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 693.822518] ? kasan_check_read+0x11/0x20 [ 693.826648] ? lock_acquire+0x1e4/0x540 [ 693.830613] ? handle_mm_fault+0x417/0xc80 [ 693.834834] ? lock_downgrade+0x8f0/0x8f0 [ 693.838963] ? lock_release+0xa30/0xa30 [ 693.842917] ? rcu_note_context_switch+0x730/0x730 [ 693.847831] ? mem_cgroup_from_task+0xcb/0x1f0 [ 693.852391] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 693.857132] handle_mm_fault+0x53e/0xc80 [ 693.861178] ? __handle_mm_fault+0x44a0/0x44a0 [ 693.865752] ? find_vma+0x34/0x190 [ 693.869274] __do_page_fault+0x620/0xe50 [ 693.873315] ? mm_fault_error+0x380/0x380 [ 693.877445] do_page_fault+0xf6/0x8c0 [ 693.881224] ? vmalloc_sync_all+0x30/0x30 [ 693.885385] ? schedule+0xfb/0x450 [ 693.888907] ? lock_acquire+0x1e4/0x540 [ 693.892861] ? __might_fault+0x12b/0x1e0 [ 693.896901] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 693.901733] page_fault+0x1e/0x30 [ 693.905182] RIP: 0010:__get_user_4+0x21/0x30 [ 693.909573] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 693.928704] RSP: 0018:ffff8801d8d07538 EFLAGS: 00010202 [ 693.934052] RAX: 0000000020013e98 RBX: 1ffff1003b1a0eae RCX: ffffc90005630000 [ 693.941304] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 693.948551] RBP: ffff8801d8d07cb8 R08: 1ffff1003b1a0e84 R09: 0000000000000000 [ 693.955808] R10: ffffed00321452d1 R11: ffff880190a2968b R12: ffff880190a29600 [ 693.963066] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 693.970327] ? __might_fault+0x1a3/0x1e0 [ 693.974372] ? sctp_setsockopt+0x1e13/0x6db0 [ 693.978771] ? get_futex_value_locked+0xcb/0xf0 [ 693.983424] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 693.989128] ? trace_hardirqs_on+0x10/0x10 [ 693.993351] ? futex_wake+0x760/0x760 [ 693.997140] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 694.002314] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 694.007831] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 694.012913] ? futex_wait+0x5d2/0xa20 [ 694.016702] ? futex_wait_setup+0x410/0x410 [ 694.021016] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 694.026189] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 694.031717] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 694.036814] ? futex_wake+0x304/0x760 [ 694.040595] ? packet_getname+0x5f0/0x5f0 [ 694.044723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.050244] ? mmap_region+0x70e/0x1da0 [ 694.054197] ? lock_downgrade+0x8f0/0x8f0 [ 694.058328] ? lock_acquire+0x1e4/0x540 [ 694.062284] ? __fget+0x4ac/0x740 [ 694.065716] ? lock_downgrade+0x8f0/0x8f0 [ 694.069843] ? lock_release+0xa30/0xa30 [ 694.073811] ? lockdep_init_map+0x9/0x10 [ 694.077852] ? exit_robust_list+0x290/0x290 [ 694.082175] ? __fget+0x4d5/0x740 [ 694.085609] ? ksys_dup3+0x690/0x690 [ 694.089318] ? sock_write_iter+0x42f/0x5c0 [ 694.093532] ? sock_sendmsg+0x120/0x120 [ 694.097489] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 694.103017] ? iov_iter_init+0xc9/0x1f0 [ 694.106974] ? __fget_light+0x2f7/0x440 [ 694.110927] ? fget_raw+0x20/0x20 [ 694.114360] ? kernel_read+0x120/0x120 [ 694.118231] ? userfaultfd_read+0x2c0/0x2c0 [ 694.122546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.128073] ? ioctl_preallocate+0x300/0x300 [ 694.132465] sock_common_setsockopt+0x9a/0xe0 [ 694.136943] __sys_setsockopt+0x1c5/0x3b0 [ 694.141073] ? kernel_accept+0x310/0x310 [ 694.145115] ? do_futex+0x27d0/0x27d0 [ 694.148898] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 694.154415] ? fput+0x130/0x1a0 [ 694.157676] __x64_sys_setsockopt+0xbe/0x150 [ 694.162065] do_syscall_64+0x1b9/0x820 [ 694.165932] ? finish_task_switch+0x1d3/0x870 [ 694.170409] ? syscall_return_slowpath+0x5e0/0x5e0 [ 694.175324] ? syscall_return_slowpath+0x31d/0x5e0 [ 694.180254] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 694.185250] ? prepare_exit_to_usermode+0x291/0x3b0 [ 694.190261] ? perf_trace_sys_enter+0xb10/0xb10 [ 694.194922] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 694.199754] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.204922] RIP: 0033:0x455ab9 [ 694.208097] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 694.227234] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 694.234923] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 694.242179] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 000000000000001c [ 694.249427] RBP: 000000000072bea0 R08: 0000000000000004 R09: 0000000000000000 [ 694.256689] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 694.263940] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000000 [ 694.278259] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 694.285770] team0: Port device team_slave_1 added [ 694.310040] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 694.331532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 694.352711] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 694.359797] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 694.367615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 694.384642] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 694.391698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 694.400456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 694.564401] bridge0: port 2(bridge_slave_1) entered blocking state [ 694.570801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 694.577413] bridge0: port 1(bridge_slave_0) entered blocking state [ 694.583775] bridge0: port 1(bridge_slave_0) entered forwarding state [ 694.590912] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 695.182940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 695.244473] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 695.304517] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 695.310704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 695.317656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 695.374484] 8021q: adding VLAN 0 to HW filter on device team0 [ 695.412283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 07:39:06 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000fb6000)=""/28, 0x3f0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000003c0)={0xbf}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0x40505331, &(0x7f0000000140)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=0x0) timer_create(0x4, &(0x7f00000000c0)={0x0, 0x32, 0x4, @tid=r1}, &(0x7f0000000240)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f00000001c0)) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f00000002c0), &(0x7f0000000340)}}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vsock\x00', 0x1, 0x0) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000000340)={0x17, 0x6b, &(0x7f00000002c0)="3098f66bb40a5a58b48bb3595f51ac4781c74138caddb7665cbd01dfd9c12d2e8b1fa92f52a46f5d90c73f95952dea9112c3798e2ca32be831a4199aa4f7be26b81f6ab83c9fb2cf5f251f11abad0b3164ee7f22c482923cda699791bd67c123a45da27ce1d4a3dc25d61b"}) tkill(r2, 0x1000000000013) 07:39:06 executing program 0: r0 = socket$inet6(0xa, 0x21, 0x8010000000000081) sendto$inet6(r0, &(0x7f0000000000)="e2", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x3fff, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x2}, 0x1c) listen(r0, 0xffffffffffffff7f) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c}) accept(r0, &(0x7f00000000c0)=@can, &(0x7f0000000280)=0xfd31) 