2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x4000}]) [ 992.951641][ T1310] binder: 1308:1310 got transaction with invalid data ptr [ 992.970429][ T1310] binder: 1308:1310 transaction failed 29201/-14, size 8192-0 line 3179 [ 993.018532][ T1324] binder: BINDER_SET_CONTEXT_MGR already set [ 993.019889][ T1322] FAT-fs (loop3): Directory bread(block 335) failed [ 993.038180][ T1324] binder: 1308:1324 ioctl 40046207 0 returned -16 [ 993.058792][ T1310] binder_alloc: 1308: binder_alloc_buf, no vma [ 993.078764][ T1310] binder: 1308:1310 transaction failed 29189/-3, size 8192-0 line 3147 [ 993.098277][ T1321] device nr0 entered promiscuous mode [ 993.104220][ T1322] FAT-fs (loop3): Directory bread(block 336) failed [ 993.125614][ T1322] FAT-fs (loop3): Directory bread(block 337) failed [ 993.165516][ T1322] FAT-fs (loop3): Directory bread(block 338) failed [ 993.186739][ T1322] FAT-fs (loop3): Directory bread(block 339) failed [ 993.194321][ T1322] FAT-fs (loop3): Directory bread(block 340) failed [ 993.201912][ T1322] FAT-fs (loop3): Directory bread(block 341) failed [ 993.214421][ T1322] FAT-fs (loop3): Directory bread(block 342) failed [ 993.234883][ T1322] FAT-fs (loop3): Directory bread(block 343) failed [ 993.242988][ T1322] FAT-fs (loop3): Directory bread(block 344) failed 15:29:56 executing program 2: clone(0x2102005ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000), 0x43578cf5) dup2(r2, r1) ptrace(0x10, r0) 15:29:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x7000000]}) 15:29:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000004000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:29:56 executing program 0: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 15:29:56 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x60ff}]) [ 993.339656][ T1438] binder: 1434:1438 got transaction with invalid data ptr 15:29:56 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) 15:29:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x8000000]}) [ 993.401133][ T1438] binder: 1434:1438 transaction failed 29201/-14, size 8192-0 line 3179 15:29:56 executing program 2: mkdir(&(0x7f0000000480)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0%\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\x8bK$\xd7\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x7400}]) [ 993.675046][ T1562] FAT-fs (loop3): Directory bread(block 337) failed [ 993.691316][ T1582] binder: 1579:1582 got transaction with invalid data ptr [ 993.698479][ T1582] binder: 1579:1582 transaction failed 29201/-14, size 8192-0 line 3179 15:29:57 executing program 2: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 993.720154][ T1562] FAT-fs (loop3): Directory bread(block 338) failed [ 993.735589][ T1562] FAT-fs (loop3): Directory bread(block 339) failed [ 993.743570][ T1562] FAT-fs (loop3): Directory bread(block 340) failed [ 993.759796][ T1658] binder: BINDER_SET_CONTEXT_MGR already set 15:29:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x48000000]}) [ 993.778288][ T1562] FAT-fs (loop3): Directory bread(block 341) failed [ 993.789603][ T1658] binder: 1579:1658 ioctl 40046207 0 returned -16 15:29:57 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f00000000c0)={0x1f, 0x1, {0x3, 0x0, 0x16, 0x2, 0x8001}}) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) [ 993.830934][ T1562] FAT-fs (loop3): Directory bread(block 342) failed [ 993.859942][ T1675] device nr0 entered promiscuous mode [ 993.867666][ T1562] FAT-fs (loop3): Directory bread(block 343) failed 15:29:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000006000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 993.924044][ T1562] FAT-fs (loop3): Directory bread(block 344) failed 15:29:57 executing program 2: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440)={0x0}, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000000c0)={r1, 0xb4, "5d2745c39ba599bac453c9ed49f3df186238af3d960d640104d2a52a69e34ce5526c9911a581134db5eb515161198079e3e197357ebbd7e954ecfb08d803c980c7a243d9901734e97c51f33633182fb1c1bba6b6d46c6b811b6e8ced9b32d6797634d0d971982987263a4c50de841b302376a193d2b3596ef144bf16f4f4debb6a961d8a10d43cc91ee12cc15bd0b0981e222359f0d1c02706c1ea05cf3bf9e9307514df981d55edc56be6f061e44d1b520a014e"}, &(0x7f0000000180)=0xbc) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 15:29:57 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) 15:29:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x4c000000]}) [ 994.023363][ T1716] binder: 1710:1716 got transaction with invalid data ptr [ 994.031198][ T1716] binder: 1710:1716 transaction failed 29201/-14, size 8192-0 line 3179 15:29:57 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x9400}]) [ 994.076179][ T1756] binder: BINDER_SET_CONTEXT_MGR already set [ 994.084106][ T1756] binder: 1710:1756 ioctl 40046207 0 returned -16 [ 994.091545][ T1716] binder_alloc: 1710: binder_alloc_buf, no vma 15:29:57 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$KVM_GET_MP_STATE(r1, 0x8004ae98, &(0x7f0000000140)) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', r0}, 0x10) 15:29:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:29:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x68000000]}) [ 994.238519][ T1829] FAT-fs (loop3): Directory bread(block 335) failed 15:29:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x0, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 994.308133][ T1829] FAT-fs (loop3): Directory bread(block 336) failed [ 994.321776][ T1830] device nr0 entered promiscuous mode [ 994.348999][ T1838] binder: 1835:1838 got transaction with invalid data ptr [ 994.353935][ T1829] FAT-fs (loop3): Directory bread(block 337) failed 15:29:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x6c000000]}) [ 994.397723][ T1829] FAT-fs (loop3): Directory bread(block 338) failed [ 994.412901][ T1928] binder: BINDER_SET_CONTEXT_MGR already set [ 994.420492][ T1829] FAT-fs (loop3): Directory bread(block 339) failed 15:29:57 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:29:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 994.448349][ T1928] binder: 1835:1928 ioctl 40046207 0 returned -16 [ 994.456947][ T1829] FAT-fs (loop3): Directory bread(block 340) failed [ 994.484818][ T1829] FAT-fs (loop3): Directory bread(block 341) failed 15:29:58 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x307100}]) [ 994.545374][ T1829] FAT-fs (loop3): Directory bread(block 342) failed [ 994.582463][ T1829] FAT-fs (loop3): Directory bread(block 343) failed 15:29:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x74000000]}) [ 994.611054][ T1829] FAT-fs (loop3): Directory bread(block 344) failed 15:29:58 executing program 3: syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) 15:29:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:29:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:29:58 executing program 2: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000000c0), 0x4) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) [ 994.728414][ T1964] device nr0 entered promiscuous mode 15:29:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x7a000000]}) [ 994.774245][ T1975] binder: BINDER_SET_CONTEXT_MGR already set [ 994.786545][ T1975] binder: 1970:1975 ioctl 40046207 0 returned -16 [ 994.806177][ T1971] binder_alloc: 1970: binder_alloc_buf, no vma 15:29:58 executing program 2: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:29:58 executing program 0: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:29:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000012000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:29:58 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x400000}]) 15:29:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0xbf000000]}) 15:29:58 executing program 3: syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) 15:29:58 executing program 2: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:29:58 executing program 0: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 995.107389][ T2003] binder: BINDER_SET_CONTEXT_MGR already set [ 995.134353][ T2001] device nr0 entered promiscuous mode [ 995.182651][ T2002] binder_alloc: 1997: binder_alloc_buf, no vma 15:29:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0xfd000000]}) [ 995.234975][ T2003] binder: 1997:2003 ioctl 40046207 0 returned -16 15:29:58 executing program 2: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:29:58 executing program 3: syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) 15:29:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:29:58 executing program 0: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:29:58 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x50b000}]) [ 995.370355][ C0] net_ratelimit: 22 callbacks suppressed [ 995.370363][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 995.381829][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:29:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0xfdfdffff]}) [ 995.514422][ T2046] binder: BINDER_SET_CONTEXT_MGR already set [ 995.543237][ T2046] binder: 2030:2046 ioctl 40046207 0 returned -16 [ 995.553468][ T2036] device nr0 entered promiscuous mode 15:29:59 executing program 2: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 995.562618][ T2037] binder_alloc: 2030: binder_alloc_buf, no vma 15:29:59 executing program 0: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000140)=0x86, 0x4) write$P9_RLINK(r0, &(0x7f0000000100)={0x7, 0x47, 0x2}, 0x7) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:29:59 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', 0x0, 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) 15:29:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0xfffffdfd]}) [ 995.635302][ T17] binder_release_work: 11 callbacks suppressed [ 995.635309][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:29:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 995.687005][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 995.762895][ T2062] binder_transaction: 3 callbacks suppressed [ 995.762903][ T2062] binder: 2061:2062 got transaction with invalid data ptr [ 995.776320][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 995.776386][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 995.776482][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 995.776520][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 995.780344][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 995.789362][ T2066] binder: BINDER_SET_CONTEXT_MGR already set 15:29:59 executing program 0: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000140)=0x86, 0x4) write$P9_RLINK(r0, &(0x7f0000000100)={0x7, 0x47, 0x2}, 0x7) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 15:29:59 executing program 2: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000140)=0x86, 0x4) write$P9_RLINK(r0, &(0x7f0000000100)={0x7, 0x47, 0x2}, 0x7) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 15:29:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x100000000000000]}) [ 995.793810][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 995.793919][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 995.793972][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 995.844008][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 995.850737][ T2066] binder: 2061:2066 ioctl 40046207 0 returned -16 15:29:59 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x70a000}]) [ 995.864158][ T2062] binder_alloc: 2061: binder_alloc_buf, no vma 15:29:59 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', 0x0, 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) [ 995.936254][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 15:29:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00L\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:29:59 executing program 2: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000140)=0x86, 0x4) write$P9_RLINK(r0, &(0x7f0000000100)={0x7, 0x47, 0x2}, 0x7) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000540)=""/165) [ 996.043504][ T2082] device nr0 entered promiscuous mode 15:29:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x200000000000000]}) [ 996.094675][ T2152] binder: 2146:2152 got transaction with invalid data ptr [ 996.106184][ T2193] binder: BINDER_SET_CONTEXT_MGR already set 15:29:59 executing program 0: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f00000000c0)='veth1_to_bridge\x00') ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000140)=0x86, 0x4) write$P9_RLINK(r0, &(0x7f0000000100)={0x7, 0x47, 0x2}, 0x7) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0xffffffffffffff81, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 15:29:59 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', 0x0, 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) [ 996.143415][ T2193] binder: 2146:2193 ioctl 40046207 0 returned -16 [ 996.172565][ T2152] binder_alloc: 2146: binder_alloc_buf, no vma [ 996.219340][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 996.228222][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 15:29:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:29:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:29:59 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x713000}]) 15:29:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x300000000000000]}) 15:29:59 executing program 0: syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) getegid() syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000440), 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000500)) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x100000000000000, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 15:29:59 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) [ 996.441098][ T2221] binder: 2211:2221 got transaction with invalid data ptr [ 996.441353][ T2220] binder: BINDER_SET_CONTEXT_MGR already set 15:30:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x400000000000000]}) [ 996.492426][ T2225] binder: 2212:2225 got transaction with invalid data ptr [ 996.501282][ T2216] device nr0 entered promiscuous mode [ 996.509272][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 996.519808][ T2220] binder: 2212:2220 ioctl 40046207 0 returned -16 15:30:00 executing program 2 (fault-call:3 fault-nth:0): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:00 executing program 0 (fault-call:1 fault-nth:0): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 996.556044][ T2225] binder_transaction: 13 callbacks suppressed [ 996.556063][ T2225] binder: 2212:2225 transaction failed 29201/-14, size 8192-0 line 3179 [ 996.582569][ T2230] FAT-fs (loop3): bogus number of reserved sectors [ 996.629623][ T2230] FAT-fs (loop3): Can't find a valid FAT filesystem [ 996.646722][ T2220] binder: 2212:2220 got transaction with invalid data ptr [ 996.663301][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 996.671773][ T2220] binder: 2212:2220 transaction failed 29201/-14, size 8192-0 line 3179 15:30:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x500000000000000]}) [ 996.680673][ T2242] FAULT_INJECTION: forcing a failure. [ 996.680673][ T2242] name failslab, interval 1, probability 0, space 0, times 0 15:30:00 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) [ 996.733865][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 996.773302][ T2242] CPU: 0 PID: 2242 Comm: syz-executor.0 Not tainted 5.1.0-rc2+ #37 [ 996.781220][ T2242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 996.791291][ T2242] Call Trace: [ 996.794618][ T2242] dump_stack+0x172/0x1f0 [ 996.798973][ T2242] should_fail.cold+0xa/0x15 [ 996.803585][ T2242] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 996.809411][ T2242] ? ___might_sleep+0x163/0x280 [ 996.814267][ T2242] __should_failslab+0x121/0x190 [ 996.819238][ T2242] should_failslab+0x9/0x14 [ 996.823755][ T2242] __kmalloc_track_caller+0x2d8/0x740 [ 996.829142][ T2242] ? nfc_get_device+0x8c/0xc5 15:30:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x600000000000000]}) 15:30:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 996.833836][ T2242] ? llcp_sock_bind+0x35d/0x530 [ 996.838697][ T2242] kmemdup+0x27/0x60 [ 996.842601][ T2242] llcp_sock_bind+0x35d/0x530 [ 996.847277][ T2242] ? __might_sleep+0x95/0x190 [ 996.851959][ T2242] ? llcp_raw_sock_bind+0x3f0/0x3f0 [ 996.857169][ T2242] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 996.862813][ T2242] ? apparmor_socket_bind+0xb6/0x160 [ 996.868098][ T2242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 996.874351][ T2242] ? security_socket_bind+0x93/0xc0 [ 996.879551][ T2242] __sys_bind+0x23f/0x290 15:30:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 996.883881][ T2242] ? __ia32_sys_socketpair+0xf0/0xf0 [ 996.889181][ T2242] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 996.894657][ T2242] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 996.900129][ T2242] ? do_syscall_64+0x26/0x610 [ 996.904823][ T2242] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 996.904838][ T2242] ? do_syscall_64+0x26/0x610 [ 996.904863][ T2242] __x64_sys_bind+0x73/0xb0 [ 996.920081][ T2242] do_syscall_64+0x103/0x610 [ 996.924674][ T2242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 996.930568][ T2242] RIP: 0033:0x458209 [ 996.932665][ T2251] FAT-fs (loop3): bogus number of reserved sectors [ 996.934458][ T2242] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 996.934467][ T2242] RSP: 002b:00007fd8a587ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 996.934482][ T2242] RAX: ffffffffffffffda RBX: 00007fd8a587ac90 RCX: 0000000000458209 [ 996.934491][ T2242] RDX: 0000000000000060 RSI: 0000000020000000 RDI: 0000000000000004 15:30:00 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x740000}]) [ 996.934498][ T2242] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 996.934506][ T2242] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8a587b6d4 [ 996.934523][ T2242] R13: 00000000004be231 R14: 00000000004ce7c8 R15: 0000000000000003 [ 996.999918][ T2257] binder: 2254:2257 got transaction with invalid data ptr [ 997.012178][ T2251] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x2, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x700000000000000]}) 15:30:00 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0a7", 0x17}], 0x0, 0x0) [ 997.124229][ T2262] device nr0 entered promiscuous mode [ 997.166803][ T2257] binder: 2254:2257 transaction failed 29201/-14, size 8192-0 line 3179 [ 997.180170][ T2271] binder: BINDER_SET_CONTEXT_MGR already set [ 997.194029][ T2271] binder: 2254:2271 ioctl 40046207 0 returned -16 15:30:00 executing program 0 (fault-call:1 fault-nth:1): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x800000000000000]}) [ 997.228295][ T2257] binder_alloc: 2254: binder_alloc_buf, no vma [ 997.247728][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 997.252195][ T2257] binder: 2254:2257 transaction failed 29189/-3, size 8192-0 line 3147 [ 997.284954][ T2276] FAT-fs (loop3): bogus number of reserved sectors 15:30:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:00 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x940000}]) 15:30:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 997.345449][ T2276] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:00 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:00 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x0, 0x0, 0x0, 0x0) 15:30:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0xa00000000000000]}) [ 997.506287][ T2299] binder: 2296:2299 got transaction with invalid data ptr [ 997.519837][ T2295] device nr0 entered promiscuous mode [ 997.563966][ T2299] binder: 2296:2299 transaction failed 29201/-14, size 8192-0 line 3179 [ 997.602564][ T2309] binder: BINDER_SET_CONTEXT_MGR already set 15:30:01 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x5, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 997.612817][ T2309] binder: 2296:2309 ioctl 40046207 0 returned -16 [ 997.633711][ T2311] FAT-fs (loop3): bogus number of reserved sectors [ 997.640388][ T2311] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x4800000000000000]}) 15:30:01 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0xa07000}]) 15:30:01 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x0, 0x0, 0x0, 0x0) [ 997.833375][ T2327] binder: 2326:2327 got transaction with invalid data ptr [ 997.849063][ T2327] binder: 2326:2327 transaction failed 29201/-14, size 8192-0 line 3179 15:30:01 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0xa, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c029c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 997.917506][ T2339] binder: BINDER_SET_CONTEXT_MGR already set [ 997.950542][ T2339] binder: 2326:2339 ioctl 40046207 0 returned -16 [ 997.957123][ T2335] FAT-fs (loop3): bogus number of reserved sectors 15:30:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x4c00000000000000]}) [ 997.964788][ T2333] device nr0 entered promiscuous mode [ 997.965363][ T2335] FAT-fs (loop3): Can't find a valid FAT filesystem [ 997.977349][ T2327] binder_alloc: 2326: binder_alloc_buf, no vma 15:30:01 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x0, 0x0, 0x0, 0x0) 15:30:01 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 998.057172][ T2327] binder: 2326:2327 transaction failed 29189/-3, size 8192-0 line 3147 15:30:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:01 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 998.143194][ T2358] FAT-fs (loop3): bogus number of reserved sectors [ 998.170476][ T2358] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:01 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0xb05000}]) 15:30:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x6800000000000000]}) 15:30:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x5f) [ 998.245833][ T2364] binder: 2361:2364 got transaction with invalid data ptr [ 998.305715][ T2364] binder: 2361:2364 transaction failed 29201/-14, size 8192-0 line 3179 15:30:01 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x0, &(0x7f00000001c0), 0x0, 0x0) 15:30:01 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x2, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x6c00000000000000]}) [ 998.381281][ T2379] binder: BINDER_SET_CONTEXT_MGR already set [ 998.387353][ T2379] binder: 2361:2379 ioctl 40046207 0 returned -16 [ 998.394536][ T2380] device nr0 entered promiscuous mode [ 998.408887][ T2364] binder_alloc: 2361: binder_alloc_buf, no vma 15:30:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x200003a0) [ 998.481157][ T2364] binder: 2361:2364 transaction failed 29189/-3, size 8192-0 line 3147 15:30:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000fffffdfd000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 998.540628][ T2389] FAT-fs (loop3): bogus number of reserved sectors 15:30:02 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x5, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x7400000000000000]}) [ 998.600614][ T2389] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:02 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0x10400, 0x80) fcntl$getflags(r0, 0x40a) syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x100000001, 0x200000) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net/wireless\x00') getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, 0x0, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x40200, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f0000000240)={0x3746144f, 0x20, [0x0, 0x8, 0x6, 0x2, 0x71e8554c, 0xfffffffffffffffe, 0x8, 0x40]}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r4, 0xc04c5349, &(0x7f0000000040)={0x8, 0x6, 0x8}) ioctl$BLKGETSIZE64(r4, 0x80081272, &(0x7f0000000140)) connect$nfc_llcp(r3, &(0x7f00000000c0)={0x27, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffe, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:02 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x1000000}]) 15:30:02 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x1000000, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x7a00000000000000]}) [ 998.705330][ T2408] binder: 2404:2408 got transaction with invalid data ptr [ 998.714968][ T2408] binder: 2404:2408 transaction failed 29201/-14, size 8192-0 line 3179 [ 998.745086][ T2411] binder: BINDER_SET_CONTEXT_MGR already set 15:30:02 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x0, &(0x7f00000001c0), 0x0, 0x0) [ 998.776589][ T2411] binder: 2404:2411 ioctl 40046207 0 returned -16 15:30:02 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x100000000000000, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 998.878492][ T2420] device nr0 entered promiscuous mode 15:30:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000060ff000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:02 executing program 2: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x55, 0x4000) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000200)=0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000240)={r1, 0x1, 0x30, 0x6, 0xedbd}, &(0x7f0000000280)=0x18) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) getsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 998.950161][ T2428] FAT-fs (loop3): bogus number of reserved sectors 15:30:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0xbf00000000000000]}) 15:30:02 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x1000000, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 998.990458][ T2428] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:02 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x2000000}]) 15:30:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0xfd00000000000000]}) [ 999.080675][ T2444] binder: BINDER_SET_CONTEXT_MGR already set [ 999.112633][ T2444] binder: 2439:2444 ioctl 40046207 0 returned -16 15:30:02 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x0, &(0x7f00000001c0), 0x0, 0x0) [ 999.168847][ T2441] binder_alloc: 2439: binder_alloc_buf, no vma 15:30:02 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x100000000000000, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000fdfdffff000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x200002, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="7a0000008f4242b10cb65074688f6a84dbcfff3c4a0d4bf67f68afed3de14b284a702b4c18d1da10c83a95f843720356e49b4aa731ca1dcf1f9899ca4a5d168b5f30b70d1985e66383757baa09df03010048bfe340076077a0745ffba15acf29a5368a408c3d1a2bdb1972b010b8cbe694fa6ddf8ccddbdc3d7d1ca2f291d25d5b469b9a374b974b43324e0e44988ecb50eb87ce2cf5a3c1f9ca6f6e198c0ff4c32c0560aa2c9d8e7cf903912945053febc499b77faa1593634d18579f9ac2102c7e58c7494617e3db3381aba61252882aba038d1578ecb20b033c2a24bdaef7dc8195e6664fb9db6312924d4689d44a1a6ff14880f8f3294f8a09c85fab44c3eaecb38b632b8bad0c700d845b5f7931a5f64fbcb7c83eca62afc80c8dc9", @ANYRES16=r1, @ANYBLOB="10002abd7000fcdbdf250500000008000500030000006000010008000500000000000c000700000000000200000008000100000000000800090077000000080004004e210000080002002f00000008000200880000000c000700080000000000000008000100020000000c0006006c626c63000000000800050000080000"], 0x84}, 0x1, 0x0, 0x0, 0x24000080}, 0x0) mount(&(0x7f0000000480)=@md0='/dev/md0\x00', &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='autofs\x00', 0x40, 0x0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dlm_plock\x00', 0x5, 0x0) ioctl$VIDIOC_G_EDID(r2, 0xc0285628, &(0x7f00000000c0)={0x0, 0x8, 0x0, [], &(0x7f0000000080)=0x9}) write$FUSE_OPEN(r2, &(0x7f00000001c0)={0x20, 0x0, 0x1f}, 0x20) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r2, 0xc0bc5351, &(0x7f0000000100)={0x91e9, 0x2, 'client1\x00', 0x0, "03f635b92067edbb", "2643dffbdef91873452599d3537d4aca8b006e695794891de76c537585af9d2b", 0x2, 0x20}) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x20000, 0x0) ioctl$UI_SET_MSCBIT(r4, 0x40045568, 0x23) [ 999.260461][ T2457] device nr0 entered promiscuous mode 15:30:02 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x1000000, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 999.358092][ T2459] FAT-fs (loop3): bogus number of reserved sectors [ 999.385115][ T2459] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0xfdfdffff00000000]}) [ 999.428889][ T2476] binder: BINDER_SET_CONTEXT_MGR already set [ 999.437453][ T2476] binder: 2469:2476 ioctl 40046207 0 returned -16 15:30:03 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x100000000000000, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:03 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x4000000}]) 15:30:03 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x7) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:03 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{0x0}], 0x0, 0x0) 15:30:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x2]}) [ 999.690699][ T2500] binder: BINDER_SET_CONTEXT_MGR already set [ 999.698840][ T2494] device nr0 entered promiscuous mode 15:30:03 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x1000000, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:03 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x80, 0x0) r1 = shmget(0x2, 0x3000, 0x20, &(0x7f0000ffa000/0x3000)=nil) shmctl$SHM_INFO(r1, 0xe, &(0x7f0000000100)=""/175) openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x4640, 0x0) syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x5, 0x181100) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x101000, 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, 0x0, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 999.748138][ T2503] FAT-fs (loop3): bogus number of reserved sectors [ 999.769780][ T2500] binder: 2493:2500 ioctl 40046207 0 returned -16 [ 999.786131][ T2503] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000ffffffffff6000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x3]}) 15:30:03 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x40000000}]) 15:30:03 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x100000000000000, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:03 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{0x0}], 0x0, 0x0) [ 999.969739][ T2529] binder: BINDER_SET_CONTEXT_MGR already set [ 1000.007860][ T2529] binder: 2519:2529 ioctl 40046207 0 returned -16 [ 1000.048833][ T2521] binder_alloc: 2519: binder_alloc_buf, no vma [ 1000.084237][ T2542] FAT-fs (loop3): bogus number of reserved sectors 15:30:03 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x4]}) 15:30:03 executing program 2: r0 = perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000240)={'syz0', "3c70a4ac7451ab08fd8ef1244d7630aaec9392a875ffea0d2d10cb6e9e41e0e44f9ecd7558f98c363a84b97502885b5cddce9c5197a0e945789918fd4cc2bf9d272d8e26ddacc0b1f00bfa2ce88cb23f4b60cc19d17dc3cf5642d3c9290f2bdc7d12e37a9751ee7012196a9b20342cd4bc85a3152913e9668a885285306c55aec45f512674f484bad21e0bc26e52625767c73036f68c17c2c30ff0ca4a1f48f5e25e72f10f5d67960eea6b47942fc47b7b725838dc93fffa996f27c4"}, 0xc0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) mount$9p_rdma(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f00000000c0)={'trans=rdma,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@rq={'rq', 0x3d, 0x4}}, {@rq={'rq', 0x3d, 0x5}}, {@sq={'sq', 0x3d, 0x80000001}}, {@sq={'sq', 0x3d, 0xfffffffffffffffd}}, {@sq={'sq', 0x3d, 0x2}}, {@rq={'rq', 0x3d, 0x8}}, {@rq={'rq', 0x3d, 0x81}}, {@timeout={'timeout', 0x3d, 0xeaf}}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]}}) [ 1000.108095][ T2543] device nr0 entered promiscuous mode [ 1000.134349][ T2542] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00t\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:03 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x5]}) 15:30:03 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{0x0}], 0x0, 0x0) [ 1000.337715][ T2567] binder: BINDER_SET_CONTEXT_MGR already set 15:30:03 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0xff600000}]) 15:30:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x100) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r0, 0x110, 0x3) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x64000, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1000.388977][ T2564] binder_alloc: 2559: binder_alloc_buf, no vma [ 1000.404541][ T2567] binder: 2559:2567 ioctl 40046207 0 returned -16 15:30:03 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x20000060) [ 1000.436634][ T2572] FAT-fs (loop3): bogus number of reserved sectors 15:30:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x6]}) 15:30:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000ffefffffff7f00", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1000.489224][ T2572] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:04 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x7, 0x8080) setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f00000000c0)=0x4, 0x4) [ 1000.566495][ T2582] device nr0 entered promiscuous mode 15:30:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) mq_notify(r0, &(0x7f0000000100)={0x0, 0x16, 