07:39:06 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getpeername$unix(r0, &(0x7f0000000200)=@abs, &(0x7f00000002c0)=0x6e) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x6}, 0x1c) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000d00)="8e2698685b9750dcc19fd4085e1f5261") sendmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000000680), 0x3ba, &(0x7f0000002000)=[{0x10}], 0x10}}], 0x2, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000100)={r1, 0x100, 0x4, [0x2, 0x6, 0x0, 0x4]}, 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000b18000)={{0xffffff94}}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) 07:39:06 executing program 7: timer_create(0x9, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000080)}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240)) r0 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x4) ioctl(r0, 0xfff, &(0x7f0000000280)="ecfb34a2f0d5b3dcf9e7154add948b575047170c8e97af9dd301f49192970b35b8ff7cf0a678a5968e970f3214cb588315133097609c9c98c40cfae4bbd142fd26d7093c70d6d1c856be7eab8d90832ad305d53240d369050e0745751f2a6274e7ec7a56004abf7282f286b446c4517f256b0c8a45e03fe53f07b785bdc7d1ac7dc16667bace4f2159bcc0073d08fbfdb87ccf705a598bb472c2f9125e7a6f9959c61ce8717368d13e763e2b9d7dc06fb1a36b7b00e340734e58ec2636a99c71d4945b3085c685ecac6589f20746d9f4b270161d38f8864727e9b696d0e4c0d136460119202eb14e5eb0f883f3e08bd4e2ba") 07:39:06 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x44}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1, 0x44}], {0x95}}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x3, 0x800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='hash\x00', r0}, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000300)={0xffffffffffffffff}, 0x117}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000380)={0x7, 0x8, 0xfa00, {r3, 0x1ff}}, 0x10) write$FUSE_GETXATTR(r1, &(0x7f00000002c0)={0x18, 0x0, 0x4}, 0x18) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000100)=0x14) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xcc, r2, 0x810, 0x70bd2c, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0xb0, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7fff}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1000}}}]}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4}, 0x20000084) ioctl$TIOCCBRK(r1, 0x5428) 07:39:06 executing program 6: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0x8, &(0x7f0000001000)=ANY=[@ANYBLOB="7a0af8ff40000000bfa100000000000007010000f8ffffffb702000000000000bf130000000000008500000008000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00'}, 0x48) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) 07:39:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x12, &(0x7f0000000400)}) 07:39:06 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000014000/0x2000)=nil, 0x2000, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = syz_open_dev$sndpcmp(&(0x7f00000002c0)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(r3, 0x400448c9, &(0x7f0000000300)={{0x3, 0x9, 0x3, 0x1f, 0x80000001, 0x1}, 0x3}) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000140)=0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f00000003c0)=ANY=[@ANYBLOB="fe2f957a822c7420e805ec6ed2947ac108d805cf99de8264f9e9475b404b9e39e311b461a8ea76ca9bcc96c436d65b6370eda0bf6d1c38c1c8a745490c8ae6e66cf7cfb4e18d24", @ANYRESHEX=r1, @ANYBLOB="fd7b6e7301c3a9c1ead0210f6885e74f2c226c103183de21524c3a78be9e7fcfa4ffb274fa73d1107bb76e982d7d3391129210ef1430e54c90cc31331d2d087694528b4fb00697e0708106bebdbd6e7c5ccf28627848aa644afcd4", @ANYPTR64=&(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYRES64=r0, @ANYPTR=&(0x7f0000000340)=ANY=[@ANYRES64, @ANYPTR, @ANYRESHEX=r4, @ANYRES32=r0, @ANYRES64=r3, @ANYPTR]], @ANYRES16=0x0], 0x5) r5 = socket$netlink(0x10, 0x3, 0x1) r6 = getpid() sched_setattr(r6, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r7 = userfaultfd(0x0) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x40}) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r8 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r8, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) ptrace$setsig(0x4203, r6, 0x800, &(0x7f0000000280)={0x13, 0x1, 0x101}) unlink(&(0x7f00000000c0)='./control/file0\x00') r9 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r9, &(0x7f0000000180)=""/239, 0xef) getdents64(r9, &(0x7f0000000000)=""/188, 0xbc) write(r5, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) close(r0) close(r1) [ 696.561188] binder: 12712:12722 unknown command 0 [ 696.563817] 9pnet: Insufficient options for proto=fd [ 696.567011] binder: 12712:12722 ioctl c0306201 20000080 returned -22 [ 696.595297] binder: BINDER_SET_CONTEXT_MGR already set 07:39:06 executing program 7: mkdir(&(0x7f0000000300)='./control\x00', 0x0) mmap(&(0x7f0000012000/0x2000)=nil, 0x2000, 0xfffffffffffffffd, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) getdents64(r2, &(0x7f00000002c0)=""/41, 0x29) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) r4 = dup2(r3, r2) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000080)={0x0, 0xaa49, 0x59a3, 0x7, 0x3, 0x7, 0x78, 0x7f, {0x0, @in6={{0xa, 0x4e20, 0x81, @mcast1={0xff, 0x1, [], 0x1}, 0xfffffffffffff801}}, 0x0, 0x3, 0x4, 0x6, 0x8}}, &(0x7f0000000140)=0xb0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000180)={0xa48bd51, 0xf8a, 0x8002, 0xa2, 0x3fe96adc, 0xffff, 0x9, 0x61, r5}, &(0x7f00000001c0)=0x20) close(r0) 07:39:06 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000000)=ANY=[@ANYBLOB="684fbbeed0e857a26f1889c0448f1af54631455115923f0b75edf5afe3c87ba3b0157bc8789ee54179d8fa517fbaac60d79734f8adbded503953fb01fa6c43057971b3fe072fed8e430f087c89afbc5bfda4f347f83e5248254f42357738b28b4b7081d7dd3175b8ea4f76fba3ae6c25b5fc2f"], 0x1) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x4000, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f00000000c0)={0x3, "92e423"}, 0x4) setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000280)=0x2, 0x1) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000140)={'mangle\x00', 0xc9, "74787a8da47c9289fdf6024d72151495586e76cd741ddc201611772765e91db61bc14ea32f66db15af1272ea15c925aebe3867f25abe898f194ab98352fa63536e2f58753ee007b782db71abf23f8b6fc09d6ee1132b5c48b714408f30f16228d18373476895c1be8a849044547876eb3314c5bdada37d5a7c0b9b0b3539e24c087d3767435881c72196c1cf2d7716dc01dbf5b18275a74fa9dcc8690af4e08faef6e182668e15c51bf5ccc26903bca89a544ffc4b8d4df54a507f749b0a6a747df5fc7c18ee8ec6eb"}, &(0x7f0000000240)=0xed) setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f0000000100), 0x4) 07:39:06 executing program 6: socket$inet6(0xa, 0x1000000000002, 0x0) syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() dup(r0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000400)='/dev/snd/pcmC#D#p\x00', 0x3ff, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x9, 0x20}, &(0x7f0000000200)=0xc) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz1\'', 0x1ff) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, &(0x7f00000007c0)={0x14a, {{0x2, 0x0, @rand_addr=0xff0000000}}}, 0x88) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000000)={0x7}, 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e21, @broadcast=0xffffffff}}}, 0x84) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x1b, &(0x7f0000e95fe0)={@remote={0xfe, 0x80, [], 0xbb}}, 0x20) 07:39:06 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x440000, 0x0) write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYRESHEX=r0, @ANYPTR64=&(0x7f0000000440)=ANY=[@ANYPTR64=&(0x7f0000000540)=ANY=[@ANYRES16=r0, @ANYRES64, @ANYBLOB="bf9abfa023b018226b414885ff729e40934679430862074fd718ea236969c0e5a3f9dc8d88f837f1d47bb13915575f78deff5b5d9603a83f224f6ca3430cb0794db5b702191a557c5bdf2350900cd15fe655e97516da11c0511df305a2e87a1dbf1929539f80fc0949d8ce0a", @ANYRES32=r0, @ANYBLOB="7667df04ba983d937de20133ef6f4e27b82cd7964faae08c22e6c0732cc1f8cb5bf9c18c686898c5b4675f9b7c552fcdf7eb020ee081fa981b7d294dd568765bad5f5cae04a7321f5519a4a441d103ab7daaf651ea05912b956bbfeddb114d6642c6698a1f3400eda2a5d4fad9dc46c09811ccd50dd9fd9ef654f35f17503e36b3"], @ANYRES32=r0, @ANYBLOB="10a5c44b04694fefc76876a07d377725c44bb39e30e7d6cb341e20fb773eb648a49513daed89d0dd5b7fa44afaad58471165fde7130d83a8533d9de78d41ad89a401a2e1cc98b7d8dca0ee720305c44240f317cc88785fc9fd434d6e474be2619f937a46348b51bbc79cc8ffbd1e2c2fdde1e9464af705abf48e22418e026eea94a6212f7967e926ddb22b40577306699f5b2a8da84b46d8d63bf9dc5973abf3cf48af31ec9a1ad88f4bfb", @ANYPTR, @ANYRESDEC=0x0, @ANYPTR=&(0x7f0000000140)=ANY=[@ANYRES64=r0, @ANYPTR, @ANYPTR64, @ANYRESHEX=r0]], @ANYRES16=0x0], 0x4) getpgrp(0xffffffffffffffff) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) r1 = fcntl$getown(r0, 0x9) r2 = syz_open_procfs(r1, &(0x7f0000000300)='fdinfo\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000200)='schedstat\x00') sendfile(r2, r3, &(0x7f0000000700), 0x1) 07:39:06 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8915, &(0x7f0000000280)="025cc83d6d345f8f762070") fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000240)) r1 = socket(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[]}, 0x1}, 0x0) recvfrom$llc(r1, &(0x7f0000000800)=""/4096, 0x1000, 0x0, &(0x7f0000000300)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local={0x1, 0x80, 0xc2}}, 0x10) getsockname(r1, &(0x7f0000000080)=@ethernet={0x0, @remote}, &(0x7f0000000100)=0x80) recvmsg(r1, &(0x7f00000001c0)={&(0x7f0000000000)=@generic, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000740)=""/190, 0x9f}, 0x0) write(r1, &(0x7f0000000140)="240000005a001f00ff03f4f9002304000a04f51108000100020100020800028001000000", 0x24) setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f0000000180)={0x0, @broadcast=0xffffffff, 0x4e24, 0x4, 'fo\x00', 0x2, 0x60, 0x59}, 0x2c) [ 696.608672] binder: 12712:12722 ioctl 40046207 0 returned -16 [ 696.615913] 9pnet: Insufficient options for proto=fd [ 696.625859] binder: 12712:12728 unknown command 0 [ 696.644489] binder: 12712:12728 ioctl c0306201 20000080 returned -22 07:39:06 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x11b, 0x3e5, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x2000, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_mount_image$gfs2(&(0x7f0000000140)='gfs2\x00', &(0x7f0000000780)='./file0\x00', 0x0, 0x2, &(0x7f0000002a00)=[{&(0x7f00000007c0)}, {&(0x7f0000001940)}], 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00092714e9449ea64e612b9547ac2a5081b6bec4383518ea463060dcaf5abd0da1a184ef18dd961a1a7a81d46e00c1e4fffbd7911cc335c7"]) socket$bt_hidp(0x1f, 0x3, 0x6) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x400, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) 07:39:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x68, &(0x7f0000000400)}) 07:39:06 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) open_by_handle_at(r1, &(0x7f0000000200)={0x4f, 0x1, "722438c557e6a4a932a1a3d1b1ae4e28ae54e4ffc3dd6bd972418bbe759352ca64c7ad1ac1d98eb17f0c104b0d7a472f63b73ad0fb4f919a6d583279e5c07e682c7b35bf6bf938"}, 0x400) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) bind$alg(r2, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha1\x00'}, 0x58) tkill(r3, 0x1000000000016) sendfile(r0, r0, &(0x7f0000000100), 0x8) [ 696.736284] binder: 12750:12751 unknown command 0 [ 696.744594] binder: 12750:12751 ioctl c0306201 20000080 returned -22 [ 696.751380] gfs2: not a GFS2 filesystem [ 696.751779] binder: BINDER_SET_CONTEXT_MGR already set [ 696.768878] binder: 12750:12751 ioctl 40046207 0 returned -16 [ 696.770435] gfs2: not a GFS2 filesystem [ 696.781257] binder: 12750:12758 unknown command 0 [ 696.786361] binder: 12750:12758 ioctl c0306201 20000080 returned -22 [ 697.497032] Unknown ioctl 1074808211 [ 697.685215] Unknown ioctl 1074808211 [ 697.745028] FAULT_FLAG_ALLOW_RETRY missing 30 [ 697.745097] FAULT_FLAG_ALLOW_RETRY missing 30 [ 697.749606] CPU: 1 PID: 12773 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 697.762554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 697.771897] Call Trace: [ 697.774487] dump_stack+0x1c9/0x2b4 [ 697.778107] ? dump_stack_print_info.cold.2+0x52/0x52 [ 697.783291] ? kasan_check_write+0x14/0x20 [ 697.787514] ? do_raw_spin_lock+0xc1/0x200 [ 697.791743] handle_userfault.cold.33+0x47/0x62 [ 697.796404] ? userfaultfd_ioctl+0x5430/0x5430 [ 697.800974] ? trace_hardirqs_on+0x10/0x10 [ 697.805210] ? kasan_check_read+0x11/0x20 [ 697.809347] ? perf_trace_lock+0xde/0x920 [ 697.813486] ? trace_hardirqs_on+0x10/0x10 [ 697.817714] ? userfaultfd_ctx_put+0x810/0x810 [ 697.822289] ? __save_stack_trace+0x8d/0xf0 [ 697.826599] ? zap_class+0x740/0x740 [ 697.830303] ? trace_hardirqs_on+0x10/0x10 [ 697.834538] ? perf_trace_lock+0xde/0x920 [ 697.838675] ? plist_check_prev_next+0x115/0x1b0 [ 697.843421] ? trace_hardirqs_on+0x10/0x10 [ 697.847648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.853174] ? lock_release+0xa30/0xa30 [ 697.857139] ? lock_acquire+0x1e4/0x540 [ 697.861105] ? __handle_mm_fault+0x3a38/0x44a0 [ 697.865678] ? lock_downgrade+0x8f0/0x8f0 [ 697.869835] ? kasan_check_read+0x11/0x20 [ 697.873971] ? do_raw_spin_unlock+0xa7/0x2f0 [ 697.878368] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 697.882939] ? kasan_check_write+0x14/0x20 [ 697.887162] ? do_raw_spin_lock+0xc1/0x200 [ 697.891388] __handle_mm_fault+0x3a45/0x44a0 [ 697.895788] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 697.900621] ? kasan_check_read+0x11/0x20 [ 697.904759] ? lock_acquire+0x1e4/0x540 [ 697.908725] ? handle_mm_fault+0x417/0xc80 [ 697.912947] ? lock_downgrade+0x8f0/0x8f0 [ 697.917087] ? lock_release+0xa30/0xa30 [ 697.921051] ? rcu_note_context_switch+0x730/0x730 [ 697.925971] ? mem_cgroup_from_task+0xcb/0x1f0 [ 697.930551] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 697.935301] handle_mm_fault+0x53e/0xc80 [ 697.939352] ? __handle_mm_fault+0x44a0/0x44a0 [ 697.943922] ? find_vma+0x34/0x190 [ 697.947452] __do_page_fault+0x620/0xe50 [ 697.951506] ? mm_fault_error+0x380/0x380 [ 697.955643] do_page_fault+0xf6/0x8c0 [ 697.959434] ? vmalloc_sync_all+0x30/0x30 [ 697.963593] ? lock_acquire+0x1e4/0x540 [ 697.967556] ? __might_fault+0x12b/0x1e0 [ 697.971618] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 697.976451] page_fault+0x1e/0x30 [ 697.979899] RIP: 0010:__get_user_4+0x21/0x30 [ 697.984300] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 d8 13 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 698.003522] RSP: 0018:ffff880196f17538 EFLAGS: 00010202 [ 698.008872] RAX: 0000000020013e98 RBX: 1ffff10032de2eae RCX: ffffc90008045000 [ 698.016126] RDX: ffffffffffffffff RSI: ffffffff81abfb23 RDI: 