0x4, @thr={&(0x7f0000000040), &(0x7f0000000080)="77f39447bbe5f53cdd27e3bf77223c0e543bc847772064fb49dece6b12754d0ada4f66ca4b2566121196e4b6f481dc943aa74eac0f3a9a452435b1aef8d9b0e9f127825652d5275c7960a6c3bf2d740f5bcc716e"}}) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:04 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)}], 0x0, 0x0) 15:30:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x7]}) [ 1000.690568][ T2600] binder: BINDER_SET_CONTEXT_MGR already set [ 1000.698860][ T2600] binder: 2591:2600 ioctl 40046207 0 returned -16 [ 1000.729300][ T2597] binder_alloc: 2591: binder_alloc_buf, no vma [ 1000.750073][ T17] binder_release_work: 15 callbacks suppressed [ 1000.750080][ T17] binder: undelivered TRANSACTION_ERROR: 29201 15:30:04 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x3791477f0000}]) 15:30:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000009400", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000002200)='/proc/capi/capi20ncci\x00', 0x2880, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f0000000000)={'nat\x00'}, &(0x7f0000000080)=0x78) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f0000002240)={{0xb8, 0x7, 0x10001, 0xfff, 0x74e, 0x4}, 0x4, 0x5, 0x5}) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1000.810699][ T2676] FAT-fs (loop3): bogus number of reserved sectors [ 1000.817241][ T2676] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1000.829897][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:04 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2000, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f0000000140)={0x270, r1, 0x700, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x50, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1000}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x81}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9505}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffff9}]}, @TIPC_NLA_LINK={0x30, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x64, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x20}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8001}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x54da}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_BEARER={0xdc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xdd}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4e}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x9a4, @remote, 0x8}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_PROP={0x54, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}]}]}, 0x270}}, 0x8000) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x8]}) 15:30:04 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)}], 0x0, 0x0) [ 1000.994351][ T2735] binder_transaction: 5 callbacks suppressed [ 1000.994361][ T2735] binder: 2728:2735 got transaction with invalid data ptr [ 1001.047134][ T2730] device nr0 entered promiscuous mode 15:30:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xa]}) [ 1001.089536][ T2795] binder: BINDER_SET_CONTEXT_MGR already set [ 1001.099014][ T2791] binder_alloc: binder_alloc_mmap_handler: 2728 20000000-20002000 already mapped failed -16 15:30:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x10000, 0x0) ioctl$SIOCAX25ADDFWD(r0, 0x89ea, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0xad) r2 = getpid() r3 = syz_genetlink_get_family_id$team(&(0x7f0000000700)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000009c0)={'team0\x00', 0x0}) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000a40)={@multicast1, @empty, 0x0}, &(0x7f0000000a80)=0xc) getpeername$packet(r0, &(0x7f0000000ac0)={0x11, 0x0, 0x0}, &(0x7f0000000b00)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000b40)={'veth0_to_hsr\x00', 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000b80)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6}}, &(0x7f0000000c80)=0xe8) getsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000cc0)={@multicast1, @initdev, 0x0}, &(0x7f0000000d00)=0xc) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000d40)={{{@in6=@initdev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000000e40)=0xe8) accept4$packet(r0, &(0x7f0000000e80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000ec0)=0x14, 0x80800) getsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000f00)={@dev, @multicast1, 0x0}, &(0x7f0000000f40)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000f80)={'vcan0\x00', 0x0}) accept$packet(r0, &(0x7f0000001000)={0x11, 0x0, 0x0}, &(0x7f0000001040)=0x14) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000035c0)={0x0, @broadcast, @multicast1}, &(0x7f0000003600)=0xc) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000003640)={0x0, @rand_addr, @broadcast}, &(0x7f0000003680)=0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000036c0)={'vlan0\x00', 0x0}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000003840)={{{@in=@multicast1, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000003940)=0xe8) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000003e00)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000003dc0)={&(0x7f0000001080)=ANY=[@ANYBLOB="48914c54e97bf0e3fc7461269ddb6236bbda97c4e4ad2b18fecafdceabe611df7076a913aa7c2ca54a70352980839c895bbf73c0ca264c335cdee0fe03965e0427d38b056a4c68baf84668e2448f7f4cfb60db89338b989b34410463b80cecb8e946cad6ad120067", @ANYRES16=r3, @ANYBLOB="000329bd7000fddbdf250200000008000100", @ANYRES32=r4, @ANYBLOB="b8000200400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000600000008000600", @ANYRES32=r5, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004000100000008000100", @ANYRES32=r7, @ANYBLOB="4400020040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000900000008000600", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=r9, @ANYBLOB="240202004c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e67000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r10, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r11, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b000000080004000010000008000700000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r12, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r13, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040006000000080007000000000064000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b00000034000400050004023f000000fbff055da1e80000ffff0981010000000000fc020100000000fef3f900000080000001140500000008000100", @ANYRES32=r14, @ANYBLOB="400002003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="08000100", @ANYRES32=r16, @ANYBLOB="0400020008000100", @ANYRES32=r17, @ANYBLOB="3c00020038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000800030003000000080004003d0a000008000100", @ANYRES32=r18, @ANYBLOB="4400020040000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000001000040062726f616463617374000000"], 0x430}, 0x1, 0x0, 0x0, 0x800}, 0x4004) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000280)) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000000)={0x200}) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000240)={'tunl0\x00', {0x2, 0x4e24, @multicast2}}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000100)={r0}) recvmsg$kcm(r19, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/78, 0x4e}, {&(0x7f00000003c0)=""/109, 0x6d}, {&(0x7f0000000440)=""/62, 0x3e}, {&(0x7f0000000480)=""/102, 0x66}, {&(0x7f0000000500)=""/81, 0x51}], 0x5, &(0x7f0000000600)=""/103, 0x67}, 0xd5446fa95b9b9c5d) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r19, 0x84, 0x7, &(0x7f0000000040)={0x1}, 0x4) mount(&(0x7f0000000140)=@md0='/dev/md0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='jfs\x00', 0x10, &(0x7f0000000200)='\x00') [ 1001.144007][ T2795] binder: 2728:2795 ioctl 40046207 0 returned -16 [ 1001.209423][ T2832] FAT-fs (loop3): bogus number of reserved sectors [ 1001.226585][ T2795] binder_alloc: 2728: binder_alloc_buf, no vma [ 1001.230769][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1001.243869][ T2832] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:04 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x400000000000}]) 15:30:04 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x10000, "ce939ad22d0823594bebba8d707a5df28fa59bd73f8d671bc32c7e6498ce44ca70a4070fc8f748f6b128dda5dac289bb4c000078f6da94502c945cc0ad00", 0x2b}, 0x60) 15:30:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x48]}) [ 1001.270768][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 ', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:04 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)}], 0x0, 0x0) 15:30:04 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x102, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1001.465169][ T2875] binder: 2871:2875 got transaction with invalid data ptr [ 1001.483688][ T2870] device nr0 entered promiscuous mode 15:30:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x2, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d458518ef0cddc9e96ec28aea9999d4fec41834eac7557a29de40b35cb70af00", 0x1d}, 0x60) [ 1001.509518][ T2879] binder: BINDER_SET_CONTEXT_MGR already set 15:30:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x4c]}) [ 1001.556002][ T2879] binder: 2871:2879 ioctl 40046207 0 returned -16 [ 1001.559506][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1001.580863][ T2885] FAT-fs (loop3): bogus number of reserved sectors [ 1001.610417][ C0] net_ratelimit: 24 callbacks suppressed [ 1001.610433][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1001.621937][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00q0', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:05 executing program 0: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x402, 0x0) fcntl$getown(r0, 0x9) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/llc\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000380), &(0x7f00000003c0)=0xffffffffffffff48) ioctl$sock_x25_SIOCDELRT(r2, 0x890c, &(0x7f0000000140)={@null=' \x00', 0x8, 'bcsh0\x00'}) ioctl$KDGKBMETA(r2, 0x4b62, &(0x7f0000000240)) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x7, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1001.653074][ T2885] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:05 executing program 2: r0 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x100000001, 0xc00) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14) write$P9_RLERRORu(r0, &(0x7f0000000240)={0xd, 0x7, 0x2, {{}, 0x10001}}, 0xd) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000200)={r1, 0x3ff, 0x3f, 0x0, 0xffff, 0x7, 0x8}) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = open(&(0x7f0000000000)='./file0\x00', 0x10000, 0x1a3) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000040)=0x4) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000003c0)={0x3, 0x7, 0x4, 0x0, 0x3, [{0x9, 0x8, 0x0, 0x0, 0x0, 0x2}, {0xfffffffffffff001, 0x3, 0x7, 0x0, 0x0, 0x1181}, {0x2d, 0x3, 0x9, 0x0, 0x0, 0x8}]}) sendmsg$nl_generic(r2, &(0x7f0000000300)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc00000}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)={0x304, 0x30, 0x10, 0x70bd26, 0x25dfdbfe, {0x8}, [@typed={0x2c, 0x4d, @binary="f6b36ebadf32db4ab29e6c6854a304641ee039651d0e13084970d29ae331b160ace929f0a04b85c8"}, @generic="66e034e0ff31dd16715beae0ff247a94ef3715253fe5b8146a80ee30c855310ab7f74e5befbdae8254ec1dd92b4db96d937b25ed8d21b7e16c54ce56e5c1d66dc6628d9e4064dcc179830c05bc70581549ff3421072b83de6c1c17abdecb619dfd13408f5fa1c3439f261d85d20587161ef0423a478efcc7b7a42e7a4fa3786b4b2ec96d1e", @generic="440053691ecd5050fac7d7e824e48e4b2a354b994b542525a80a517d048cd977f139255f87af827bc4d4ab9436b642a17df8c711cde0a1292ced1bd9b557313d48eb2c1f731c5dae02f93721c44cadc4f442a20bb7fb97550c1e37a505fef7980e6d89d90ec5b9", @nested={0x10, 0x5f, [@generic="28b98478", @typed={0x8, 0x7d, @ipv4=@loopback}]}, @generic="0d2a198c76744eff5bd0230f927aa3bf4dd6f9ae53dbd4ed817aa06e22def4081f2877959d253053f98b3be089b28fc81fd23d493b8b463462d6408ba9b6397ff60011e2144c22c93e72526d45bc7c5659d0755eed321b09915babd1588206a3eb91dc2f93312c594b8f0c31bf1eea561d12580e0903ca8b1fed5f51af588cd8bdafe0eca4307b330ce395d9461baf899a24dfd05fcd4281ce0ed97953a2391f2bec32db8a11424496a1904f399fe133810a0406d4d1aeb9dd6782fde78f0004a0375765", @typed={0xc, 0x14, @str='eth0\x00'}, @generic="98cbf560c67f219636a11899b8b3d7822793b3fac948fefcb769bc3aa8c916fbb9aac19ebe73bbb4155e433d6f596d1029732a2af5ab7d33c182a99c00701e72458ade043430f6e667fbb3d8ce2105637cd2875c3c5ad24a6d909375877c1b990143118c5fa84af491fc009bbab56efb9c372f5d53778c10727eb5055ce045c2137e00dfb0ce3d4e45e1f6eb49088b842c17d31dfcdb9a0221d838ada2882a8a82efdadc9f7c290aea6ca4c3b18d7dfc9625826d8b422ea89519634684126e8ae49457f48666a2de038c089ee32414f267f9c65f3a2af124326e9abc28ff", @typed={0x8, 0x2f, @fd=r0}, @typed={0x10, 0x47, @str='/dev/audio#\x00'}]}, 0x304}, 0x1, 0x0, 0x0, 0x20044004}, 0x200040c0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept4$netrom(r3, &(0x7f0000000080)={{}, [@null, @remote, @null, @rose, @netrom, @null, @remote, @null]}, &(0x7f0000000100)=0x48, 0x80000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$KDSETLED(r2, 0x4b32, 0x10001) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0xfffffffffffffffc, 0x0, 0x4, 0xfffffffffffffffd, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0xfffffffffffffd26) 15:30:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x68]}) [ 1001.718471][ T2896] binder_transaction: 13 callbacks suppressed [ 1001.718488][ T2896] binder: 2895:2896 transaction failed 29201/-28, size 8192-0 line 3147 15:30:05 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x60ffffffffff}]) [ 1001.845346][ T2916] binder: BINDER_SET_CONTEXT_MGR already set 15:30:05 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400", 0xc}], 0x0, 0x0) 15:30:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="3681000000ffff"], &(0x7f0000000080)=0xc) getsockopt$inet_dccp_int(r0, 0x21, 0x5, &(0x7f0000000140), &(0x7f00000001c0)=0x6c) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000000c0)=@assoc_id=r1, &(0x7f0000000100)=0x4) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x6c]}) [ 1001.911249][ T2916] binder: 2895:2916 ioctl 40046207 0 returned -16 [ 1001.924379][ T2896] binder_alloc: 2895: binder_alloc_buf, no vma [ 1001.980983][ T2896] binder: 2895:2896 transaction failed 29189/-3, size 8192-0 line 3147 [ 1001.990544][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1001.998321][ T2924] device nr0 entered promiscuous mode [ 1002.010358][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1002.010395][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1002.016186][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1002.021962][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1002.027675][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1002.033385][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1002.039116][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1002.044927][ C0] protocol 88fb is buggy, dev hsr_slave_0 15:30:05 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$sock_x25_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={@remote={[], 0x1}, 0xe, 'bridge_slave_0\x00'}) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000070a0", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1002.073700][ T12] binder: undelivered TRANSACTION_ERROR: 29189 15:30:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x10, &(0x7f00000000c0)={&(0x7f0000000000)=""/191, 0xbf, 0xffffffffffffffff}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=r1, 0x4) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x74]}) [ 1002.198280][ T3034] FAT-fs (loop3): bogus number of reserved sectors [ 1002.229763][ T3066] binder: 3033:3066 got transaction with invalid data ptr [ 1002.237909][ T3034] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:05 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x740000000000}]) [ 1002.281961][ T3066] binder: 3033:3066 transaction failed 29201/-14, size 8192-0 line 3179 [ 1002.324950][ T3170] binder: BINDER_SET_CONTEXT_MGR already set 15:30:05 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x1, 0x0, 0x1, 0x0, "ce939ada2d0823594b1824ebba8d01015df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = dup(r0) ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000080)) 15:30:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1002.365675][ T3170] binder: 3033:3170 ioctl 40046207 0 returned -16 [ 1002.400176][ T3066] binder_alloc: 3033: binder_alloc_buf, no vma 15:30:05 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400", 