0000000000000282 [ 698.023383] RBP: ffff880196f17cb8 R08: 1ffff10032de2e84 R09: ffff880196f17260 [ 698.030650] R10: ffffed0038d4cdc1 R11: ffff8801c6a66e0b R12: ffff8801c6a66d80 [ 698.037917] R13: 0000000000000084 R14: dffffc0000000000 R15: 0000000000000004 [ 698.045182] ? __might_fault+0x1a3/0x1e0 [ 698.049236] ? sctp_setsockopt+0x1e13/0x6db0 [ 698.053638] ? get_futex_value_locked+0xcb/0xf0 [ 698.058309] ? sctp_setsockopt_paddr_thresholds+0x560/0x560 [ 698.064009] ? trace_hardirqs_on+0x10/0x10 [ 698.068231] ? futex_wake+0x760/0x760 [ 698.072019] ? kasan_check_read+0x11/0x20 [ 698.076158] ? rcu_is_watching+0x8c/0x150 [ 698.080296] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 698.085481] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 698.091017] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 698.096106] ? futex_wait+0x5d2/0xa20 [ 698.099900] ? perf_trace_lock+0xde/0x920 [ 698.104035] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 698.109214] ? zap_class+0x740/0x740 [ 698.113000] ? futex_wake+0x304/0x760 [ 698.116798] ? zap_class+0x740/0x740 [ 698.120500] ? percpu_ref_put_many+0x119/0x240 [ 698.125069] ? lock_downgrade+0x8f0/0x8f0 [ 698.129206] ? lock_acquire+0x1e4/0x540 [ 698.133168] ? __fget+0x4ac/0x740 [ 698.136610] ? lock_downgrade+0x8f0/0x8f0 [ 698.140746] ? lock_release+0xa30/0xa30 [ 698.144710] ? exit_robust_list+0x290/0x290 [ 698.149019] ? __fget+0x4d5/0x740 [ 698.152465] ? ksys_dup3+0x690/0x690 [ 698.156169] ? lock_acquire+0x1e4/0x540 [ 698.160131] ? __fget+0x4d5/0x740 [ 698.163574] ? ksys_dup3+0x690/0x690 [ 698.167275] ? __fget_light+0x2f7/0x440 [ 698.171234] ? fget_raw+0x20/0x20 [ 698.174678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.180203] ? snd_pcm_ioctl+0x90/0xc0 [ 698.184076] ? snd_pcm_common_ioctl+0x2230/0x2230 [ 698.188907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.194430] ? do_vfs_ioctl+0x201/0x1720 [ 698.198483] ? alloc_file_pseudo+0x281/0x3f0 [ 698.202881] ? ioctl_preallocate+0x300/0x300 [ 698.207290] sock_common_setsockopt+0x9a/0xe0 [ 698.211783] __sys_setsockopt+0x1c5/0x3b0 [ 698.215919] ? kernel_accept+0x310/0x310 [ 698.219987] ? do_futex+0x27d0/0x27d0 [ 698.223778] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 698.229299] ? fput+0x130/0x1a0 [ 698.232567] __x64_sys_setsockopt+0xbe/0x150 [ 698.236965] do_syscall_64+0x1b9/0x820 [ 698.240840] ? syscall_return_slowpath+0x5e0/0x5e0 [ 698.245755] ? syscall_return_slowpath+0x31d/0x5e0 [ 698.250673] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 698.255680] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 698.260515] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.265688] RIP: 0033:0x455ab9 [ 698.268858] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 698.288079] RSP: 002b:00007f9d30f80c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 698.295784] RAX: ffffffffffffffda RBX: 00007f9d30f816d4 RCX: 0000000000455ab9 [ 698.303299] RDX: 0000000000000008 RSI: 0000000000000084 RDI: 000000000000001b [ 698.310552] RBP: 000000000072c140 R08: 0000000000000004 R09: 0000000000000000 [ 698.317808] R10: 0000000020013e95 R11: 0000000000000246 R12: 00000000ffffffff [ 698.325063] R13: 00000000004c7138 R14: 00000000004d2640 R15: 0000000000000004 [ 698.332333] CPU: 0 PID: 12721 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 07:39:08 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b707000001001b05507000000003e0ffbf700000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000740)=r0, 0x4) sendmsg(r1, &(0x7f00000008c0)={&(0x7f0000000780)=@sco={0x1f}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000140)="3cbd72b4cc330c36fc2f12405437fb81a9188529d3", 0x15}, {&(0x7f0000000180)="93a5742e885954aed3c7548c6e862e75fa6faea06c6ebb3fe274e1c62089e3a8ab0f7d9bad4cbe011c85c0302c7f16b2a3706baa49974a2f121df3bed25a60ed8c6803c3aeb8a8a4d3291bbc3c40fbc0fbfb6422316a54d1365d035a262f9b1fa098ad1be8c6ec546c0c9063a43f3f2bb7305b79c78019176f9e27b09f83820ea7bd6be31ea27a46369a4f3eafe952d2a49d6a239c03aef060e32f171bf46cc1b6", 0xa1}, {&(0x7f0000000240)="d105caf68b5ce4d96cdd9ed843833343da25edf83fdfd75dbc53cc8e2f9bc44f41c795c561ad3610099e6b0f158488bfe55743df15befca01fc96469a1696778434ede70e5da21057cbed57d66038043b99976a2f8f5b53d88234c83075f4d1359501194cbe6f68baeb92849", 0x6c}, {&(0x7f00000002c0)}, {&(0x7f0000000300)="8ea3b21b77969563a28db17c2768b1817e", 0x11}], 0x5, &(0x7f0000001040)}, 0x0) prctl$intptr(0x0, 0x1) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f00000000c0)={r2}) ioctl$SIOCGIFMTU(r3, 0x8921, &(0x7f00000002c0)) sendmsg(r1, &(0x7f0000000880)={&(0x7f00000003c0)=@nl=@unspec, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000440)="6a8295b0669ad761c651d1a9ab92e95ba99885862f914ef78f1b50be498b77917151d21fea7bb51abf3b5526892360dad24a9ab3d19d9b81a9c3898f76a9f5f26e89ad7c19997549bdd77fa04eff845e5ab9e17ffd5c1545b7de1d62ec497b78ac923d11e38b8d028a52645f826d0055bb6d253615f96034bbbbf6d1ef1d1638ea6968ef1757964bc9f7af34fa45727bfe7ff88b92982c8810a895f24dcd76a2619a11ecc0", 0xa5}, {&(0x7f0000000500)="c6f9d2e53ca28b2999cfd82c1b0aa9bf7eb8cc95efc4632a0c159c5a66337b6b6648345226445752ff2cf55ff5729fcbc554fd60efa82ecaca4be8d845e781088dabda7eade7b2da572a25d216e6f17bb5cbc716abe931ddd3c0d3e7cf8cb805b6e7f3e8c06547968631d809c4256109850233bf8ce88e07", 0x78}, {&(0x7f0000000580)="c922692fdba1cc923d670ebf661138c19dd0e9d28eec20c408d39f559b415499a4", 0x21}, {&(0x7f00000005c0)="a15d059f44587b323349d211aeaac9a93d1594d96bef41d372855d88b980e87d9e9df5c361a0a409b758550cdb50d17c3c9abce87b51d37d76f10c28065bf1a844bcb7cb17da5e711826b766779a53bac1bcf5006f66fa5e255b28a2921974654c49e5995916728b7daab14f0f3f38ea2f4343bca11ebfde7b8162875622a4bb4ba66e0fc07f615a51719a3b15b4086a7bb8032a4b9f77323b0354f21ff65ac896db064408a2dbd0d58350d0470abe56aceb014b46445021a5dc6818e04d71551d453e8f0e1bd8aa77cf27688179fc31d6038117448ba60338fbddf928bf8a85ec8d138a041d381232dcbd4191fa7f5efea8ba0d93687204ad5a1d", 0xfb}, {&(0x7f00000006c0)="a4788b69594673e238f682d310d5eb68678fc95ce316712db10ff00165ef3d94445b304415765b2a3c98ed665ce006203f07180fec9485deb25fee952eea", 0x3e}, {&(0x7f0000000800)="ae70bbf8f2b57b24d0775ca1d7ccde73a00fc245df3e618ea169d41a0e1825ef25166c543605b2d8ee07495da9ba825b749971c2628f9d7877785fd5f9225ee14c501b75bd45cd0f057e414b7cd71df47c58bab4abdb29cab751507867", 0x5d}, {&(0x7f0000000900)="a57ea320c11104cd22fbd47177ae7e53711881ec60c36317ec9e95299e4b26b26a59f67e6524b1fa1d2c80f2accf7637f10d697cffddc4f75ba40b9c0ea2db3d05dce02fac4169c94b97b1eb5b8afb09ef87b5fc25b8536788650de041fda70829694067df063565e712165ab788b247a810bb5e7de40e113af9e4dfb4b0e395bf50361b81", 0x85}, {&(0x7f00000009c0)="fd651571743898ec20169d0980914d9b798feac9807b6d2701d043a836f3b0b827c245c11e54a666ac642d97434ae4127a84f870cdf8e22b6683189cb0204b7e83b90ad49d1eed1fc7d0b8cf5481e81071a119c279cfba31730344f2370fb726f03e1d802fb82a05fdafb2c88cb632a6c01ee282f43358a4dd78e6249d766b76f20329286a772fcd211ff83865ddb61273331c59f9cda05011", 0x99}, {&(0x7f0000000a80)="7dce36465cbd2d5f2a12d3509a35f1a34326c2a8e15319dd0afc740f57cc5a95c8b4236dec8577bcff5d0ea9ddf1f10e465be7b06cb569c2c9edeeb07c1bff49504bd82cfc5b096436e26392cdee12e7bfec52e1527caa3734bc361fa192951965d9a4bc741d2d13a45bafdb19650fbb810c1f0279de890b19a970159115e0a023f60ea4d8a097c7fdfc5d38aeb8fc50a1a6dfaebd4c90344a6e797229a451dcb9019c9058f5b37a7b43ddcdce93cd13e1f89336bcac34c9fad6030d2ab30c2be91369f8443bae390629d5afc152b20a5c0124a43c04a29d0b155da3f162ac1f6ec17e6cad", 0xe5}, {&(0x7f0000000700)}], 0xa, &(0x7f0000000c40)=[{0x80, 0x18f, 0x6, "fd42788f55bc4636658d9ce369ea623a66b7a38723ab8606573f30c5e3d534a6bfff0cf5ae7b8241bfb8e30775f058971e56784b2d4c48b34f7d60fe96b73cc90d77c5b82e836f952f076deb7d8eb03d34419c6c03ee338135b00f3c44e9f99e8ed52d894438470865251104db"}, {0x110, 0x1ff, 0x2, "9665b669b3d0c238b0b3fd8a191e41efea2e4d89ccc5753bf674346c1f809d959d49ae610b6105a4a73ef90540d8223db780ad1414a55fa68e01f72bb9d1b50c3b36e5aba292ef975a2ff4c0638de4032e625a2d3421c1a53e326ef02e405115ab7a610472d32677ba8297fdb191955b4050b2ddccfe4a63bc60bbc44f558f4463b8a591e732c301623706f666bb301a38c9b5fb38860f680a1b2f97572575168ae776ac540b0424b43572d5fb26f0783d67f656b622f2b5d5772911f35d2e4bce75eb89c894d3db8c52ae1d29a5326d50c6e9d6f19ae0643384a692d94e7ca8fa0cbe805fb1ab0a3601e1ec7e70d4b04f6cf76cfa714824b16125c7be36"}, {0x100, 0x6, 0x8541, "e379b12768b3b9d2a3ee2a8dc196be5cdb7b0a2d884bd2deba3e35883f29e524b0871fc9ede17575abbd15c63b860ad1c7f352bfe12909610091bedc9362c52098be4fea1ae5e0f25ac9cfa693f3090a0d257348650f4e65d40bbd2dda4fae48ff050fe1740bba1f39a4099a237318ba46b6aee1370220fe70295c3394d235d2e568a0314945ff49fe879aac3e444005d48a33ce1113cc0072a86d4f0a3e0e295a4b63505e29f4e0bae702440b4e89e53327ae314d7a610b335b59bffdca331a1b73a07d9d0c4ce29854592912ff5852e635a72ddbd7cd7cb6dc8507dea6ab14fc4f2085e23596ef286bc1eb11c1da"}], 0x290, 0x8000}, 0x8004) 07:39:08 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0xffffff11) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="9134abc0", 0x4) r2 = accept$alg(r1, 0x0, 0x0) socketpair(0x15, 0x5, 0x8000, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_opts(r3, 0x29, 0x3f, &(0x7f0000000580)=@routing={0x0, 0x10, 0x2, 0xfffffffffffffffa, 0x0, [@mcast1={0xff, 0x1, [], 0x1}, @empty, @mcast1={0xff, 0x1, [], 0x1}, @loopback={0x0, 0x1}, @ipv4={[], [0xff, 0xff], @rand_addr=0x80000000}, @empty, @ipv4={[], [0xff, 0xff], @rand_addr=0x3ff}, @empty]}, 0x88) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000004c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="af980600010001000000e300fc000600039c1ee775ec6e82f6f1bdd32ff3be48ef39aea4abb78a3691b03c5a5035f94368d00c6d85a1c27a1a090fcc359f2a0b7daddf0734286ad6ddee4bc201cd9b8d44d90c4ba1b40819058c3c8ec4b9f9177523bc14e9c4d8bf1fedf27c754a4683946ca0bb847df79f500b9d5c3387447f1447d27047cf1379eb8df1f2ca7652f8571300000000000000"], &(0x7f0000000200)=0x14) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000400)={r5, @in6={{0xa, 0xffffffffffffff3f, 0x8, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x4629}}, 0x1000, 0x80000001}, 0x90) sendmsg$alg(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_elf32(r2, &(0x7f0000000100)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRES32=r2, @ANYRESDEC=r1, @ANYRES32=r1, @ANYRES32=r0], 0x33) recvmsg(r2, &(0x7f0000000080)={&(0x7f0000000280)=@sco, 0x11c, &(0x7f00000013c0)=[{&(0x7f00000014c0)=""/4096, 0x791fdd3}], 0x1, &(0x7f0000001400)=""/6, 0x6}, 0x0) 07:39:08 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x80000, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000040)={0x8, 0x53e0, 0xffffffffffff8001, 0x8}) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) modify_ldt$write(0x1, &(0x7f0000000080)={0x6, 0x0, 0x400, 0x6, 0xa173, 0x1000, 0x7fff, 0x1, 0x2, 0x10001}, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) restart_syscall() getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000100)={0x0, @in6={{0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}}}}, &(0x7f00000001c0)=0x84) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f00000000c0)='/dev/sequencer\x00', 0x2) close(r1) 07:39:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, &(0x7f0000000040)}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=[@request_death={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x3b8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307}], 0x0, 0x40406301, &(0x7f0000000400)}) 07:39:08 executing program 7: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x40, 0x0) r2 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000340)="6c20092fb069f17509ea860472ca84bfcf774590b78a18b0f3ea49cc295f442eca94a907ef859af807b2bfed050f127cfd8904bddc66699df0ef4d690783c1cd012403d33383f1373b3e0db3b2", 0x4d, 0xffffffffffffffff) keyctl$assume_authority(0x10, r2) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x9, 0x0, 0x2, 0x3}, &(0x7f0000000200)=0x18) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000240)={r3, 0x8e}, &(0x7f0000000280)=0x8) r4 = socket$inet6(0xa, 0x3, 0xffffffff) sendto$inet6(r4, &(0x7f0000000100), 0x300, 0x0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x7}, 0x1c) socket$inet6(0xa, 0x807, 0x8) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000000)={0x4, 0x0, [0x0, 0x0, 0x0, 0x0]}) r5 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x1}, &(0x7f00000000c0)="a8b3f42a673d7053aceee5914637b0a7b7145af35a5025daa322912f17e20a4a", 0x20, 0xfffffffffffffffe) keyctl$assume_authority(0x10, r5) 07:39:08 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "d4b36b", 0x18, 0x3c, 0x0, @local={0xfe, 0x80, [], 0xaa}, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, {[], @icmpv6=@mld={0x0, 0x0, 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}}}}, &(0x7f0000000140)) r1 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0xffff, 0x24c080) r2 = geteuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) mount$fuseblk(&(0x7f0000000000)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuseblk\x00', 0x8000, &(0x7f00000002c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other='allow_other', 0x2c}]}}) 07:39:08 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") socketpair(0x18, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000340)={0x0, 0x1}, &(0x7f0000000380)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000003c0)={r3, 0x55}, 0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e20, 0x10000, @remote={0xfe, 0x80, [], 0xbb}, 0x2}}, 0x0, 0xffffffff, 0x5, 0x1000, 0x59}, &(0x7f0000000140)=0x98) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000200)={r4, @in6={{0xa, 0x4e22, 0xbb, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x40}}}, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000180)={r4, 0x9}, &(0x7f00000001c0)=0x8) [ 698.340824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.350173] Call Trace: [ 698.352763] dump_stack+0x1c9/0x2b4 [ 698.356394] ? dump_stack_print_info.cold.2+0x52/0x52 [ 698.361589] ? kasan_check_write+0x14/0x20 [ 698.365829] ? do_raw_spin_lock+0xc1/0x200 [ 698.370069] handle_userfault.cold.33+0x47/0x62 [ 698.374729] ? userfaultfd_ioctl+0x5430/0x5430 [ 698.379300] ? trace_hardirqs_on+0x10/0x10 [ 698.383548] ? perf_tp_event+0xc40/0xc40 [ 698.387597] ? lock_release+0xa30/0xa30 [ 698.391553] ? memset+0x31/0x40 [ 698.394818] ? userfaultfd_ctx_put+0x810/0x810 [ 698.399394] ? zap_class+0x740/0x740 [ 698.403092] ? kprobe_prog_is_valid_access+0xa0/0xa0 [ 698.408180] ? bpf_get_smp_processor_id+0x9/0x20 [ 698.412922] ? trace_hardirqs_on+0x10/0x10 [ 698.417152] ? lock_acquire+0x1e4/0x540 [ 698.421113] ? __handle_mm_fault+0x3a38/0x44a0 [ 698.425678] ? lock_downgrade+0x8f0/0x8f0 [ 698.429825] ? kasan_check_read+0x11/0x20 [ 698.433956] ? do_raw_spin_unlock+0xa7/0x2f0 [ 698.438345] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 