0xc}], 0x0, 0x0) 15:30:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x7a]}) [ 1002.432936][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1002.445140][ T3066] binder: 3033:3066 transaction failed 29189/-3, size 8192-0 line 3147 [ 1002.503975][ T12] binder: undelivered TRANSACTION_ERROR: 29189 15:30:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000050b0", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1002.555059][ T3194] FAT-fs (loop3): bogus number of reserved sectors [ 1002.563143][ T3179] device nr0 entered promiscuous mode [ 1002.563571][ T3194] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:06 executing program 2: r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x800, 0x3, 0x7c, 0x0, 0xb1ea, 0x10, 0x2, 0x3ff, 0x4, 0x9, 0x2, 0x3, 0x9, 0x2, 0x8, 0x3, 0xc0000000000000, 0x9, 0x40, 0x7, 0xa90, 0x7, 0x5, 0x400, 0x100000001, 0x5, 0x8, 0x6, 0x4, 0xff, 0x0, 0x0, 0x5, 0x3, 0x7, 0x0, 0xff, 0x7, @perf_bp={&(0x7f0000000000), 0x2}, 0x4000, 0x2, 0x80000000, 0x9, 0x15d, 0x0, 0x800}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x11, &(0x7f00000000c0)='posix_acl_access\x00'}, 0x30) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x101}, r1, 0xffffffffffffffff, r0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xbf]}) 15:30:06 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x8000000000006, 0x5, 0x2000000000000, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x0, 0x80180) accept$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14) [ 1002.659270][ T3331] binder: 3312:3331 got transaction with invalid data ptr [ 1002.673456][ T3331] binder: 3312:3331 transaction failed 29201/-14, size 8192-0 line 3179 15:30:06 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400", 0xc}], 0x0, 0x0) 15:30:06 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x7f4791370000}]) [ 1002.771208][ T3341] binder: BINDER_SET_CONTEXT_MGR already set 15:30:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000007d000)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f00005f8ffe)='#}\x00', 0x0) ftruncate(r1, 0x40000) sendfile(r0, r1, 0x0, 0x7fffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x1, 0x8000) getsockopt$inet6_buf(r2, 0x29, 0xdb, &(0x7f0000000140)=""/99, &(0x7f00000001c0)=0x63) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x420082, 0x0) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @dev, @initdev}, &(0x7f0000000080)=0xc) ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f00000000c0)=r5) [ 1002.815274][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1002.826485][ T3331] binder_alloc: 3312: binder_alloc_buf, no vma [ 1002.857151][ T3341] binder: 3312:3341 ioctl 40046207 0 returned -16 [ 1002.893416][ T3331] binder: 3312:3331 transaction failed 29189/-3, size 8192-0 line 3147 15:30:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xfd]}) [ 1002.904287][ T3361] device nr0 entered promiscuous mode 15:30:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1002.947425][ T3381] FAT-fs (loop3): bogus number of reserved sectors [ 1002.978388][ T3381] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:06 executing program 0: bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:06 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x7fffffffefff}]) 15:30:06 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200", 0x12}], 0x0, 0x0) [ 1003.081873][ T3469] binder: 3463:3469 got transaction with invalid data ptr [ 1003.120452][ T3469] binder: 3463:3469 transaction failed 29201/-14, size 8192-0 line 3179 15:30:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x300]}) 15:30:06 executing program 0: r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000300)) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000140)=0x2) getsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000000c0), &(0x7f0000000100)=0xc) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000340)={0x100, 0x4}) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f00000002c0)={0xc43, 0x945, &(0x7f0000000180)="6d334649d3d39e9c322455746ee95ee70fe40d355ee2e892cf50d26979756e4d017ae9d04c7ef051232d1b58b77fc6a4d9725b38592fff0d76d4ecaf6ed935cd353b41d6b67083d00af60c5bff09f07ff352f3169a", &(0x7f0000000200)="18b6ab6ce1d373e8b789c93ae94018e562378cbb902b7de75c4e26b778f2a143f2edfecb679a38e84604e99efa2393dc98fd3c46c3db9295423ae0024a17bbbc7286755ec4f9dbf74d2dbab1765bda1d720181116ad05cc3b4e86c30b99e58b2d2bce4b6110516b7dd0ca25415a9d4aed8ebc059a0cb4fd560bd5e3bef3e0f37638b91cbd60b8c1de32477a73dae43e9727f7dd3", 0x55, 0x94}) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1003.208817][ T3475] binder: BINDER_SET_CONTEXT_MGR already set [ 1003.233129][ T3475] binder: 3463:3475 ioctl 40046207 0 returned -16 15:30:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x200000, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) lsetxattr$security_selinux(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:dbusd_exec_t:s0\x00', 0x22, 0x1) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x9, 0x200) ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, &(0x7f0000000040)={0x2, 0x40, 0x3}) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) [ 1003.268042][ T3479] FAT-fs (loop3): invalid media value (0x00) [ 1003.274537][ T3479] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x500]}) [ 1003.375473][ T3531] device nr0 entered promiscuous mode 15:30:06 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200", 0x12}], 0x0, 0x0) 15:30:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x600]}) 15:30:07 executing program 0: bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000080), &(0x7f00000000c0)=0x8) 15:30:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000000)=""/174, &(0x7f00000000c0)=0xae) [ 1003.583405][ T3604] FAT-fs (loop3): invalid media value (0x00) [ 1003.622771][ T3614] binder: 3607:3614 got transaction with invalid data ptr 15:30:07 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x940000000000}]) 15:30:07 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200", 0x12}], 0x0, 0x0) [ 1003.640163][ T3604] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1003.661191][ T3614] binder: 3607:3614 transaction failed 29201/-14, size 8192-0 line 3179 15:30:07 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff}) sendmsg$alg(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f00000000c0)="7ff7935faf77ecdd095918b79430f409bde607278311384b4058ca1a33a7fa384967fd74ec32d9cd86a6d11788deeaf27d53689cee7dda80ed7738d69df2e10f61b8fe2fdcd81a0a7b4e096eb0c73f6eeb27a1510bc556aa60cbc20406246991efd49555c6dd92576a432f7945f407341e86ce67aa6affeed129c867ad1dd901681659c405d0f9fc501cc9e65eb4ad7f5ccea29a798ad0604c55a9511b670f1ba3f70aa91e46c11fed552d623becc3afd34be7d6c0f330384bb4295dc6ba96360fadbb1d340fe5c0ea13bb0c9b7895c22c28578fcba55c0b60d4f3431017d1958534cdb5f352850d7ac916b6a9d81f83a0f932b7871c31c215c3aab21c694a0d9523c22a431e6560bcc64cc6098c2cb1ef276cde0201c4ed6458c269bf6f8d9dfa71b35cd9ed472f816d238c2823fd676b90b1d1488ace0cf2dc1b4000e6c6f9d68a89c77ed610aad0bfe0b24b0b40e28a4a884baecd2a3e3797a6c0ed766c18e1475ffa800ad3cd7f4c7a31de3bf19ecc31ab4bc54aae9d4e779e2e823673fb87119c687520ff17a47c96a93a2105908b325043051db55b34dcd85a12dc9c0ace83861a8c1bcdc34e4b2111ec544f55208d9504ccb122591d299cf13dce8205e9b34e31ee7cb0a3bfc113ed56a1b2e363c95e31790f2d57c26c2525dcf83c4aaa9859102d24582ec8448a044926ceaea12788e25ec7005ef83a22b682f9ae7f41ff3421f69753954ea78f81bda9862e310dcb00d98607d7df3999dbc75a3951d7ad2a83fc8aed03535cf3d00074845740c7f4c485fc930d88a36751bb288db0991bcf8ad07ef5166a601d48ac6aabf0d296d7e4efa593d81b121f7da88801c0da1daa38c29aab3398504e3af1e2802affe86ee30cb95613264966add9d8733b06caa6977e9f183543208e260d6d28f14eefae8be650a0ec8fdd52339c1b3167498a612d1c202831aa3e4a8922514a87316fd491e0e3c62e8e104f273655e63f2ab5e35ce25f098d9c4ca2e1e54403a18bb71bf99ced6b81cd8829c10b30a31afabd8e6302720b7d748b5384da8a7799194d33d39bfe85a4847195a56b584172a5abd0a72820e7eeb3269c5ea345a881cb28d6f51527d09f497704553b53e096dbed2b000fbe46f2eb9b4535535c1d657a2e3cf62858964dd747a003e7d209098c0e7ce7170a090dd79e5a112adaac2ea9cbd357a602400ada15123ab1f777411494c11b0255054f9e68d82809d53af0e747fcac3987870f8c5aba0eaa7e7f7a9cb24448d153e8d78049d68fd1d640dfcbb79bee224dac0b115e618f0cd366ff7bd7b62c61f6fa71ab708f9e3fdcfebbb1d2d50ffb465e5fc850ff38008f6a2bce916a559cb3b0457a08412e6328f4b371d501a8a791fc57043b7b251759408ab3282090199b050ffd633263e210c12f4c4a009381b7cd405a4ce666617694461c9f68c0ee69c2d3f0a68382f9bbae62003bb09d584b7a05175017da2d254b9135195ac471c5ca8f615d655af7ed37435f391fa40f3d16085f11c0222d8fa7c8fed33f6a1a80875e92624ce929b680aa3115f0dbaf18690247fa55dd0ad85aed2ddeecc9effa978eb26996d0e33825a94ee0949aa10a2de58938439f824327119d11caf837268adb6c802aba822ed6c0419077c9446461717be89b91b75e86dafb9a426c6c1763166b2fa70efab8c4399553bca6d2f5cf1683caed3826419cd8d85c0a98aaa67af6b0178bf01b80b969143d75760ef2c7d68fe1b61a07d663fb7d176d7f48c0c74078936189923f4a8e7961b406e0ba8794ed5097ce7f13780ab9ae781cb3a9e9777ea4d509b7abfec6b6f13149a3b49750e440cdb9d8e0fbd817e39892fd62d81652ba31fd1f30c7d7495013f6b2dc4697178a1e708b9b083101ee9d21161bba8a94b2969baca529c01531a6da699f250bd02807b8426b29265602bc19fc97061d28e458f822b359251603d301f0bf9ae106b6bfd124c3ce009679e0a459e8fd1880cf6d97fc9fa9a13fda07f250cd7462220c83128c8b3862cebe788ed44d713810d6f9c56c648c30a5cef2e96ead223e2b7e69590572f9d9cd566ebffcd8456e7e5cf3f60d6131841fd409431f31b607506a26356f9afb551c588546caf7ca4820657088f148b62eb319058fcdf4cbd89fd9236e5df93fc566308e15fddb2b33047ceed7ab7dce2adc8ebe74631209b1c87dddd59922d7cd572046cdfd53fa1159266e30e2cc936cad198c3f24f9badd51cddf49565fba7a0069e02d92b7ec44fb4aee00814cca547c02821ed8e45b14d77b18f71140eb45607ef195432b7315b153aa0173f0cd296206a01564769c1d6d40bf861e6d458e3f70c845c6ba4efb3e6b11b6bf5b072e3ab51ef0e170f15c2a41f19b27a367a7757e442272d82c06c46ef6adc80d366977bf9a27a63d4fb93365b3049dc752ba0e9298e1e3063cd4a7c24e4c922b1b48ba62f110ca29bdcea6c2fb763a3472ce95e9cd406aaa0c22877b24a864455b3ce59322c9aa2b684531bbf728e77722b1c9f68572a7300b370747e71d262232d41923d7610acdf1affef1b515184856a786e726681bde08b9c9546ef856528ceb0acc9755bfc42a89f31041750745c810831a99d5ffeb3a3270b3577289a0ee34dcb470c1e71a4cd99493186e14f9578303f51e35c8c15cd9b9ad85d0a31007a13791c7954ada7b57557f0c82e26ec8e50dfa999d773d8ceed89f3ddfb6e6458edf52677a220d5266855cdc9c51c88d081dd8d6350b9cfb860fc0dc9e4050647dd91c58adc298e4fc2ecc263819f1348d6b33d896bfac5a789e8b5ed6b7f7ed68bde29388a17de7428b66937210612cb2c19b064bf9c8413e9e1459f815e3d6b2a89ddc1e0edf0c2e2f0b8db1349ca829fb5e21f7171c64781c2b80638c74a7c77fbcdff41fc96f37b571a0ed8f1ffc002b88e3d339503b6f0cf2e8c2764acc757c8f2a4699d1e55923ef8add9351a8a8448f13614c890d4aee639832bdbd747c2a88aa66c9cbc3d90b9421b46bc86655656aca6d9c134d5155836ac4ece3233412c16a8248d173255797831ef37bdd5ec27d5fc5e844ecd57ec4b0ef4f75da76fe993abd97321adebcb7e8933e716045f8c080f9320e514db0745d5de91b1d0a0b9ff6af1a66b1d20227b7eede2c96c4fccbb29cd936ad964fd9ce9a29e71b96940c483d0c5bcac8b95d127c44fc862cd986275a43ef7926ae9c1d53ce178f6668e08be8bbeb246c7f8faf819c7d8b4c31edbf4ff63ae6d19d25b956bf6b061fe89585c83466d698decf2f1d2bdf2eb65a179dc3fa5b9e16f904bd3318ab67b6621c99adfcf71ee231086823f7e919625f49d095f0a6f46dd44898ee22ee8e8e3c6759bd8db5cf3e05e68c7faadf6e3d72affa5197d502cb20f3b148d79e9c7f793ccbd53b8dc34c430a98830c428aaa1b392a8560508a3c79c58fd9717f66e72b59d21f8912cddfe5bf39b73417855d91976e3aa8d1648b92132971342da53cf9688167147ee8e6e0c9e27257409f20ff29d5bf7176406b8088f85bfee5cecd56c460fc76558e03155c5bb008f1cc29912da9c07a994aa267f73cc862898a657f41004a689556ff838b386e1b5b20ad3e3f159784b672342c5b2df0d100fb6469899b82e7da36159ec45ed248f3f87153c12c44758fdf74243ca6e7151847ec98eda03e41e29e297d8c76ce94445e2952686893753e35bcf68b007d07cd9bc1ff3c67de74fdd5237962facc8aca1789ec5e5e70daf22eec69864a18f352a7eef951a41a1b060cb73dc1e04168d39ec7085c0f052576fccf3e2ccd0fced9b80639467fc35746aaae2c03a3222b1928ab773ebb1fa9965dbc437ef1f774a993b0e63bfd38066cab701fb4c895399a830aa7c4d61d7b62cf3e694b8dce557b75b1e269ac1d91e59c980203a6ebd6db44904bb5894940622a0cc8c54baa26e368cbc2ccea41f29578065a4f8b7b39c3ce8325ff3b3259b9e30673e0e8228a38652b4c35ef2ffd3589745be4490c1d68c4f7301b2574b8957186ee6d5e87ba638a8c7e9cfe38a0405898d236b9eae39b442172c048e42eba084dc69ae045e524aac609dd50237e9aaab44ca60c9cfb921accafbf8b5e195bcf724832b8b93890ea001f712693d7b08a0cbc98a475f72208010697159e76ba1d05bbfbf5f8eccf8900e4a2090cfc43592ed7a64fc4f8e73b185009db706a4bb47ef6c4f2c510b9a76412d0fc49d478d562a2cffe9cd7e3e6055fe18d950d0838cc63d1fca034d51afc46739911aa3fae124902cf9a11e02590ea0cef0d6d1b22155d91dd176a3dc36fea1ed4135c0e420fcb017d80c2ac41f9633107931357200a1a84c0bfa9df00c8eba6674fb1419fc3cf565340632958655521f460a63ea009fc543f47f2eb351bbb90179cc9469987e2491e6679878c1cba285c79d2eae2bf900ffe1c736e00c463720bb17a85b98bd8ff09fba106d1e9061f75d5daf0ced70f7a97de9cf6f783564a42723950706e36a70500ad30023dc24bb69c23b625ae49627fb98d3f0ea1efa6d6568015e49a9232c9893c4bf9db694c357f4a310050b9d824569294a93a54b7e7506d3f6f2de0f1917c90284393c27140d63b02653ee9ece8f2ee7ed1e05704fca99b19c0758e44126473d39d22585678be88a70eed3f16119d73c9e75ed769d0475417ca4e1900b4093092e83aaea63d7daab9cb858ebdf9f229565c2735616a0d00bfc740bfe31af9592ce9a78cc1c3e3b1807f090f5d25a9bbd8da3acf013e864542d6a30da33f1523377c81d144da58fff353614d2df4444ae1524fe8a5694e0e4af03d0e1b8b38e042f125c49ea5646a5d8b2d6cc121943407311d1ff54f730a63652abc5986b44661ee279e7cbefa08aad65edb942ec06438bd81d9c08456dc7b4ff8e4024c6354d2618062388b05118962aa357278afaee71103b9ba70b319f5e54df6c57420e8ad6158fadf1501ab3db1b76099aac90d7b296204e9041787c60e21d68d61df14f780d7786da27263b81f7c70833cff34fdd482c462627402e1d5e6948edb0a84aee13768b2d93a930896c1130bc6c5c3d8f7fb0aaaef11f67f1c6e558c5ad0d5105cbc09c3f67715388b2b11bb834ecf7428301b26d36e226093c80bdef83689e169c447bf0eaca267583435ebbbaa52e6a6679fa558366741031e63caaeb7f08bdbb681ef387da52f550bc1cfda3417e00bddcc2cee56a50a215b84bf0284bd8d6c873e1455f5b1ab6d627efba179a07b7ca9b8b6188741a131b9a8fafba847f15478a9363a5641bf3adf07e31fbfd25496c4f36de9058acb143ba93e6e19b57fd117222e8f4aa4e8ccf5c78da41117e030b7a23c524e511babe85e669958fa10b9ebaebb8527ceac7558835646ef1f2298707e4fc323874852b1af3a0c794a2ed93dcff9e1ada603318fbeb9e56e9e2de935ef50034779023677b2a48857ee066bba6c4b802b145bbd055b3d7e484fa7f0b3c0056c9191d6ae1a6f2420f7216d96808793e45b15314ed2df1c7c6b00703f402e170663c36cb67235e9f4ec3d3b21550ddc2302f032c791dc5cbcd70d4cb31117ebfc393c6d7014eedbc934600188989e90109fd6251430b9a968bd5d98c83c887d9a9b38874e7b06be11c4b01cfd4dee920e187b94037ee79c3e458a9a403d1d128549a032fc49fa921bff02c37a5b6398d2546316f981fccbd3a320e79df00d71a19aae0a12884f4e42ea730507cf3461365af9277a877d8d26fe91b89193ac321262a21da45a5bd0b99ac180a3fb", 0x1000}], 0x1, 0x0, 0x0, 0x4000800}, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x700]}) [ 1003.714568][ T3622] binder: BINDER_SET_CONTEXT_MGR already set [ 1003.723929][ T3622] binder: 3607:3622 ioctl 40046207 0 returned -16 [ 1003.744860][ T3614] binder_alloc: 3607: binder_alloc_buf, no vma 15:30:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r1 = gettid() ptrace$getregset(0x4204, r1, 0x200, &(0x7f0000000100)={&(0x7f0000000000)=""/252, 0xfc}) r2 = syz_open_dev$video4linux(&(0x7f0000000140)='/dev/v4l-subdev#\x00', 0x0, 0x6000) ioctl$VIDIOC_TRY_ENCODER_CMD(r2, 0xc028564e, &(0x7f0000000180)={0x3, 0x0, [0x8, 0xac, 0x5, 0x6, 0x9, 0x80000001, 0x7, 0x9]}) [ 1003.774906][ T3614] binder: 3607:3614 transaction failed 29189/-3, size 8192-0 line 3147 [ 1003.839304][ T3632] FAT-fs (loop3): invalid media value (0x00) [ 1003.846673][ T3626] device nr0 entered promiscuous mode 15:30:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1003.888876][ T3632] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xa00]}) 15:30:07 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400", 0x15}], 0x0, 0x0) [ 1003.984674][ T3731] binder: 3697:3731 got transaction with invalid data ptr 15:30:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x20200, 0x0) r2 = getpid() ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000080)={{0x100000001, 0xfffffffffffffffa}, {0x7, 0x3}, 0x80, 0x4, 0x101}) ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000100)) write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0xfffffffffffffffe, 0x8, {{0x101, 0x1, 0x1, r2}}}, 0x28) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x5}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000200)={0x0, 0x0, 0x8, 0x22, 0x800, 0x100000000}, &(0x7f0000000240)=0x14) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000280)={r3, 0x2, 0xffffffffffffffc0, 0x5, 0x2, 0x392, 0x6d, 0x7, {r4, @in6={{0xa, 0x4e22, 0x4431752d, @local, 0x1}}, 0x2, 0xcd7e, 0x0, 0x3, 