698.442908] ? kasan_check_write+0x14/0x20 [ 698.447127] ? do_raw_spin_lock+0xc1/0x200 [ 698.451357] __handle_mm_fault+0x3a45/0x44a0 [ 698.455752] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 698.460580] ? kprobe_prog_is_valid_access+0xa0/0xa0 [ 698.465664] ? trace_hardirqs_on+0x10/0x10 [ 698.469884] ? lock_downgrade+0x8f0/0x8f0 [ 698.474019] ? lock_acquire+0x1e4/0x540 [ 698.477978] ? handle_mm_fault+0x417/0xc80 [ 698.482195] ? lock_downgrade+0x8f0/0x8f0 [ 698.486326] ? lock_release+0xa30/0xa30 [ 698.490285] ? rcu_note_context_switch+0x730/0x730 [ 698.495197] ? mem_cgroup_from_task+0xcb/0x1f0 [ 698.499760] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 698.504499] handle_mm_fault+0x53e/0xc80 [ 698.508543] ? __handle_mm_fault+0x44a0/0x44a0 [ 698.513106] ? find_vma+0x34/0x190 [ 698.516628] __do_page_fault+0x620/0xe50 [ 698.520672] ? mm_fault_error+0x380/0x380 [ 698.524802] ? zap_class+0x740/0x740 [ 698.528497] ? ext4_xattr_get+0x166/0xaf0 [ 698.532626] do_page_fault+0xf6/0x8c0 [ 698.536409] ? vmalloc_sync_all+0x30/0x30 [ 698.540542] ? lock_downgrade+0x8f0/0x8f0 [ 698.544674] ? ext4_xattr_ibody_get+0x107/0x640 [ 698.549326] ? down_read+0xb5/0x1d0 [ 698.552935] ? ext4_xattr_inode_set_class+0x60/0x60 [ 698.557938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 698.562781] page_fault+0x1e/0x30 [ 698.566221] RIP: 0010:iov_iter_fault_in_readable+0x1bf/0x460 [ 698.571991] Code: ff ff ff 76 17 eb 3f e8 bf f8 1a fe 49 81 c4 00 10 00 00 4c 39 a5 30 ff ff ff 72 32 e8 aa f8 1a fe 0f 1f 00 0f ae e8 45 31 ed <41> 8a 14 24 0f 1f 00 31 ff 44 89 ee 88 95 58 ff ff ff e8 9a f9 1a [ 698.591450] RSP: 0018:ffff8801608ef688 EFLAGS: 00010246 [ 698.596797] RAX: 0000000000040000 RBX: 1ffff1002c11ded3 RCX: ffffc90005630000 [ 698.604049] RDX: 0000000000000131 RSI: ffffffff8361ae16 RDI: 0000000000000005 [ 698.611302] RBP: ffff8801608ef760 R08: ffff880194d32280 R09: 0000000000000000 [ 698.618558] R10: ffffe8ffffcda240 R11: 1ffff1003b5c5010 R12: 0000000020011fd2 [ 698.625809] R13: 0000000000000000 R14: 0000000000000030 R15: ffff8801608efbc8 [ 698.633079] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 698.638253] ? iov_iter_fault_in_readable+0x1b6/0x460 [ 698.643424] ? copy_page_from_iter+0x890/0x890 [ 698.647991] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 698.652994] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 698.658182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.663715] ? timespec64_trunc+0xea/0x180 [ 698.667940] ? inode_init_owner+0x340/0x340 [ 698.672248] generic_perform_write+0x21b/0x6c0 [ 698.676820] ? add_page_wait_queue+0x2c0/0x2c0 [ 698.681383] ? file_update_time+0xe4/0x640 [ 698.685600] ? current_time+0x1b0/0x1b0 [ 698.689558] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 698.694570] ? generic_write_checks+0x385/0x5d0 [ 698.699221] ? page_endio+0x630/0x630 [ 698.703020] ? ext4_file_write_iter+0x2a1/0x1450 [ 698.707760] __generic_file_write_iter+0x26e/0x630 [ 698.712672] ext4_file_write_iter+0x390/0x1450 [ 698.717235] ? finish_task_switch+0x1d3/0x870 [ 698.721709] ? finish_task_switch+0x18a/0x870 [ 698.726191] ? trace_find_filtered_pid.part.61+0x50/0x50 [ 698.731622] ? ext4_file_mmap+0x410/0x410 [ 698.735748] ? __fget+0x4d5/0x740 [ 698.739186] ? ksys_dup3+0x690/0x690 [ 698.742884] ? __schedule+0x884/0x1ea0 [ 698.746767] ? save_stack+0xa9/0xd0 [ 698.750375] ? __sched_text_start+0x8/0x8 [ 698.754504] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.759863] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 698.765382] ? iov_iter_init+0xc9/0x1f0 [ 698.769342] __vfs_write+0x6af/0x9d0 [ 698.773041] ? kernel_read+0x120/0x120 [ 698.776914] ? lock_release+0xa30/0xa30 [ 698.780873] ? check_same_owner+0x340/0x340 [ 698.785186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.790717] ? __sb_start_write+0x17f/0x300 [ 698.795031] vfs_write+0x1fc/0x560 [ 698.798553] ksys_write+0x101/0x260 [ 698.802175] ? __ia32_sys_read+0xb0/0xb0 [ 698.806222] ? syscall_slow_exit_work+0x500/0x500 [ 698.811046] ? ksys_ioctl+0x81/0xd0 [ 698.814655] __x64_sys_write+0x73/0xb0 [ 698.818528] do_syscall_64+0x1b9/0x820 [ 698.822408] ? finish_task_switch+0x1d3/0x870 [ 698.826891] ? syscall_return_slowpath+0x5e0/0x5e0 [ 698.831805] ? syscall_return_slowpath+0x31d/0x5e0 [ 698.836732] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 698.841732] ? prepare_exit_to_usermode+0x291/0x3b0 [ 698.846730] ? perf_trace_sys_enter+0xb10/0xb10 [ 698.851393] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 698.856233] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.861412] RIP: 0033:0x455ab9 [ 698.864580] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 698.883743] RSP: 002b:00007f9d31004c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 698.891431] RAX: ffffffffffffffda RBX: 00007f9d310056d4 RCX: 0000000000455ab9 [ 698.898683] RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000017 [ 698.905939] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 698.913189] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 698.920438] R13: 00000000004c2d5c R14: 00000000004d4da0 R15: 0000000000000000 07:39:08 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x7, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x30, &(0x7f0000000080)=ANY=[], 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) preadv(r0, &(0x7f0000001600)=[{&(0x7f0000000280)=""/91, 0x5b}, {&(0x7f0000000300)=""/249, 0xf9}, {&(0x7f0000000400)=""/236, 0xec}, {&(0x7f0000000500)=""/238, 0xee}, {&(0x7f0000000600)=""/4096, 0x1000}], 0x5, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) r5 = openat(0xffffffffffffffff, &(0x7f0000000140)='./control\x00', 0x2001, 0x26) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a85352, &(0x7f0000001680)={{0x2, 0x1}, 'port1\x00', 0x95, 0x40008, 0x6, 0x8, 0x9, 0x8, 0x9af7cef, 0x0, 0x4, 0x85}) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1, 0x32, r1, 0x0) r6 = userfaultfd(0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r7 = creat(&(0x7f0000001780)='./control\x00', 0x0) write$sndseq(r7, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) getdents(r8, &(0x7f0000000180)=""/239, 0xef) getdents64(r7, &(0x7f0000001900)=""/188, 0xfffffffffffffdb3) write(r3, &(0x7f0000fa8000)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a", 0x1e) socket$packet(0x11, 0x3, 0x300) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000001740)={0xffffffffffffffff, 0x0, 0x8, 0x3, 0x5}) close(r1) [ 698.962057] binder: 12801:12809 unknown command 0 07:39:08 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1=0xe0000001}, 0x10) write(0xffffffffffffffff, &(0x7f0000000100), 0x0) connect$inet(r1, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [], {0x95}}, &(0x7f00002bf000)='syzkaller\x00', 0x1, 0x405, &(0x7f0000000440)=""/183}, 0x48) r3 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000000c0)={r1, r2}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000040)={0x0, 0x69, "5a2af39b385b768b5eea9f5c8fb9be5c48ef72bd80c552289ebaa0ff9ef1b1ba94b7b45411b49415ff3b5b25063b0e3d7139e90774ee72772a5e4d807f9c49a52a8b085646f094232c676233945dd7319a80f8234f831a6780a3a57ebdba1c2b9baaae41626d1dfb1e"}, &(0x7f0000000100)=0x71) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000140)={r4, @in6={{0xa, 0x4e22, 0x100000001, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0x2}}, [0xfffffffffffffff8, 0x2, 0x4, 0x5, 0x5, 0x7, 0x2, 0xffffffff, 0x1, 0x8, 0x4, 0x100000001, 0x401, 0x3, 0x66bf]}, &(0x7f0000000240)=0x100) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000300)={0xffffffffffffffff}) ioctl$PPPIOCSMRU(r5, 0x40047452, &(0x7f0000000280)=0x3ff) sendto(r5, &(0x7f0000000500)="036fb9", 0x3, 0x0, &(0x7f00000003c0)=@pptp={0x18, 0x2, {0x0, @multicast1=0xe0000001}}, 0x80) getsockopt$inet6_buf(r5, 0x29, 0xff, &(0x7f0000000540)=""/70, &(0x7f00000002c0)=0x46) close(r3) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001a40)) 07:39:08 executing program 5: r0 = socket$inet_sctp(0x2, 0x800, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x20000000}, 0x90) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={r1, 0x2}, &(0x7f0000000180)=0x8) 07:39:09 executing program 0: r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x2711, @any=0xffffffff}, 0x10) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2616, @host=0x2}, 0x10) bind$vsock_stream(r0, &(0x7f0000000180)={0x28, 0x0, 0x2711, @any=0xffffffff}, 0x10) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x8000, 0x0) ioctl$FS_IOC_SETFSLABEL(r2, 0x41009432, &(0x7f00000001c0)="e28a162a80ec208c86133b8644d3c774d6d7d57a5dad34386edbced9eef7263a5bec5c13b55987ff94bfa89801abdb33ed7d988d41e8ea958419a4f10796b43e8cdc2f9f2b7ae3ac04de1742dbe57cf9220bb934da5121132704f01689fdefe491a5ecfc59f632c3cb55e9cad23756bf2760b04723afe16e60d4e7dddaab67be2aedf5c413493dc6ca0d1d24813dcca737eeae12a0b02eb7ba1216db50777713700ec4cab45787183397463d156a6ba96d21cbc5a2464c46f669a0eb4edd1ed52a23516f0766960815c4fe32d1711269ef66276df851610de98c7bdbbcac709bb5e1fe7e2f95e9bbd71fc89db89cd6994b930f694d397b043392bce8bb3e6ea7") 07:39:09 executing program 6: mkdir(&(0x7f0000001c40)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket(0x1f, 0x2, 0x8001) accept4(r2, &(0x7f0000000640)=@l2, &(0x7f00000006c0)=0x80, 0x800) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x20, &(0x7f0000000440)={@empty, @rand_addr, 0x0}, &(0x7f00000005c0)=0xc) recvfrom$packet(r2, &(0x7f00000004c0)=""/243, 0xf3, 0x100, &(0x7f0000000600)={0x11, 0xf8, r3, 0x1, 0x8, 0x6}, 0x14) write$P9_RUNLINKAT(r1, &(0x7f0000000040)={0xffffffffffffffca, 0x4d}, 0x7) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) write$P9_RREADDIR(r1, &(0x7f0000000480)={0xb, 0x29, 0x1}, 0xb) write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000900)='9p\x00', 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="00000000100000", @ANYRESHEX=r1, @ANYBLOB=',\x00']) mount$9p_tcp(&(0x7f0000000000)='224.20.20.', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x1fffff, &(0x7f0000000340)={'trans=\x00', {}, 0x2c, {[], 0x3d}}) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) syz_emit_ethernet(0x22, &(0x7f0000000180)={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x13}, @empty, [{[], {0x8100, 0x400, 0xa1, 0x3}}], {@can={0xc, {{0x2, 0x1, 0x79e, 0xffffffffffff8001}, 0x3, 0x2, 0x0, 0x0, "da0d3a5aab4d9132"}}}}, &(0x7f00000002c0)={0x1, 0x1, [0x20, 0x3d4, 0xa69, 0x141]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$BLKFLSBUF(r4, 0x1261, &(0x7f0000000300)=0x5) open(&(0x7f0000000240)='./file0/file0\x00', 0x8882, 0x0) rmdir(&(0x7f0000000380)='./file0\x00') ioctl$sock_SIOCGIFCONF(r5, 0x8910, &(0x7f0000000400)=@req={0x28, &(0x7f00000003c0)={'veth1_to_team\x00', @ifru_hwaddr}}) [ 698.998258] binder: 12801:12809 ioctl c0306201 20000080 returned -22 [ 699.021518] binder: BINDER_SET_CONTEXT_MGR already set [ 699.030337] binder: 12801:12809 ioctl 40046207 0 returned -16 [ 699.039032] binder: 12801:12821 unknown command 0 07:39:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={"7465616d300000163694d900", 0x0}) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0xffff, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x4000, 0x0) ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f00000000c0)=r3) sendmsg$nl_route(r0, &(0x7f00000018c0)={&(0x7f00000002c0)={0x10}, 0xc, &(0x7f0000001880)={&(0x7f0000000000)=@setlink={0x30, 0x13, 0x105, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_XDP={0x10, 0x2b, [@nested={0xc, 0x4, [@typed={0x8, 0x0, @fd}]}]}]}, 0x30}, 0x1}, 0x0) [ 699.056223] binder: 12801:12821 ioctl c0306201 20000080 returned -22 [ 699.072237] ================================================================== [ 699.079628] BUG: KASAN: slab-out-of-bounds in pdu_read+0x90/0xd0 [ 699.085771] Read of size 60160 at addr ffff8801bda90b2d by task syz-executor6/12827 [ 699.091341] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 699.093550] [ 699.093569] CPU: 0 PID: 12827 Comm: syz-executor6 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 699.093578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.093583] Call Trace: [ 699.093604] dump_stack+0x1c9/0x2b4 [ 699.093625] ? dump_stack_print_info.cold.2+0x52/0x52 [ 699.141947] ? printk+0xa7/0xcf [ 699.145212] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 699.150560] ? pdu_read+0x90/0xd0 [ 699.154000] print_address_description+0x6c/0x20b [ 699.158824] ? pdu_read+0x90/0xd0 [ 699.162259] kasan_report.cold.7+0x242/0x30d [ 699.166666] check_memory_region+0x13e/0x1b0 [ 699.171056] memcpy+0x23/0x50 [ 699.174145] pdu_read+0x90/0xd0 [ 699.177432] p9pdu_readf+0x579/0x2170 [ 699.181215] ? p9pdu_writef+0xe0/0xe0 [ 699.184999] ? ksys_dup3+0x690/0x690 [ 699.188705] ? check_same_owner+0x340/0x340 [ 699.193008] ? p9_fd_poll+0x2b0/0x2b0 [ 699.196794] ? finish_wait+0x430/0x430 [ 699.200670] ? p9_fd_show_options+0x1c0/0x1c0 [ 699.205167] p9_client_create+0x6d0/0x1537 [ 699.209386] ? p9_client_read+0xbb0/0xbb0 [ 699.213515] ? lock_acquire+0x1e4/0x540 [ 699.217471] ? fs_reclaim_acquire+0x20/0x20 [ 699.221779] ? lock_release+0xa30/0xa30 [ 699.225733] ? __lockdep_init_map+0x105/0x590 [ 699.230213] ? kasan_check_write+0x14/0x20 [ 699.234428] ? __init_rwsem+0x1cc/0x2a0 [ 699.238382] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 699.243389] ? __kmalloc_track_caller+0x311/0x760 [ 699.248213] ? save_stack+0xa9/0xd0 [ 699.251821] ? save_stack+0x43/0xd0 [ 699.255428] ? kasan_kmalloc+0xc4/0xe0 [ 699.259298] ? memcpy+0x45/0x50 [ 699.262736] v9fs_session_init+0x21a/0x1a80 [ 699.267038] ? rcu_note_context_switch+0x730/0x730 [ 699.271951] ? legacy_parse_monolithic+0xde/0x1e0 [ 699.276789] ? v9fs_show_options+0x7e0/0x7e0 [ 699.281182] ? lock_release+0xa30/0xa30 [ 699.285138] ? check_same_owner+0x340/0x340 [ 699.289448] ? lock_downgrade+0x8f0/0x8f0 [ 699.293591] ? kasan_unpoison_shadow+0x35/0x50 [ 699.298155] ? kasan_kmalloc+0xc4/0xe0 [ 699.302030] ? kmem_cache_alloc_trace+0x318/0x780 [ 699.306855] ? kasan_unpoison_shadow+0x35/0x50 [ 699.311418] ? kasan_kmalloc+0xc4/0xe0 [ 699.315302] v9fs_mount+0x7c/0x900 [ 699.318825] ? v9fs_drop_inode+0x150/0x150 [ 699.323044] legacy_get_tree+0x131/0x460 [ 699.327092] vfs_get_tree+0x1cb/0x5c0 [ 699.330877] do_mount+0x6f2/0x1e20 [ 699.334398] ? check_same_owner+0x340/0x340 [ 699.338713] ? lock_release+0xa30/0xa30 [ 699.342671] ? copy_mount_string+0x40/0x40 [ 699.346886] ? kasan_kmalloc+0xc4/0xe0 [ 699.350757] ? kmem_cache_alloc_trace+0x318/0x780 [ 699.355585] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 699.361116] ? _copy_from_user+0xdf/0x150 [ 699.365248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.370766] ? copy_mount_options+0x285/0x380 [ 699.375245] ksys_mount+0x12d/0x140 [ 