0x10000}}, &(0x7f00000003c0)=0xb0) 15:30:07 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) mlockall(0x2) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x8001, 0x2300) removexattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@known='system.posix_acl_default\x00') bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823597a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dee2989444073278f6da9424bb945c40ad00", 0x2b}, 0x60) syz_genetlink_get_family_id$team(&(0x7f0000000140)='team\x00') [ 1004.079493][ T3731] binder: 3697:3731 transaction failed 29201/-14, size 8192-0 line 3179 15:30:07 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x30710000000000}]) 15:30:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x4800]}) [ 1004.131622][ T3759] FAT-fs (loop3): invalid media value (0x00) [ 1004.162454][ T3759] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1004.212680][ T3771] binder: BINDER_SET_CONTEXT_MGR already set [ 1004.238038][ T3771] binder: 3697:3771 ioctl 40046207 0 returned -16 [ 1004.256577][ T3731] binder_alloc: 3697: binder_alloc_buf, no vma 15:30:07 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x994173f3265fab0b, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e24, 0x3, @empty, 0x4}}}, &(0x7f0000000180)=0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={r2, 0x4, 0x4}, &(0x7f0000000200)=0x8) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1004.289440][ T3774] device nr0 entered promiscuous mode 15:30:07 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400", 0x15}], 0x0, 0x0) 15:30:07 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) 15:30:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x4c00]}) 15:30:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:07 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0xa0700000000000}]) [ 1004.518269][ T3834] FAT-fs (loop3): invalid media value (0x00) [ 1004.544316][ T3892] binder: 3848:3892 got transaction with invalid data ptr [ 1004.545917][ T3834] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1004.567436][ T3903] binder: BINDER_SET_CONTEXT_MGR already set 15:30:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f0000000040)=""/59) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:08 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dlm_plock\x00', 0x600000, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000003c0)={0x0, 0xfffffffffffffffc}, &(0x7f0000000400)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000440)=@assoc_value={r1, 0x9}, 0x8) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000480)=r0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r3 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x3, 0x400) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000280)={0x0, @initdev, @remote}, &(0x7f00000002c0)=0xc) connect$packet(r3, &(0x7f0000000300)={0x11, 0x0, r4, 0x1, 0x10000, 0x6, @broadcast}, 0x14) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f00000004c0)={0x100, @tick, 0x9e00000000000000, {0x2, 0x8}, 0x5, 0x0, 0x4}) getsockname$packet(r3, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0x40405515, &(0x7f00000000c0)={0x9, 0x2, 0x80, 0x4}) sendto$inet6(r3, &(0x7f0000000100)="4f91308c6edc04636753451c6d9184f0c7e266f0afc0854de978fc2ae1228178356defe6303ac9e7885321ddfdac3d7a8f8cef58459769920edfa1c1259cc693409f3a337454c2888b52e36f8117b6f944f0ae4cb729206754a2ca301419fdaab668a78c03182b299831b4677b00ead9ac3cb5d840fdb8e486ff189d630259aa266e83cd34bf55c497aee96f7bd69b4629c52f041797f8f64fcb9ca2d2df6d06539dbe2feea477802703763f12fb5a9c7f7d39d81dc9c2409ff5e920e209a6f0694c063f09b937a2cd14644e3dcd3c8c1ddf63de068c2601fbeda8ba03f16d5aaea6a0cbac91791749b9a8211190c3056c617c837768ad2a8fcc98e90a2c", 0xfe, 0x4000080, &(0x7f0000000200)={0xa, 0x4e24, 0x9, @rand_addr="f8c8f7599efea0db9497735096b478ff", 0xfffffffffffff801}, 0x1c) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000001900)='/dev/ubi_ctrl\x00', 0xc01, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r5, 0x1, 0x1, &(0x7f0000001940)={0x3ff}, 0x4) 15:30:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x6800]}) 15:30:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1004.600000][ T3903] binder: 3848:3903 ioctl 40046207 0 returned -16 [ 1004.637704][ T3905] device nr0 entered promiscuous mode 15:30:08 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400", 0x15}], 0x0, 0x0) [ 1004.773782][ T3944] binder: 3916:3944 got transaction with invalid data ptr 15:30:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x6c00]}) 15:30:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1004.821763][ T3984] binder: BINDER_SET_CONTEXT_MGR already set [ 1004.836503][ T3984] binder: 3916:3984 ioctl 40046207 0 returned -16 [ 1004.857743][ T3944] binder_alloc: 3916: binder_alloc_buf, no vma 15:30:08 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0xb0500000000000}]) 15:30:08 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) signalfd(r0, &(0x7f0000000080)={0x9000}, 0x8) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1004.891948][ T4018] FAT-fs (loop3): invalid media value (0x00) [ 1004.915605][ T4018] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x7400]}) 15:30:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x0, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:08 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1005.075576][ T4044] binder: 4038:4044 got transaction with invalid data ptr [ 1005.108224][ T4055] binder: BINDER_SET_CONTEXT_MGR already set [ 1005.152624][ T4047] device nr0 entered promiscuous mode [ 1005.168912][ T4044] binder_alloc: 4038: binder_alloc_buf, no vma [ 1005.190558][ T4055] binder: 4038:4055 ioctl 40046207 0 returned -16 15:30:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x7a00]}) 15:30:08 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x8) getdents(r0, &(0x7f00000000c0)=""/33, 0x21) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000180)={@loopback, @loopback, 0x0}, &(0x7f00000001c0)=0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x3, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x240}, 0xc, &(0x7f00000006c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="660400002c00340027bd7000fedbdf2504000000ad36ff98b08c011979effe19c04db3276e3a08b1d99654fdf36704ad0879c3ea1c059f431b7554e0b85cac9ad845a5f344fa176151571f2622b6a6b37bd74dc471d3ea529b39bdeeba809b14dc388ef0a17b28382befcd3f2c03a7962b1f010159c9d4ea75bfb9c84a5b5711917c60402b4f3bb1fce94f222d05d9feb00d1eb7fa96edd34341ae92ad8ac80e511a2d132f9ce1351e0f18a85738bb04eff718e9a72c1721998113e578174ba8a55e049039226eba88e1b27d205c3550882a064ec1720b440eb9a117717fc4cb03e0f32daea85f4fd464bd3801b670a8a771bb2c70acc770efe9cd44b93d56ecda863f918707b80da80b1cb6bfcbd6d417797e4cd3ec6f72e04cc7faa483072d0303bc528800b068f64a239d7bed3feb08b2704ea5a5cafff6dbf633328a79d669a3ddb8f6f2e64ce6cc44bc19ee2fb578d39326ec061adf99c869efa3e732131f7a9ec9ad54fd841cd01478c254a9f8ecdde65b04535292d45396918b1e682b47b7c509645f16513621b1b41a74e4e9b000d7f9b6a3b34ccadd83d9d42b145e65cb85427d6d9c5144b2b57c8848d58e0b1732a5eba06cca6235e5e714e62c7b8ce1", @ANYRES32=r1, @ANYBLOB="ffff0a000f000a000c000d0008000100667700003004020008000100fdff090008040200040402001656000000000000aeffffff85870000070000000400000000100000ff07000004000000830000000600000005000000000400001f00000000000000ffff000006000000a909000001000000060000000600000008000000000100004a0000000300000000000000400100000008000000000100200000000700000001ffffffae7500004a070000000000000000000008000000ff010000f406000003000000b7e1000080000000000000000200000005000000000000000700000008000000800000000900000004000000000000000800000040de000009000000600100000700000083060000ff000000470f00000400000000000000fe170000bd010000070000000100000001000100050000000100ffff09000000f7ffffffdb000000ffffffff02000000d4060000ff01000004000000060000000100000006000000e500000022e3000008000000f8ffffffc9020000a6000000ffff0000050000000180000001000000eaffffff820c0000ff0f0000000100001f00000004000000080000000400000001010000f8ffffff2b0e0000040000000500000003000000010400001f0000000900000001000000020000000060000009000000000000000800000006000000010000000300000009000000ff000000060000000100000051768d2b080000000500000071ffffff01000000000100000000000002000000ca0f000000000000010000000100ffff07000000e8000000ff01000004000000a25d00000200000000100000040000001f00000008000000ff010000000000000100008002000000c30b0000060000000700000080c4000003000000010000000800000059000000009100000000000000ffffff070000006e770000ff0f000001010000090000006f2f000007000000ad000000ff000000ffffffff03000000060000001f000000010000000200000040160000410a00000300000003000000080000009dd9000006000000ff0100000000000006000000ff070000000400000200000005040000ffff000007000000020000000700000005000000030000000100010006000000010000000000000007000000e4080000ff03000001000000ffffffff06000000ff0f00001500000094090000050000000900000004000000ff0f000000000080ff000000000800000100000004000000ff0f00000100000000800000050000007f00000007000000ecce00000700000004000000090000000180000007000000000000000900000000010000fdffffff0800000004000000010000000008000006000000ff0000000200000005000000feffffff01000000090000000600000008000000060000000300000000000100009039000000000006000000ffffff7f01040000030000004b00000077000000060d0000e60700001400030076657468305f746f5f68737200000000080001000600f2ff"], 0x45c}, 0x1, 0x0, 0x0, 0x4000}, 0x4080) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vsock\x00', 0x42000, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r3, 0x89e4) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000800)) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000740)=""/75, &(0x7f00000007c0)=0x4b) 15:30:08 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400", 0x15}], 0x0, 0x0) 15:30:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) write$P9_RLOPEN(r0, &(0x7f0000000180)={0x18, 0xd, 0x1, {{0x1a, 0x0, 0x1}}}, 0x18) connect$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x0, 0x2, 0x0, 0x41, 0xb7c, "c77720233af8f02b9a78a4fe816f0aee6aa02b9053ff7c282b2b3f124d2a546e7ab4e3c4f5819554e84326a45da028d3985a93ef4fbfa284bdaf03adef6984", 0x25}, 0x60) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000100)={0x0, {0x2, 0x4e21, @rand_addr=0xfffffffffffff800}, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e24, @local}, 0x8, 0x0, 0x0, 0x0, 0x1a0fbc21, &(0x7f00000000c0)='sit0\x00', 0x6, 0x9, 0x8000}) ioctl$KVM_GET_NESTED_STATE(r0, 0xc080aebe, &(0x7f00000003c0)={0x0, 0x0, 0x2080}) 15:30:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1005.374269][ T4168] Unknown ioctl 35300 15:30:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xbf00]}) 15:30:08 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x100000000000000}]) [ 1005.470792][ T4174] FAT-fs (loop3): invalid media value (0x00) [ 1005.498542][ T4243] binder: BINDER_SET_CONTEXT_MGR already set [ 1005.508268][ T4174] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:09 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x501001, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x3) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000001c0)={{{@in6=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@local}}, &(0x7f00000002c0)=0xe8) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x3c}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x26, &(0x7f0000000180)=""/38, 0x41000, 0x1, [], r2, 0xb}, 0x48) write$apparmor_exec(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="000c0000a929542d7abe0400"], 0x6) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:09 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) lseek(r0, 0x0, 0x1) 15:30:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xfd00]}) [ 1005.547753][ T4236] binder_alloc: 4172: binder_alloc_buf, no vma [ 1005.583044][ T4243] binder: 4172:4243 ioctl 40046207 0 returned -16 15:30:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:09 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400", 0x15}], 0x0, 0x0) [ 1005.615268][ T4270] device nr0 entered promiscuous mode 15:30:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x1000000]}) [ 1005.759232][ T4328] binder: BINDER_SET_CONTEXT_MGR already set [ 1005.782850][ T4326] FAT-fs (loop3): invalid media value (0x00) [ 1005.789127][ T4326] FAT-fs (loop3): Can't find a valid FAT filesystem [ 1005.799274][ T4328] binder: 4301:4328 ioctl 40046207 0 returned -16 15:30:09 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x6, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000040000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x105040, 0x80) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001400)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000001500)={&(0x7f00000013c0), 0xc, &(0x7f00000014c0)={&(0x7f0000001440)={0x44, r2, 0xa00, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x100}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x1) r3 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) r4 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x8da, 0x881) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001600)=[@text32={0x20, &(0x7f0000001580)="260f01be120000000f23b00f20c035000000400f22c066b828010f00d867260f38c9850000c4e205a8880050000066b8ec000f00d8b9800000c00f3235000800000f30b9800000c00f3235004000000f30c4e1ade28a00800000", 0x5a}], 0x1, 0x8, &(0x7f0000001540), 0x0) write$vnet(r3, &(0x7f0000000280)={0x1, {&(0x7f00000003c0)=""/4096, 0x1000, &(0x7f0000000180)=""/245, 0x1, 0x3}}, 0x68) 15:30:09 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400", 0x15}], 0x0, 0x0) [ 1005.826637][ T4304] binder_alloc: 4301: binder_alloc_buf, no vma [ 1005.850249][ T17] binder_release_work: 13 callbacks suppressed [ 1005.901283][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1005.937890][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:09 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x200000000000000}]) 15:30:09 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x101, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0xa0, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @empty}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0x6, @local, 0x8}, @in6={0xa, 0x4e20, 0xd9a, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x23}}, 0x5}, @in6={0xa, 0x4e21, 0x0, @loopback, 0x7}, @in6={0xa, 0x4e21, 0x7, @rand_addr="21146ac511bf2547217d129d6ca1bb8d", 0x5}]}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={r2, @in={{0x2, 0x4e22, @empty}}, 0x2, 0x6, 0x7, 0x9, 0x82}, &(0x7f00000002c0)=0x98) 15:30:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1005.952686][ T26] audit: type=1800 audit(1553614209.430:81): pid=4418 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17244 res=0 15:30:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x2000000]}) [ 1006.044011][ T4429] FAT-fs (loop3): invalid media value (0x00) 15:30:09 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'vlan0\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x3, 0x19, "f95a0ecb88334327418d1446ce186c9a59c198594a937a04b3"}}) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1006.087791][ T26] audit: type=1800 audit(1553614209.460:82): pid=4421 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=17244 res=0 [ 1006.092794][ T4458] binder_transaction: 2 callbacks suppressed [ 1006.092813][ T4458] binder: 4438:4458 got transaction with invalid data ptr [ 1006.108927][ T4429] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x3000000]}) [ 1006.163799][ T4431] device nr0 entered promiscuous mode 15:30:09 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x4, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1006.233344][ T4545] binder: BINDER_SET_CONTEXT_MGR already set [ 1006.264688][ T4545] binder: 4438:4545 ioctl 40046207 0 returned -16 [ 1006.302955][ T4458] binder_alloc: 4438: binder_alloc_buf, no vma 15:30:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x4000000]}) 15:30:09 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x400000000000000}]) [ 1006.347788][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1006.355781][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000007d000)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f00005f8ffe)='#}\x00', 0x0) ftruncate(r1, 0x40000) sendfile(r0, r1, 0x0, 0x7fffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x1, 0x8000) getsockopt$inet6_buf(r2, 0x29, 0xdb, &(0x7f0000000140)=""/99, &(0x7f00000001c0)=0x63) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x420082, 0x0) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @dev, @initdev}, &(0x7f0000000080)=0xc) ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f00000000c0)=r5) 15:30:09 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x1ff, 0x8000) ioctl$sock_x25_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@remote={[], 0x1}, 0xe, 'tunl0\x00'}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:10 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x400000000000001, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1006.586297][ T4574] binder: 4571:4574 got transaction with invalid data ptr [ 1006.594665][ T4564] device nr0 entered promiscuous mode 15:30:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x5000000]}) 15:30:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x3000, 0x54000008, &(0x7f0000ffa000/0x3000)=nil) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1006.629174][ T4615] binder: BINDER_SET_CONTEXT_MGR already set [ 1006.668579][ T4615] binder: 4571:4615 ioctl 40046207 0 returned -16 15:30:10 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x6, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0xfffffffffffffd42) [ 1006.699965][ T4574] binder_alloc: 4571: binder_alloc_buf, no vma [ 1006.724514][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1006.734063][ T4574] binder_transaction: 13 callbacks suppressed [ 1006.734081][ T4574] binder: 4571:4574 transaction failed 29189/-3, size 8192-0 line 3147 15:30:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x6000000]}) [ 1006.790435][ T12] binder: undelivered TRANSACTION_ERROR: 29189 15:30:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:10 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x4000000000000000}]) 15:30:10 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000100)={0x27, 0x1, 0xfffffffffffffffc, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x31}, 0x60) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000040)) fremovexattr(r0, &(0x7f0000000000)=@known='user.syz\x00') 15:30:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) [ 1006.990996][ T4700] binder: 4696:4700 got transaction with invalid data ptr [ 1007.066950][ T4700] binder: 4696:4700 transaction failed 29201/-14, size 8192-0 line 3179 15:30:10 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000007d000)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f00005f8ffe)='#}\x00', 0x0) ftruncate(r1, 0x40000) sendfile(r0, r1, 0x0, 0x7fffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x1, 0x8000) getsockopt$inet6_buf(r2, 0x29, 0xdb, &(0x7f0000000140)=""/99, &(0x7f00000001c0)=0x63) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x420082, 0x0) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @dev, @initdev}, &(0x7f0000000080)=0xc) ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f00000000c0)=r5) 15:30:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x7000000]}) [ 1007.111379][ T4703] device nr0 entered promiscuous mode [ 1007.123129][ T4739] binder: BINDER_SET_CONTEXT_MGR already set [ 1007.161352][ T4739] binder: 4696:4739 ioctl 40046207 0 returned -16 15:30:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x30}, 0x60) [ 1007.209132][ T4700] binder_alloc: 4696: binder_alloc_buf, no vma [ 1007.247692][ T12] binder: undelivered TRANSACTION_ERROR: 29201 15:30:10 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) fdatasync(r0) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1007.255021][ T4700] binder: 4696:4700 transaction failed 29189/-3, size 8192-0 line 3147 15:30:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1007.327185][ T12] binder: undelivered TRANSACTION_ERROR: 29189 15:30:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x8000000]}) 15:30:10 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0x8000000000000000}]) 15:30:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000080)={0x6, &(0x7f0000000040)=[{}, {}, {}, {}, {0x0}, {}]}) ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f00000000c0)={r1, 0x2}) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:11 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x8, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, [@exit, @exit, @map={0x18, 0xd, 0x1, 0x0, 0x1}, @ldst={0x0, 0x1, 0x6, 0x0, 0xf, 0xfffffffffffffff4, 0x1}, @ldst={0x1, 0x1, 0x3, 0x6, 0x7, 0x80, 0x1}]}, &(0x7f0000000100)='GPL\x00', 0x6a37, 0x1000, &(0x7f0000000140)=""/4096, 0x41f00, 0x1}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000011c0)=r1, 0x4) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1007.493921][ T5032] binder: 4999:5032 got transaction with invalid data ptr [ 1007.525357][ T5032] binder: 4999:5032 transaction failed 29201/-14, size 8192-0 line 3179 15:30:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xa000000]}) 15:30:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000040)=""/194) [ 1007.663947][ T5044] binder: BINDER_SET_CONTEXT_MGR already set [ 1007.679609][ T5046] device nr0 entered promiscuous mode [ 1007.738543][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1007.745633][ T5032] binder_alloc: 4999: binder_alloc_buf, no vma [ 1007.810844][ T5044] binder: 4999:5044 ioctl 40046207 0 returned -16 [ 1007.846729][ T5032] binder: 4999:5032 transaction failed 29189/-3, size 8192-0 line 3147 15:30:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x48000000]}) 15:30:11 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000007d000)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f00005f8ffe)='#}\x00', 0x0) ftruncate(r1, 0x40000) sendfile(r0, r1, 0x0, 0x7fffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x1, 0x8000) getsockopt$inet6_buf(r2, 0x29, 0xdb, &(0x7f0000000140)=""/99, &(0x7f00000001c0)=0x63) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x420082, 0x0) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @dev, @initdev}, &(0x7f0000000080)=0xc) ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f00000000c0)=r5) 15:30:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x11, 0x80806, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$netrom_NETROM_T1(r1, 0x103, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x4) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000002580)={0x0, 0xf4}, &(0x7f00000025c0)=0x8) sendmsg$inet_sctp(r1, &(0x7f0000002680)={&(0x7f00000000c0)=@in={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000002500)=[{&(0x7f0000000100)="ba1aede8afefe90debc86f27fba4f3c8f39666c337eab8c90656bb8edb8e098f1d0c5b82a05eee0b1acadc950b69329a96c31302a533c5909ca15917dd0c4f710f1f7e2abea04f42b69235366015e3eadf8157fbd09d0255f8fc2ee177a58faf2b7c982b61609ab6c851ed73131e4d4fe856e96b2296bd1d85f11ffc3f918df05b304744979aac9c7063a5026f1a68ff18bc4378a591d6c1fc4d7817d27c0a737539df79cc3974b542b03cb882615248d7b2ccb26b44be73aca0e5c88efca15789fb4f4a", 0xc4}, {&(0x7f0000000200)="143456586244d1f8fc27d52b988deab7459c081872d7ec0614854f28fb66518346385007faf4c15d4b23ef12a51881f3ff594641228df1fef0661b598661c000a346a758221b1b", 0x47}, {&(0x7f00000003c0)="549b822c5e5787276e2803c2eb1423e705af047cd319cc4c6d746196fa845bed20b56d41551f32978f69b197642491dbe4988493d222c35fd13d4933e7401fec417674df7a80d8427d955a25a57006b16a8b1e8e82dd66fbd1b742c0d5eb310d3c928b455bbaa9825184319b55ac6295b66f56067b585677d0849900f21e5a25c19d8d96b68dfba3fde37b7f07133014accad69deb0a6d8246cf1905d7e1d2313aa561e28a2ca638477986e53cec57c52acab0601d889103f0a42026f94e53b42c2f3f251399d486f6193e3ee7d5a7c78071572fe6b164e266b22692895e61283be781ba1cf6b365786079b294cb5375909f47a6f53f9199926122d7762e03a19f5f360aed71a1969b7afe70e439869e65c1098cf1fc5efdb6a4d8f7f8de42071fdac969a629703596d29440b59bb0d9162180982e212c6d1179382a164c112ea607caf0a212d3844616853857abfa3ada292564c8876ca0b2a490fe186e649d182dc209464be3bdb65f92d0c965093d69bf33e93367d5735ee68f9acdef4225a9b9148acb0bf4f8d1e762a650632e79a4eb5c2ee6f9448dd933439162f1f2b16ca79b749f40036ab12747be95870c4fca6507c27c41f4f725bb8da4338bd4adaf96ec461e3b0e8322ece4b1b4e9a984fc70c6d9d2b009372cf88859a7e7ee640bf917e805a7adb15a7d85a39cfcd39b08b5b3bb2fd23964a131e3db05dda30542420a8b6569ec317f5aef1f79ceb7fef1e924f65101a5f7eefebecf68e0605cc9fe4ef44436986715297cc4fd0c6491301b411aedec61c03d91c7559d01bea0ebbb3a028b2e7a73ae34062a2807b32c882d688af146597add6931a0bf33084fd55d5684bc50afdac9b5667c133c556a4d1daa96221398513218f68d5525532af3d600880966fe65dd0f7df4bf5fcb27be2d4de7ac8f6ac5351a1a4ae7705070ef18cad6afbe3bc1233358e90268a25d3d8a361d51063bd522f3e71ca9c69449e255aa637c25c3457c5656e25096218a1c069c679e74b2de07bcedd6d00e0f6b218a067d66cd53071ba777906dd8fb9a2ee29602f2732af38074825c846f2e0e4169973ee7d60b81de27161fc75ca2cecff2a32814f76cdcd69f81e86dcc82e32e300f389026889b112d3da6a510a8e1cd212d35a5a819ff1a3cbb05235f34a079b1d65d11a152da21b6445b21f0764e3f33622f421dc80dd4d10c7d582ca8528cbe3756fb92dcf5f4dbd916d946d16e11dfe947801a4d657fa1ac5e5b56437544168650c093492f23c658ac2906fe694b736e2faa35d410de15399440d08d722e881df0fa7f14b1dbba5271f6e2aa2a9a157c935e1b5fee65b33271576606bb8a00947c6935c4f235b5c4b182b304fd08153fdecb5299222b0cf123d293bbca4431906873936d83c669623e3afe88b3567eb8ec76ab5b2c3b5e39d981608a6742ca573642f6dddb1bc83218e391bef873492b147fdbce303c6bcc4aab9b0a5264bc39c163227a8fc9ba5135d117517f54f409e1e89a5eb4949a86e58d9374b4dae50933dc5359737c9fdf5701f6fa3c562d6d05304a05f30b04914a38c4f6b89149bec7992f4e4768c3f0854b102b9a3bb1b58957a18acbf4b3ab42f63aa29a6d5fd32d7e1982638efc66a96bc0e873908531743d215486c0eb1cf5ade7a6ea258576fa5e25a98344e53f629bf3fc169f97130e3653faf11a0d5a12a4fe318087f09938e30df628a3cc3045adadd153d83496b78f0187f70a2b421ad6d5ddf7d3099e4844c9b77632a900b0839dba7af891183cf7de58a29ee0b34aae8a6f78cb215567abb26c7e5f94473b4224bdc7f278e8a93c7ecb00cf03e4dcde78dba14d1eaca83a43214a87924e1ce0cc2627580124d7361501814bb7912144e18272095a7270af3ba1795c0b2af3bd882ea39770e7fca60747dae8fffc64c72f043ba6ee6b54db3bcbe31b222359a6db93c6ab3572d3be060b25e6e9ac5e52cdf459ca4ae945b0df3d9bf8315950539f1b70bc9a9579d697199ca049018908a060612566e342158ffc753d05463de62436e51d87b5b81726327d545162988f444688d4d7ed0fa11349efcdf4233458766d435f71381a53317376c9502b8b9bf02215695f85564ad930abbd63d86c20d53f286b4139487e18da958c6b3d41811010e803168112bc0b90345cf152aa2c59b4098d48b5b3830aa1d23292059fa248df48c786f552de017100b594b4678fe375e4b68cfc78fad3654d5779b620b09c976a58e969976ba399c7ebaef6cb20cc95d9f1c147e91c0b68dcd795e4ac5347f0706deea729f283e362a31b17dff686287884d202eb30aa6b084fe76dcef4b12ef882e4f6d5f53995d5df371f7e76a34c484ed42cd2df0e94d1367e16e7e3c753f555c5cd72cc300b953c80a1038003ddb78f926c148c1b82077acf4f7f02dcddc82fdc4e4fe7666d9b4145d6ada8bade8239896145b02bde3da27837196efb11daa2339eb733d695027230fa974c8363b39b9ad3c2789e5ff196da598653c7bf64aee23c976d279b1e7acbced9357d27b0801625b766b6fdaa41b703f7a85ed93cfa268098c17933449e63d8b24c739bb87d5d3d855465f87c2cf8ae8a3d6ddb48ed54d54141b14997f6582939be6a178ffb71266076c34537a79ff8a4558f4461fa4629f29c8889c8701fd127d0110ee2e95597e3a8be84b26587f7f657d1277596317a3c2e51f4f39a9d044e9b1bd887f9a6bc2debf6bbe18d7159635ff81656a2c045db0e8087f0dc6072d370116aea663cc27479140bf39538e56832843e83a5fae7474f57fe9e2a9e28f65b96a388fda2af0d55f38b5485eda4287b9c14a9cc23cf1124eec7d66efcc98ab98a6bcd7438ac744e4c72364c73b90337ade5881a7fdce85174149cf7dd173faa8aaddcec639a54bda0a5f06fdd645e1d7b06fc876d26c6caafa5ca9f64eb5c6d15a139ad3240d4ca34effc95caef74a26e89051702b4885e8410b5df0464cf5f7c95468a269d53591c47d5033499ab4ace531aa67c84e26c06f7a228fa4925fe0a99d1a9b0f9acfd3d5abc5a76be736fb059d569dea775e419be394619ef87dacdb5dd0292a97410939f4c6c51beb4ea32853170633e27d185bda690833c7a2ff4d20717eaa961e7765d5f85c10cc61b6082d8d90d66b5f85c76ae0ead18dbef5afdc255a7e517f2bb5f4e86976c1da78a8e256df478a446eac96b8ca46c1accc8e4627df9f5ae20b9bffd5585e3ac510d80c19242aa79a45ae2aeb6ed7639061464741b86936903d47c8e6c465d1a1c8852dcb83bb282ba2b3be736468a0d18fbfd4086e9b2d7f2a8ed4843d67e5a577eef446c4ce974aa5f36612c8f613bf80622259feac52c26be76a690388bb8961ee14328c7be0b7bf53ac1a1d10dcf29717fd331cb34ea9969b139592cf2f283d84793f72a48ba253081f91f33280ae70b68d633a663fbdbdd95eb31f5a42cf4b516a232d7d3eb265a2a95a4968b7d1f01c281a296c3b5ea16bc65468828920a7356cd4e41dc45ea703ece7e56e8ddd729436b2e70f10f737c0fdc3606a46fac16d093f4d0e41469e6aefaec8be50838801187cc2921639b01cc56dde508cb13e21e8723c3d5032fa7a99c5ec75953bebcf7e7fd55b7238db04e78e69b56a9be4498096f02cee2c00273a62c943db9b0c0104f7f68480876467fc1d5da6e06aa2da4ca6455fbd7c5ba7f5c440c6037e5c34b647c19c138c11d9683d5e69298e8dd8f3ca47cd216a03b5b6d84a778364243fbcda7c31b7bac20e5aa9f062f2a4a306d07415791ff9a3f34509d45895f082411f4c638fe13ef152d16c40ea7cb79701080d9e72ec280ec9375f096c403a98afca1c9cf2b2d076d302ec93e41d54c731b68fe277930bce2b9e56090ae269ca345ff7d47edda83452d99443dca588e31ffac4ad6e6d62832b556f6258e7e3d61f4d3269d45f4a708331b4caa3fd03bbeb281ea0b50f2e859a85cd9195f38c0e5ea3671cd24bc798c072f5e6b8d74b34194d1f5640baf80045e5c26ff774504bb07edb15519c09e2050f93e99b1e5433fe67e43f70c8ff23fb20c6541f43bce8f8f22c359031b9085b7d4e127b9b1446584dea726926692a4cb4c704c1f98ad4c52aac238e5d6eb1ccac7b4e1c295be9420b4085a46d5a7e7081bf12a1348264870f3f0f32f84a8878878261ca0e0def7687e41afaca97326775aa625499fd19c96b06a9e135580f79323ae7b4e5a228bce256887dba623422fd200d60d6a47cb474d343211139a6d1b1311528231fee3373d29c602130b053f4dcc6d48b163f7083352add1c2b3be1ee74b9a528334530426abfa896b4ed29ed8b1d7275fd2fe3f5418aec13b09a5beefe501ab69ac16b238774e130f2db85a86864649659ef6acc341e6737f2b90e19463ca6f235cd44ffcbe956983a74d1b3c8424a2ea6654c6b2a7655aa891be958ff16d0d071ded16b3e5985d32c33a21169c3b7b786e3c4c82335e4a2016e01cb2e8c7f5dedd4556c1ac901ba6d85ec3f65bf29a7355cfe49f1c5162bd1c26a8ddf65f30bd75cb13d548eccbf43e27e3cc84865385a4295ce49702e86dc609a94c4138be327c60d83b2c3db5b490db6517cb26b1909d1d5875e9830387c709edced83001589ab5d288a5c631ac52cfbeb9599ab18a5610d8fd7528d9f229391c035b7338c2227377e11a817052ae47330e7d0f9efb0d30f4cef6d62890d87f006716f3ad74d3ee673d7c91df7d1ec28a1e7f9327480df1162f80652996545a529fc3509fd7979da3f69928bd9cb1e1e6d7b9f149ac8550a8769a038a118bda6868e7c4f5dda818d6b1bef85743013a1b6fa951a5ceed082388800a55d7becb6980812aaf2eb9020d42e73e0eca24743d43b1600df99ae4330716c651b9c7295802900dd7ddb23b4d289629e154fdce330e1fea9bff4d05edd62e4c085b7af6fcc5f43e3898eb2908040b2a687a1192561a9860d06b7fcf0b9b731114a1d15ba21af88dbc6f25bdd261cf3059aa6fd024def8ec7827a00ba8c37bd44ad934da47e5d5f97b8f82be8f19ad21d24c18a094c228a5130a5eb824e2802ed7f04a416ae28acb69c086db555c55d17d4bd30851003e245df43f1a3b9b708da479eb3ad59c7102c4262c442e40f58379359b93a71e0c0c0202cf9fd0f6a46bea715bd0c831710b747dff8a775371236ed9e32ab3193f0f24c7dce86dee607f3461e8c02a007054bb52e5a0419bd79319828f1951efc6ca8f4d2565c54f285abd395b0508a00d21836acee9e0f19d8049f806e266dd2732f83d3279eef48df1d17313935e247c2cf2b9ec63b8d36f8c7ecb969c0c98006fb6a6d538ac3c63554a7e5b2e453fe18e3fadb1d590b72c8eb7ecff9451fe0c9300123f095deeb331ed75d118ad1b3e29aaeef3b3e0f1af47c9880118a7cb6c297f20b9dfa3261c958f9856c2edd5fae7d7906b37f3502036e268cbaf5835083b5b07dedf503fe059584554c0d62a30407cf8aa11a2e061a13af748aaf42e37228d1a370542a369cf76a26eb796039244ce24764681eb7714bd98b88fdf4541100782adf3586d2a99b44758e492c90ced83f7b54326e97f3ffd522373dea993989dc943fbcfc200002a6edce1b9154066a226ebc85c5f78e6f76f1b41dcc29257cd09ba77607af42891d5d36e4a4ea11c10a156082aadede534d2ae2e02077622fbe0c110ec39dec4633d96ff1c8ec2b09e6fa9e37a937a71206ff39971f79fef88d992e5dda77d7d487e165897e20ce471b34e8c31f3", 0x1000}, {&(0x7f0000000280)="ea440426cd05d928f7f4e18a0f3eb7a2437efddd9b0aa5c26a49c1e4ae508410a02aacdc8536cb53575f76d2666134d7b3c36eca51c3c5ab80c5b141206f3903c715799fcf16a9681d0353d51eb4ab7b6ed1908fc928b3b210d9c61ef0c53b1c8f430279bfa9a64f2ddc9a2901194f0408da22716911aad18e5d0350ae3fa7e5874faae5d0ee", 0x86}, {&(0x7f00000013c0)="11f1de967724b9e98df91050ac58bfc90e713cc5457a35c5018400c521426871c6bcbe00ca63575240e3734ecd07d4cc9331cad19e630175ff86888a5dc6e4ec8ac3f68b2d21461d92d82f735c3274e08003acc3ccf747f357e8efe35952fec3d56f32a3ee38ab7b74fc3a7f18235956c273d67a27c7754f617d35bf150422a32c3c81bfe4e9089a7da329a3faf892155bacb4fa9bbc8338df8b95de0ac04b97a2f6fd47049b036bce70ebbe147579042cf02dfff51921d748156cd7e5c4d7ea8a229f", 