699.378862] __x64_sys_mount+0xbe/0x150 [ 699.382821] do_syscall_64+0x1b9/0x820 [ 699.386703] ? finish_task_switch+0x1d3/0x870 [ 699.391183] ? syscall_return_slowpath+0x5e0/0x5e0 [ 699.396097] ? syscall_return_slowpath+0x31d/0x5e0 [ 699.401010] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 699.406011] ? prepare_exit_to_usermode+0x291/0x3b0 [ 699.411009] ? perf_trace_sys_enter+0xb10/0xb10 [ 699.415661] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 699.420489] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.425660] RIP: 0033:0x455ab9 [ 699.428856] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 699.448023] RSP: 002b:00007ff6b2da5c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 699.455715] RAX: ffffffffffffffda RBX: 00007ff6b2da66d4 RCX: 0000000000455ab9 [ 699.462977] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 699.470230] RBP: 000000000072bea0 R08: 00000000200001c0 R09: 0000000000000000 [ 699.477491] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 699.484753] R13: 00000000004c0201 R14: 00000000004cfe50 R15: 0000000000000000 [ 699.492006] [ 699.493617] Allocated by task 12827: [ 699.497315] save_stack+0x43/0xd0 [ 699.500750] kasan_kmalloc+0xc4/0xe0 [ 699.504443] __kmalloc+0x14e/0x760 [ 699.507974] p9_fcall_alloc+0x1e/0x90 [ 699.511766] p9_client_prepare_req.part.8+0x132/0xa00 [ 699.516935] p9_client_rpc+0x242/0x1330 [ 699.520892] p9_client_create+0xca4/0x1537 [ 699.525106] v9fs_session_init+0x21a/0x1a80 [ 699.529408] v9fs_mount+0x7c/0x900 [ 699.532929] legacy_get_tree+0x131/0x460 [ 699.536974] vfs_get_tree+0x1cb/0x5c0 [ 699.540759] do_mount+0x6f2/0x1e20 [ 699.544281] ksys_mount+0x12d/0x140 [ 699.547892] __x64_sys_mount+0xbe/0x150 [ 699.551850] do_syscall_64+0x1b9/0x820 [ 699.555723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.560887] [ 699.562504] Freed by task 0: [ 699.565496] (stack is not available) [ 699.569185] [ 699.570798] The buggy address belongs to the object at ffff8801bda90b00 [ 699.570798] which belongs to the cache kmalloc-16384 of size 16384 [ 699.583788] The buggy address is located 45 bytes inside of [ 699.583788] 16384-byte region [ffff8801bda90b00, ffff8801bda94b00) [ 699.595728] The buggy address belongs to the page: [ 699.600638] page:ffffea0006f6a400 count:1 mapcount:0 mapping:ffff8801da802200 index:0x0 compound_mapcount: 0 [ 699.610588] flags: 0x2fffc0000010200(slab|head) [ 699.615243] raw: 02fffc0000010200 ffffea0006cdba08 ffff8801da801c48 ffff8801da802200 [ 699.623367] raw: 0000000000000000 ffff8801bda90b00 0000000100000001 0000000000000000 [ 699.631238] page dumped because: kasan: bad access detected [ 699.636922] [ 699.638528] Memory state around the buggy address: [ 699.643437] ffff8801bda92a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 699.650778] ffff8801bda92a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 699.658127] >ffff8801bda92b00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 699.666245] ^ [ 699.670632] ffff8801bda92b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 699.677973] ffff8801bda92c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 699.685310] ================================================================== [ 699.692786] Kernel panic - not syncing: panic_on_warn set ... [ 699.692786] [ 699.700160] CPU: 0 PID: 12827 Comm: syz-executor6 Tainted: G B 4.18.0-rc5-next-20180720+ #12 [ 699.710028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.719374] Call Trace: [ 699.721952] dump_stack+0x1c9/0x2b4 [ 699.725564] ? dump_stack_print_info.cold.2+0x52/0x52 [ 699.730740] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 699.735484] panic+0x238/0x4e7 [ 699.738659] ? add_taint.cold.5+0x16/0x16 [ 699.742794] ? do_raw_spin_unlock+0xa7/0x2f0 [ 699.747191] ? pdu_read+0x90/0xd0 [ 699.750628] kasan_end_report+0x47/0x4f [ 699.754595] kasan_report.cold.7+0x76/0x30d [ 699.758902] check_memory_region+0x13e/0x1b0 [ 699.763380] memcpy+0x23/0x50 [ 699.766471] pdu_read+0x90/0xd0 [ 699.769734] p9pdu_readf+0x579/0x2170 [ 699.773531] ? p9pdu_writef+0xe0/0xe0 [ 699.777316] ? ksys_dup3+0x690/0x690 [ 699.781025] ? check_same_owner+0x340/0x340 [ 699.785339] ? p9_fd_poll+0x2b0/0x2b0 [ 699.789129] ? finish_wait+0x430/0x430 [ 699.793008] ? p9_fd_show_options+0x1c0/0x1c0 [ 699.797500] p9_client_create+0x6d0/0x1537 [ 699.801720] ? p9_client_read+0xbb0/0xbb0 [ 699.805864] ? lock_acquire+0x1e4/0x540 [ 699.809823] ? fs_reclaim_acquire+0x20/0x20 [ 699.814130] ? lock_release+0xa30/0xa30 [ 699.818103] ? __lockdep_init_map+0x105/0x590 [ 699.822595] ? kasan_check_write+0x14/0x20 [ 699.826816] ? __init_rwsem+0x1cc/0x2a0 [ 699.830785] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 699.835790] ? __kmalloc_track_caller+0x311/0x760 [ 699.840630] ? save_stack+0xa9/0xd0 [ 699.844238] ? save_stack+0x43/0xd0 [ 699.847847] ? kasan_kmalloc+0xc4/0xe0 [ 699.851714] ? memcpy+0x45/0x50 [ 699.854981] v9fs_session_init+0x21a/0x1a80 [ 699.859296] ? rcu_note_context_switch+0x730/0x730 [ 699.864215] ? legacy_parse_monolithic+0xde/0x1e0 [ 699.869055] ? v9fs_show_options+0x7e0/0x7e0 [ 699.873457] ? lock_release+0xa30/0xa30 [ 699.877414] ? check_same_owner+0x340/0x340 [ 699.881722] ? lock_downgrade+0x8f0/0x8f0 [ 699.885865] ? kasan_unpoison_shadow+0x35/0x50 [ 699.890432] ? kasan_kmalloc+0xc4/0xe0 [ 699.894306] ? kmem_cache_alloc_trace+0x318/0x780 [ 699.899129] ? kasan_unpoison_shadow+0x35/0x50 [ 699.903705] ? kasan_kmalloc+0xc4/0xe0 [ 699.907585] v9fs_mount+0x7c/0x900 [ 699.911113] ? v9fs_drop_inode+0x150/0x150 [ 699.915330] legacy_get_tree+0x131/0x460 [ 699.919389] vfs_get_tree+0x1cb/0x5c0 [ 699.923175] do_mount+0x6f2/0x1e20 [ 699.926697] ? check_same_owner+0x340/0x340 [ 699.931010] ? lock_release+0xa30/0xa30 [ 699.934968] ? copy_mount_string+0x40/0x40 [ 699.939184] ? kasan_kmalloc+0xc4/0xe0 [ 699.943064] ? kmem_cache_alloc_trace+0x318/0x780 [ 699.947894] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 699.953413] ? _copy_from_user+0xdf/0x150 [ 699.957546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.963075] ? copy_mount_options+0x285/0x380 [ 699.967553] ksys_mount+0x12d/0x140 [ 699.971176] __x64_sys_mount+0xbe/0x150 [ 699.975136] do_syscall_64+0x1b9/0x820 [ 699.979009] ? finish_task_switch+0x1d3/0x870 [ 699.983487] ? syscall_return_slowpath+0x5e0/0x5e0 [ 699.988400] ? syscall_return_slowpath+0x31d/0x5e0 [ 699.993311] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 699.998311] ? prepare_exit_to_usermode+0x291/0x3b0 [ 700.003312] ? perf_trace_sys_enter+0xb10/0xb10 [ 700.007966] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 700.012801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.017984] RIP: 0033:0x455ab9 [ 700.021152] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 700.040329] RSP: 002b:00007ff6b2da5c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 700.048019] RAX: ffffffffffffffda RBX: 00007ff6b2da66d4 RCX: 0000000000455ab9 [ 700.055271] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000 [ 700.062522] RBP: 000000000072bea0 R08: 00000000200001c0 R09: 0000000000000000 [ 700.069774] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 700.077038] R13: 00000000004c0201 R14: 00000000004cfe50 R15: 0000000000000000 [ 700.084744] Dumping ftrace buffer: [ 700.088273] (ftrace buffer empty) [ 700.091958] Kernel Offset: disabled [ 700.095564] Rebooting in 86400 seconds..