0xc3}, {&(0x7f00000014c0)="afd4dfc394ddf8c0985bd1e44484657d347c87795cfcf3a7d46cf07ded3a8554d3725130d874a68136ba64d0eb4938fcb7d0b732587aa56db2b06dae42300797ec3a4826d416116a628cd4b4d13f38b11b0293812848723973f7ce5015a595bc1ca47d9888930af067dfb847a7361588fc10e11f29b45fd58982c0ec9ff46b52ab5a59914f9578e1bd9a30b0ac76ca2a736a917181c20cf9fbb8dc50c5adc4f66524d510fd3049fb79e98c31ceab89e5a8c6bd51beccd6e52c14cd22eecba3b99d48beaccbd7db26a679ac56ea6ea419bcb7c980aa9fc6f5d8542647e693bffffa1a38fc19588fa92ff57a1c8978b9240af6043f678bad9c4e0be90998ab7c3e98372fe0f779bc56772577bc16b78ad947f4d806909ab721b88c3d5cf4823b08c1b379641466a1b5111e2ed42c3ebf96f4fe1f2eb60e3ffad8953037374c7d0fb07a3e82841b3f50ed7761afceb16a0b5f02b3e8f6eabf798866dfaad286ebb320ed92234b51fb254a4dbded40dae0b14b60a7f6573139591d447ae149c1851a90d63253883a5f3063e786119ade9b50dafb043f623d005aa4cf8b0e46239a84140064a1c12e1bcbc3092918160b27fabc67a8d5d61f72b26c3fa54b32980ee138e9aa31a08cd4aab2c04698f48d2fa42e9ccf4637299dc013303ca3e2178feb374f8ff8f307d23ad55957d20bb28a06f2510228df72aa8d6d0465adc077b164a07ff23fbe7fae07f3117fc084c072f28df9b5649f0d7edffaa362f87bfaa09373c49701aa8a9349371339f156903fbf41a13e0e431f26ed4cb4142c1c30d9c202c36e0becca84b9ff04865e372d669fe6f890ab5969df173b789900a4210e19df3fc548c5eeab57d5594b242e37031f2fa766ef1f3ef8cf923acaaa28c62fb4249c907f6bfeb270148214652a81bd3dea48098bcd2da711e0d195c841a276888a2321d85573a862e679835c4e7ed5b687a7828ce934678ec2925a3fbdabc7449e39ff3069e00fda9124864d8247200af11a08d3e5ff615d2d73ace58c5fdfdaff882e1edcaf0a5b5a43e0e919ac420355c8c111bbff00cdf2b2a91c7fcfa9f02bc7620058296e2477f9363458495c5a2b5dd1b10b9565db1bc1346e8c27790f3b4ba6803b7a332458a6fa4c6620145d4a3d4442a170806c9e5d5b1f85168f3ad9799d5867d2c956e3c6d19da4d554e4b90703d6969a66d3c5e90e1e09b36bfed716d8882415c0563db334afb82ffa550db84656e37d1063e412b63fa76a40c5d3a80c7b55c0f40aedc00ef6e9e75c23b344ca468eabf88a0644ba4bb2a8906eb829ca8da70d7e95884180647aacadd68a3e0b18c315ed30c9c62355e23a32f5a319cbcddee55ab2db807f9b1a9e5d12a445305762a33a2d1e0c06cf0e0861b1e1246d910e4530c544b38447c428b0bad503c7915cdc09ae2ae552270cb4315604b96a823fd6cbc4d71ccabf27a6ca6558d39d381fcbdbda631d4569cd662b9543d58e713ddf3f189b615928fbbbcca7ac0a92dda9d93b46549449dc64f60b4bacd936384973aa55c5f53066d20f1d818bdba17ccb1160365a48749114563af563ac46c25645a259e444a992de7ca6f8f88c7b7795a2f4bafaa0abafaa59c26e1aa5baf0e076c748771d040dcfe729816612b74f9b7bae41bf01ec2b26c2aa5fe7224fb7101264f78e8ca2f1781847776748d423f78625ba0e2242258589c58d155086d1076e6dc28a14eb518de65a619c0a08ea0cd6b5edeca62ba861495382af34c59b5614134eb033713151cc454cf9eaaf3bbeb6561096da7cc6ea3bb13adef7dc1c04053ff027ad41a0a6e26bb8fe864654b7a7658e56315b886beeeb689f580406192fa56dffea6ac8b0ee711caf4ca874719f3d6d8b4847e588db96cb30db296f8db434958a357d6389a6f961146deaf2384a419d076e12af367b004848eddbfaa63936d72f917cccdb71b06552345d5157bb20bd1a19b236ba578ce1449e0db6f2c9c74c60f4ed12cfbfb60dac5fe75c6060e265a6d23c89235e2102fa036a1e2264d19107909f91007ba76466eaf8e65277e629e09daaaca5e4161e8d3fd0f939b7dd626d42d2fa5480ded3465ca6694e17d251d5405392bccdab2d0aa9855eab00e1a2adfb9c1490be6d06c67a7b54464e9e19936b7e23d9e13bfe75c37856483d4cdf51173ef67298113c78e9109f32f23608b74a0324dad9d70ed2c95324391259410ed6cc7627c9018faecfaf66aa535cc47906ba79d0129f52401cddb7b9a164822010900c0e38956ccff76c864b97625e7adc5d8a17bafdfd1a7ef02ac9030e18bad22e395600e1591ce526fbc5811499f475fa49330606f43be1a69b3197d4bb1f7341aef187ff38ecd77bb6902e0f1be1aad05108db0a62e6e29730d00bb6a75bd6380e9941e0acde9c803530839a2cd97c22b3e73b700a10acac4f2bf4d0ca6e8a3089284bdd0faa08b7669c2e72d70219f17d5317eef978004c87e01560496ed94e2379e54f113fc2f921da5941a0a49a26c3d73a1d542916318c67aa462da5355df73b2158a2464ae76fdd6df85a02933dc4803825278cffba170e9fb5c11da29c910a343a7418dbb35ffbefff45e73a7e2ebf7a4bb0c4746a057bbda20df7ea370b46165f983df0589c6d10b2fb5c9dd67a47bf737364ab14718b8b888a0cbc7c046c8373fb8361d2a7d12e916449165a9928426980b121ec3f2a6bee14845f3dab38a523b640e456183b6f045f046759ca89875230141546096bc4c39a515f0d59f8013c1ed0d1d5cf7b11a8be166d866f8a9a89299aba96266f665acabe5648fe2598a1c33f6efe040b4cb2ebe321c0eae1b42d21adb8bfaa2f637bd3cbef2bc13c09249b585f5dace8c27a061bab6371829be84a14aae01b86abea4931432c273f7e9f843f22fd84034dd427ca50e202dc523fe6e217442027bbd0669cd58e92445e0b6c833369092ee0f08a027135585fb662441e9e395f60dc92ad41844e0eed2c81122b3fc8b15419d73578760d10ed8114d55bb546a0dab9f004129b94491358fbec5d744b4663c2943fd50fe157dd449145c4d7860cba2b70a03b168c82632ad1185061889692872f671a3ed80dbed7f763d31d9b10ba9ff2256f947368021ef32227809b92a0cd233e76afe92513f5fe579dc0fc9ed38929629144a7dd6f6cf3a60fc1b65ca783004f3fb8a07c052b8cdca5e60a309bdf08d15e25cfb272e0ed19f9296e4fd83f7f5c7d9c41339d476c0b7df0902db89e6ad5dc54bafcb36248c7e695e0119e21d8c4c553f71362af89b030eb712978d31742b2fad90a4eb961eaef997de14e9a92d27f8e52e1a93357836ccfba491e8e295f645094af3eaec7a10617c013b8a27d3647674726490a81aa295dcb2f5c9b477d6bd56d493246235b204325240ed213f2984f5f1481388088eb188b59e61883b1e271a0eb8c18b9aa21783781fbb97158dab9444bfcaeda968cbb67035434942652514a1f241d6f34542bb908206c9b4ec2460fbb27759258cd3cf1271e28572ffbf3b356a887f182b96f68cdcd65ee7378ebdecf1fd9eda4c8fb00e0c7969884ae7d64d82128e1cdc0fbfe45a09f3e0c39b8ef583ac411012f4032da149cd9d1bb8af53935da653cdd53c00b3e615d804363c344963d8be3827dbb4f78f9eb971a0e511cac0373c81e2fef7c752abffb6373e5babf7cdb0ea2ae44ad44c96d5ec2aa508feaceceb0e3ca7ca20c9995450ac7c2164a27f8dc4be73346bfa3ebae7a738f87a4e88fc0cc26e1cf7c31c211cd4dd84a9b722c057265644ddfde38afc826e1a3728ca403bb5521ba3ad6a3852217caffa2ee5dd7495ad8975e8d66b2dc29c831787ec106d5546cbb1d2b6a0c9c5f6237a038f3cbea9acc94c21171adea578f22132362f0cc198355e9b2672d3fdc4a919a3accb6593f7c22f93d052989056d41f9f0f13d0550929367f6fdb2c3878b22af198cb4eb5c0bb8e592c5aea0ad21f2772ee63882cbd2d2a737da4f80a5b0092e343102fddaf1939568c4eec5ea4033b189e39aa438da63d379482b4fba8a564839e019ae295f8b5b7dfc1e213225579bad96d43811fe1decc426eafa03deedd657da4ca074f73541766e7199c5c4757892eedf712bf9d2679867b1027187f1362d98bfab3d4f59a39473740ca7582703fd5d1b9ff046b3e772b1b73e1a078bd7ca1011d3769e4048633608d6b7c709ae6a9063ee0a6e903adbc4ad1a244f123cf928ea63a184c95664a8d5e20aa9957dc393130e0fbfda66d50409fd496b115b94ac4d085772696e6d634a9fdfc8d7a954e4ed2e90c078db6a95dfe3cd506af0d4867df86c53e7c7fb1c4f040da6af401f4ee0e0a5642c2580e188f4af6849680986b47573f2f0faff66d54234fb58901fb6eb7265a8bef883db3ddaa3ba5f0c9e2eab96a418a1f96bfef7a9b492ab7f2a06a014ac6eff2b9a8a35d6118b5f1cacafc5156aeb13bac695e175ef3c14c73b94b89f607f35969ff6b2d55c095ab20475705d2d7b72cb532f81bf548e34f5aaf6b7ef9bbac5836290d7e8f26217a4de0c00cae49d8b7d54d074628ea9f25aa57af3db5019aad9dea841cf98cd1230a646dc4b22502e34258a3f21a9abf4fbcbb9f510447000fa19767622bb544407a9c90678735c9eb99e85cc2fdfedde9dff9768a32a11ac4011f2866269df6ac6062b2e4807281f06421c7209acffc9e8b1da5cd2652871123208b9af674547e833ea387bac39273e972ecbdf84d27c6ccafa52cef9c8dca3622ca5b28dc596925cd6102aef88a1fcfead644248e5b450fddb34fb29378098f71ec17f34d642c50bdff2fd20655491f0482ae3f704028d03e53190e83d934a9416168725f96b48f93e919290f3159e5a8dbc9c158fbbe4959f1aa837904eeb147f7f3c4aaad66dd5c3a4e14e2715438080b10a0d4afec53ab34412c9018a50a33ecb77417b7f4935f11a67d3855a2148504106930d46a51f86b80745f4b8c69bd78cb0a89be222948b6533609d13956e8e831e7ae2574164c568f6bf2643106b56c3e7376bc5a9ae116bde416a5a107719c83e29738ed4566a1a38b69762facbf0369658be3cc2119c3efe562e7fd5bb07ebc358fcc20a7b46f9473a879ffd42a02b154a952d10191802a94063364907accc857a646fea774a04a0eb67640b91dd903293b2d688d77bd4a04f10ff7bb44722cf26e3166113ecbf97614d8bd473783dda4b406c0c13b85ba583d83793b16a594b827d898bffe4b1f73b4fec987997686056749b59124135bec1d889bae90c2833cff529017476d851504e52b0cdb557c3956d67aa7400c8aefedcbb51e585b3bbb45543bbdeee917be7091cf918fa259e10eebf4b1b8fe3e583b7c00cf51d96e03fdc908d184c7a01ed25217625457675809286364d64904c934aa397e1dfb9529029c56a23a2edbbf8ec4338b9b8e9610c3ba4341b32b63c89e4cc88850a11e0424db9077c07ac826f5629984b3229a6179d036cd482bf6ca3d9403e820fd00b0229332da781bb2dbbeda3483c8d0e3665e42b7616a6930bc80a6ea62704e73c325c9b8863344d39c9c12231846df689146dcc494c4b676bd0898c22023e58c2acc7ad37066686546d5f7c9ac0571ce6111910e5610f0fa080dc4bea45ded9b0460ac59934463d5ef6417080d8ab8c5c0a11ba35e06673f9b7a4e042f9f8994ec797fa6b90a690b0eb91275067fc0cd8b41f9e3cfa6f80216ffca77687d4963a2dcbd255ea35381a75d1a3d48b755ae18b154a6650bd2d", 0x1000}, {&(0x7f00000024c0)="68a1f6", 0x3}], 0x7, &(0x7f0000002600)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x35db}}, @init={0x18, 0x84, 0x0, {0x1ff, 0x100, 0x10001, 0x1}}, @sndrcv={0x30, 0x84, 0x1, {0x400, 0x3, 0x820a, 0xff, 0x0, 0xbd9, 0x6, 0x1, r2}}, @dstaddrv4={0x18, 0x84, 0x7, @multicast1}], 0x78, 0x8010}, 0x40880) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f00000026c0)={{0x20f, 0x8, 0x81, 0x1, 0x4, 0xffffffff}, 0xffff}) [ 1007.860379][ C0] net_ratelimit: 24 callbacks suppressed [ 1007.860387][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1007.871887][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1007.888674][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:11 executing program 0: bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@dev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@dev}}, &(0x7f00000006c0)=0xe8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) accept(r2, &(0x7f00000008c0)=@nl, &(0x7f0000000940)=0x80) stat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x3, 0x5, &(0x7f0000000480)=[{&(0x7f0000000140)="cf3cb1510a435489c5f9f8bfa73c8f899148172fb295809defb3ec29f9d25611247fe4310c42c120d9924633665d697b37dc997ba498c8c276305988686f9ac208ec082c20c6fb02a67ea84f611013a26d421fdf32dc002ef679ac2eaf68b05ebd9f163891ad0a6edfef8c8e76de8e53da77c6394428dabcea739d9fb128c6eb7fa6019007e9ede20a277f661c2748d5b857bb24d3fcda3074bad4655d34b3611f2f18527537e5fc8540e0d4f78e07db", 0xb0, 0xe8}, {&(0x7f0000000200)="caef3d0b", 0x4, 0x52bc}, {&(0x7f0000000240)="4f3f4dc497f1e0fc4f0a70eec60594b29516b81c5e508511fed008e5d1f50ce4e07628dbf8b50d1ba3e122683b20b0771be0cf1a735f83a18fc8e930ef9aba1d729de36e1974703a56985b393ee10f8c45c6f3adeea1872fadcaa52ea3b62a508823dccb09b7387077fa45b5174410f97ce650e31f6e8175cd417b7a1240f467047b57e4", 0x84, 0x3}, {&(0x7f0000000300)="d1c2c2e6cb4eb29661c3d3ae180d757403e42ce8af85909ba61e8c3de21c0a4cf5fc81c699a287e3172a14b77ca5555ba162079c0e4aa9bd4c3b787283be1cbe878dce03e00440bc0efd6c2a3399c44e5661fd045619", 0x56, 0x5}, {&(0x7f0000000380)="630446a03e710d4801c4dce31a8a7ef315c9205cabc5680067b7c274bd9242a39db16f0dfd9f4c49f6a49598241edae0e74ba9d4455fb9c19ad7f9d15d9f77f458293b61e81e63a6283e508c2dbf3f27474088d30efea768caec4a6e265524878392ecd232a639471672dfa8fd44e83f25dacc6f07d8bbe73c79b4d55197ac8acea752dfd7bd2b007ee0712d33a4e5c35ca62e9c9d7937a8f2a2f530c5efa83911cd3341e1702bfc0cd736a4887f173d837cdb99264b88dfc40e5ad2f14c65f62f3c270a84821b9b9baf8a6dfc30b1bcc64e178eb71c5a58dfd5ed4081a64b94", 0xe0, 0x4}], 0x800, &(0x7f00000007c0)={[{@part={'part'}}, {@part={'part', 0x3d, 0x800}}], [{@euid_gt={'euid>', r0}}, {@fowner_eq={'fowner', 0x3d, r1}}, {@fsuuid={'fsuuid', 0x3d, {[0x77, 0x65, 0x37, 0x64, 0x62, 0x32, 0x64, 0x79], 0x2d, [0x39, 0x31, 0x35, 0x76], 0x2d, [0x65, 0x77, 0x64, 0x67], 0x2d, [0x32, 0x38, 0x66, 0x61], 0x2d, [0x61, 0x3f, 0x0, 0x3c, 0x31, 0x37, 0x62, 0x76]}}}, {@euid_eq={'euid', 0x3d, r3}}]}) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x3, 0x2) 15:30:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:11 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0xffefffffff7f0000}]) 15:30:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x4c000000]}) [ 1008.115944][ T5176] hfs: unable to parse mount options [ 1008.119557][ T5194] binder: 5168:5194 got transaction with invalid data ptr [ 1008.150496][ T5194] binder: 5168:5194 transaction failed 29201/-14, size 8192-0 line 3179 15:30:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x5, 0x101) ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f0000000040)={0x0, 0x0, {0x6, 0x5, 0x100f, 0x8, 0xf, 0xb, 0x3, 0x7}}) [ 1008.187404][ T5319] binder: BINDER_SET_CONTEXT_MGR already set [ 1008.241053][ T5331] device nr0 entered promiscuous mode [ 1008.250183][ T5194] binder_alloc: 5168: binder_alloc_buf, no vma [ 1008.254348][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1008.260491][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1008.266196][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1008.271985][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1008.277762][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1008.283511][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1008.289211][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1008.294915][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:11 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$sock_rose_SIOCDELRT(r1, 0x890c, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x9, @null, @bpq0='bpq0\x00', 0x2, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) r2 = dup2(r0, r0) setsockopt$inet_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000140), 0x4) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000180)) ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0='bpq0\x00', 0x101, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x9, 0x5, [@bcast, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}) 15:30:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x68000000]}) [ 1008.414035][ T5319] binder: 5168:5319 ioctl 40046207 0 returned -16 [ 1008.440108][ T5194] binder: 5168:5194 transaction failed 29189/-3, size 8192-0 line 3147 15:30:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f00000000c0)) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x4000, 0x0) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000140)='team\x00') getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000001c00)={{{@in6=@empty, @in6=@ipv4={[], [], @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast2}}, &(0x7f0000001d00)=0xe8) accept4(r1, &(0x7f00000051c0)=@can={0x1d, 0x0}, &(0x7f0000005240)=0x80, 0x0) accept4$packet(r2, &(0x7f0000005440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000005480)=0x14, 0x80800) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000054c0)={{{@in6=@mcast2, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f00000055c0)=0xe8) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000005600)={0x0, @loopback, @local}, &(0x7f0000005640)=0xc) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000005680)={{{@in=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000005780)=0xe8) sendmsg$TEAM_CMD_PORT_LIST_GET(r2, &(0x7f0000005980)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000005940)={&(0x7f00000057c0)={0x16c, r3, 0x10, 0x70bd2b, 0x25dfdbff, {}, [{{0x8, 0x1, r4}, {0x3c, 0x2, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r5}}}]}}, {{0x8, 0x1, r6}, {0x8c, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x78, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x10000}}}]}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x8010}, 0x8a570f24a0e4bc77) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x6c000000]}) [ 1008.654848][ T5502] binder: 5500:5502 got transaction with invalid data ptr 15:30:12 executing program 3 (fault-call:0 fault-nth:0): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:12 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = shmat(0x0, &(0x7f0000ff7000/0x7000)=nil, 0x3000) shmdt(r1) 15:30:12 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b, 0x0, 0x0, 0xffffffffff600000}]) [ 1008.738149][ T5502] binder: 5500:5502 transaction failed 29201/-14, size 8192-0 line 3179 15:30:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x900, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000001c0)={0xc, 0x8, 0xfa00, {&(0x7f0000000040)}}, 0x10) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1008.806388][ T5517] FAULT_INJECTION: forcing a failure. [ 1008.806388][ T5517] name failslab, interval 1, probability 0, space 0, times 0 [ 1008.822772][ T5519] binder: BINDER_SET_CONTEXT_MGR already set [ 1008.838676][ T5519] binder: 5500:5519 ioctl 40046207 0 returned -16 [ 1008.848850][ T5517] CPU: 1 PID: 5517 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1008.856763][ T5517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1008.866829][ T5517] Call Trace: [ 1008.870137][ T5517] dump_stack+0x172/0x1f0 [ 1008.874475][ T5517] should_fail.cold+0xa/0x15 [ 1008.879082][ T5517] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1008.884899][ T5517] ? ___might_sleep+0x163/0x280 [ 1008.889749][ T5517] __should_failslab+0x121/0x190 [ 1008.894715][ T5517] should_failslab+0x9/0x14 [ 1008.899226][ T5517] __kmalloc+0x2dc/0x740 [ 1008.903469][ T5517] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1008.909725][ T5517] ? fput_many+0x12c/0x1a0 [ 1008.914143][ T5517] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1008.920493][ T5517] ? strnlen_user+0x1f0/0x280 [ 1008.925182][ T5517] ? __x64_sys_memfd_create+0x13c/0x470 [ 1008.930730][ T5517] __x64_sys_memfd_create+0x13c/0x470 [ 1008.936102][ T5517] ? memfd_fcntl+0x1550/0x1550 [ 1008.940866][ T5517] ? do_syscall_64+0x26/0x610 [ 1008.945543][ T5517] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1008.950920][ T5517] ? trace_hardirqs_on+0x67/0x230 [ 1008.955966][ T5517] do_syscall_64+0x103/0x610 [ 1008.960566][ T5517] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1008.966476][ T5517] RIP: 0033:0x458209 [ 1008.970376][ T5517] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1008.989981][ T5517] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1008.998394][ T5517] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000000458209 [ 1009.006358][ T5517] RDX: 00000000200001e8 RSI: 0000000000000000 RDI: 00000000004bd167 [ 1009.014336][ T5517] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1009.022300][ T5517] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f70dfade6d4 [ 1009.030265][ T5517] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x74000000]}) [ 1009.056645][ T5502] binder_alloc: 5500: binder_alloc_buf, no vma 15:30:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x80000000000000, 0x4, 0x4, 0x0, 0x1c, "780cd08dfcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea999350170af000000000000000000000000008300", 0x1d}, 0x60) 15:30:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1009.098197][ T5502] binder: 5500:5502 transaction failed 29189/-3, size 8192-0 line 3147 [ 1009.126342][ T5516] device nr0 entered promiscuous mode 15:30:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x7a000000]}) 15:30:12 executing program 0: fstat(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r2 = getpgrp(0xffffffffffffffff) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000100)=0xc) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={r2, r3, r4}, 0xc) fcntl$setownex(r1, 0xf, &(0x7f0000000080)={0x1, r2}) 15:30:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x240, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) [ 1009.284761][ T5637] binder: 5634:5637 got transaction with invalid data ptr [ 1009.301990][ T5637] binder: 5634:5637 transaction failed 29201/-14, size 8192-0 line 3179 15:30:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xbf000000]}) 15:30:12 executing program 3 (fault-call:0 fault-nth:1): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1009.346236][ T5698] binder: BINDER_SET_CONTEXT_MGR already set 15:30:12 executing program 5: r0 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x2, 0x2000) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x2000, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f00000001c0)={0x1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r5, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r2, 0x0, 0xfffffd8b}]) [ 1009.395857][ T5698] binder: 5634:5698 ioctl 40046207 0 returned -16 15:30:12 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x6, 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff}) write$smack_current(r1, &(0x7f00000000c0)='\x00', 0x1) bind$nfc_llcp(r1, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x1, 0x8, 0x1, "7c7d605a985b7e643f608c2553270b7be24ad0481fd28ef1a8b205c7e8230bd2015e72dada2a980beb9ba56653d923d249afcfca25c971f9290c1bbc002b45", 0x32}, 0x60) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:12 executing program 2: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80000, 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000040), 0x4) 15:30:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1009.465514][ T5757] FAULT_INJECTION: forcing a failure. [ 1009.465514][ T5757] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.530691][ T5757] CPU: 1 PID: 5757 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1009.538620][ T5757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.548680][ T5757] Call Trace: [ 1009.551987][ T5757] dump_stack+0x172/0x1f0 [ 1009.556333][ T5757] should_fail.cold+0xa/0x15 [ 1009.560938][ T5757] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1009.566763][ T5757] ? ___might_sleep+0x163/0x280 [ 1009.571637][ T5757] __should_failslab+0x121/0x190 [ 1009.571657][ T5757] ? shmem_destroy_callback+0xc0/0xc0 [ 1009.571682][ T5757] should_failslab+0x9/0x14 [ 1009.586465][ T5757] kmem_cache_alloc+0x2b2/0x6f0 [ 1009.586494][ T5757] ? __alloc_fd+0x430/0x530 [ 1009.586527][ T5757] ? shmem_destroy_callback+0xc0/0xc0 [ 1009.595903][ T5757] shmem_alloc_inode+0x1c/0x50 [ 1009.595919][ T5757] alloc_inode+0x66/0x190 [ 1009.595942][ T5757] new_inode_pseudo+0x19/0xf0 [ 1009.606062][ T5757] new_inode+0x1f/0x40 [ 1009.606080][ T5757] shmem_get_inode+0x84/0x780 [ 1009.606104][ T5757] __shmem_file_setup.part.0+0x7e/0x2b0 [ 1009.606126][ T5757] shmem_file_setup+0x66/0x90 [ 1009.615112][ T5757] __x64_sys_memfd_create+0x2a2/0x470 [ 1009.615130][ T5757] ? memfd_fcntl+0x1550/0x1550 [ 1009.615146][ T5757] ? do_syscall_64+0x26/0x610 [ 1009.615170][ T5757] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1009.629444][ T5757] ? trace_hardirqs_on+0x67/0x230 [ 1009.629468][ T5757] do_syscall_64+0x103/0x610 [ 1009.629498][ T5757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1009.669633][ T5757] RIP: 0033:0x458209 [ 1009.673531][ T5757] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1009.693132][ T5757] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1009.701549][ T5757] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000000458209 [ 1009.709523][ T5757] RDX: 00000000200001e8 RSI: 0000000000000000 RDI: 00000000004bd167 [ 1009.717555][ T5757] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 15:30:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xfd000000]}) [ 1009.725527][ T5757] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f70dfade6d4 [ 1009.733499][ T5757] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:13 executing program 3 (fault-call:0 fault-nth:2): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:13 executing program 2: syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x4, 0x20000) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffff9c) pipe(&(0x7f0000000100)) openat$vfio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vfio/vfio\x00', 0x0, 0x0) socket(0x1b, 0xa, 0x6) openat$autofs(0xffffffffffffff9c, &(0x7f0000000580)='/dev/autofs\x00', 0x40401, 0x0) creat(&(0x7f00000005c0)='./file0\x00', 0x100) r0 = syz_open_dev$admmidi(&(0x7f0000000600)='/dev/admmidi#\x00', 0x9, 0x10000) accept4(0xffffffffffffff9c, &(0x7f0000000640)=@nfc, &(0x7f00000006c0)=0x80, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000700)='/dev/btrfs-control\x00', 0x400002, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000740)='/dev/vga_arbiter\x00', 0x80000, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000780)='/dev/null\x00', 0x200882, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/vsock\x00', 0x101000, 0x0) syz_open_dev$admmidi(&(0x7f0000000800)='/dev/admmidi#\x00', 0x757, 0x60040) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000840)='/dev/sequencer2\x00', 0x200000, 0x0) syz_open_dev$media(&(0x7f0000000880)='/dev/media#\x00', 0x2, 0x2) creat(&(0x7f00000008c0)='./file0\x00', 0x4) syz_open_dev$swradio(&(0x7f0000000900)='/dev/swradio#\x00', 0x1, 0x2) r1 = getuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000300)=0xc) syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000080)='./file1\x00', 0x2, 0x5, &(0x7f0000000500)=[{&(0x7f0000000180)="190c6c12fa75865282f03a913d9c55d3923de00c08db38b8c865f06a46ad6a0ddf32c5fb81cb7eefb80454eb79fdf8f2a751de4ef46f21e1ca7f5f71aeea11051cdc6624e056ca42b29c005821165e6930f02b675d78c63300527703c9e664e079e3c965c7c6881f6f601afd010a13313d5558915d2249a696f8cdb830dac99cea77e79f862062a7132b24fc79397977fdf8aed20706af031ce5de4fbd94ef66eae314efabd8b0397325c0a22f6add9abec4422dda056eba7ff5d2ddd5f47b1283745e32f7bc0fd15897ca", 0xcb, 0xd35}, {&(0x7f0000000280)="8e1e6b7a645015edb99bf7dfd134ec46f4a02ab6e9c6b7250133ba7201010579aef876d78a49927dede953092788fb56f31a349edfaf0e9df3bb238e491704a3b9", 0x41, 0x4}, {&(0x7f00000003c0)="5980fc6051478f3f2f7c87e41caadff02780a54a6243d728fa261032b8bea8cd14e240d287417ac65a65415eb90017dfa609ff89683d9c27aaa82ec4144a46e71b91bc72bfe8252d12fc644b606b898ae7dd6a846f16071327bf485782afb3799e3a80c426b1237caeb83a18f8fbc0615f4413383a2ce859e52b0f16cca16082d0ce6c41aa532b96308a119ddb8ade8a965c7129b1f10e8556becf842c0866d51c585e58a002c6093a09bc806945f93120f4156cb7c4499cc7842de93d6df9dd", 0xc0, 0xffff}, {&(0x7f0000000480)="1101451f28ff93f4f3b9fec315744884621abf59da4bf3951611464f82826f797969d7bd0122848cfe51424945991cd4d754d45dee6e4c69524dedf0f41a1197d1ea8f24b537f870d89c11fcc48dcf5d4d4327323711c732b580d12346d1d5e72cf3f4d8e67f5b0a86456214845c068c861ccbebd26f402071230bf67a", 0x7d, 0x1}, {&(0x7f00000009c0)="a688e33dee23fa53cbf10165cac5ca3bcab137f5f4bd9c4a6b98d39216784cac6d29b17191e1d1a374a6939e9082ba786aa9ab726461ef9e5f0d3f2327ddac1724c277e13aff5c6d11b0a35d638a6315de54c4ef77d655f317b9d50d762d309f2a0970e84d96b3b0325fe952e0a0b44e2176d3fabcde8d53574a6afe6f97580e3ae63356a9cc4c48a7ff4217812ee6236ee694835bde9c12b3c14df9bdd63f7ffc0ab5d130d5d6897c5c88dd34f85ea99bd616009e81c5a07b3d562ca62fec9e70c9ac244462f00b5636a82f034c4ee039a3f19468b86d45e90b817087042ceeea5c12faed2881d229c07fce5d037d3e6a646d455e8f6dea10da5021c124", 0xfe, 0x8}], 0x800000, &(0x7f0000000ac0)={[], [{@fsmagic={'fsmagic', 0x3d, 0xfffffffffffffff7}}, {@fowner_lt={'fowner<', r1}}, {@euid_gt={'euid>', r2}}, {@pcr={'pcr', 0x3d, 0x38}}]}) syz_open_dev$amidi(&(0x7f0000000940)='/dev/amidi#\x00', 0x4, 0x80) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/net/pfkey\x00', 0x400, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, 0x0, 0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r4, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1009.813168][ T5844] binder: 5829:5844 got transaction with invalid data ptr [ 1009.841520][ T5877] binder: BINDER_SET_CONTEXT_MGR already set 15:30:13 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x4000, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x8, 0x98b, 0x0, 0x800, 0x5, 0x7fff, 0x9, 0x9, 0x0}, &(0x7f0000000100)=0x20) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000140)={r2, 0x20}, 0x8) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xfdfdffff]}) [ 1009.926704][ T5882] FAULT_INJECTION: forcing a failure. [ 1009.926704][ T5882] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.941991][ T5877] binder: 5829:5877 ioctl 40046207 0 returned -16 [ 1009.950950][ T5882] CPU: 0 PID: 5882 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1009.958858][ T5882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.968930][ T5882] Call Trace: [ 1009.972240][ T5882] dump_stack+0x172/0x1f0 [ 1009.976598][ T5882] should_fail.cold+0xa/0x15 [ 1009.981203][ T5882] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1009.987028][ T5882] ? ___might_sleep+0x163/0x280 [ 1009.991893][ T5882] __should_failslab+0x121/0x190 [ 1009.996845][ T5882] should_failslab+0x9/0x14 [ 1010.001361][ T5882] kmem_cache_alloc+0x2b2/0x6f0 [ 1010.006217][ T5882] ? current_time+0x6b/0x140 [ 1010.010850][ T5882] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 1010.010869][ T5882] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1010.010884][ T5882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1010.010898][ T5882] ? timespec64_trunc+0xf0/0x180 [ 1010.010913][ T5882] __d_alloc+0x2e/0x8c0 [ 1010.010932][ T5882] d_alloc_pseudo+0x1e/0x30 [ 1010.010946][ T5882] alloc_file_pseudo+0xe2/0x280 [ 1010.010959][ T5882] ? alloc_file+0x4d0/0x4d0 [ 1010.010976][ T5882] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1010.011002][ T5882] __shmem_file_setup.part.0+0x108/0x2b0 [ 1010.022097][ T5882] shmem_file_setup+0x66/0x90 [ 1010.022115][ T5882] __x64_sys_memfd_create+0x2a2/0x470 [ 1010.022130][ T5882] ? memfd_fcntl+0x1550/0x1550 [ 1010.022145][ T5882] ? do_syscall_64+0x26/0x610 [ 1010.022161][ T5882] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1010.022177][ T5882] ? trace_hardirqs_on+0x67/0x230 [ 1010.022197][ T5882] do_syscall_64+0x103/0x610 [ 1010.022217][ T5882] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1010.022229][ T5882] RIP: 0033:0x458209 [ 1010.022245][ T5882] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 15:30:13 executing program 3 (fault-call:0 fault-nth:3): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1010.022261][ T5882] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1010.037580][ T5882] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000000458209 [ 1010.037590][ T5882] RDX: 00000000200001e8 RSI: 0000000000000000 RDI: 00000000004bd167 [ 1010.037599][ T5882] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1010.037609][ T5882] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f70dfade6d4 [ 1010.037618][ T5882] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xfffffdfd]}) 15:30:13 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000080)='em0vboxnet0\x00') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1010.249315][ T5924] FAULT_INJECTION: forcing a failure. [ 1010.249315][ T5924] name failslab, interval 1, probability 0, space 0, times 0 [ 1010.279578][ T5940] binder: 5915:5940 got transaction with invalid data ptr [ 1010.300805][ T5924] CPU: 1 PID: 5924 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1010.308741][ T5924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1010.318812][ T5924] Call Trace: [ 1010.322133][ T5924] dump_stack+0x172/0x1f0 [ 1010.326494][ T5924] should_fail.cold+0xa/0x15 [ 1010.331108][ T5924] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1010.336920][ T5924] ? ___might_sleep+0x163/0x280 [ 1010.341767][ T5924] __should_failslab+0x121/0x190 [ 1010.346718][ T5924] should_failslab+0x9/0x14 15:30:13 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x2c, &(0x7f0000000080)=[@in6={0xa, 0x4e22, 0xb89, @loopback, 0xbcff}, @in={0x2, 0x4e23, @local}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={r1, 0xf5}, &(0x7f0000000180)=0x8) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1010.351230][ T5924] kmem_cache_alloc+0x2b2/0x6f0 [ 1010.356100][ T5924] __alloc_file+0x27/0x300 [ 1010.360531][ T5924] alloc_empty_file+0x72/0x170 [ 1010.365309][ T5924] alloc_file+0x5e/0x4d0 [ 1010.369558][ T5924] alloc_file_pseudo+0x189/0x280 [ 1010.374493][ T5924] ? alloc_file+0x4d0/0x4d0 [ 1010.374920][ T5952] binder: BINDER_SET_CONTEXT_MGR already set [ 1010.379005][ T5924] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1010.379042][ T5924] __shmem_file_setup.part.0+0x108/0x2b0 [ 1010.379065][ T5924] shmem_file_setup+0x66/0x90 [ 1010.379088][ T5924] __x64_sys_memfd_create+0x2a2/0x470 [ 1010.385250][ T5952] binder: 5915:5952 ioctl 40046207 0 returned -16 [ 1010.391315][ T5924] ? memfd_fcntl+0x1550/0x1550 [ 1010.391332][ T5924] ? do_syscall_64+0x26/0x610 [ 1010.391349][ T5924] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1010.391365][ T5924] ? trace_hardirqs_on+0x67/0x230 [ 1010.391384][ T5924] do_syscall_64+0x103/0x610 [ 1010.391403][ T5924] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1010.391421][ T5924] RIP: 0033:0x458209 [ 1010.447421][ T5924] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1010.467042][ T5924] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1010.475438][ T5924] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000000458209 [ 1010.483391][ T5924] RDX: 00000000200001e8 RSI: 0000000000000000 RDI: 00000000004bd167 [ 1010.491338][ T5924] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1010.499297][ T5924] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f70dfade6d4 [ 1010.507269][ T5924] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:14 executing program 3 (fault-call:0 fault-nth:4): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0xfcf7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x100000000000000]}) [ 1010.687278][ T6051] binder: 6048:6051 got transaction with invalid data ptr [ 1010.717795][ T6082] FAULT_INJECTION: forcing a failure. [ 1010.717795][ T6082] name failslab, interval 1, probability 0, space 0, times 0 15:30:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) getsockopt$inet_mreqsrc(r0, 0x0, 0x26, &(0x7f0000000040)={@remote, @empty, @multicast2}, &(0x7f0000000080)=0xc) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1010.751575][ T6099] binder: BINDER_SET_CONTEXT_MGR already set [ 1010.768740][ T6099] binder: 6048:6099 ioctl 40046207 0 returned -16 [ 1010.776799][ T6051] binder_alloc: 6048: binder_alloc_buf, no vma 15:30:14 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) fallocate(r0, 0x1, 0x6, 0x7f) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d02bcce3e8fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6d028dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000140)=0x80000001, 0x8) ioctl$SIOCAX25GETINFOOLD(r1, 0x89e9, &(0x7f00000000c0)) [ 1010.864161][ T6082] CPU: 0 PID: 6082 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1010.872104][ T6082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1010.882175][ T6082] Call Trace: [ 1010.885485][ T6082] dump_stack+0x172/0x1f0 [ 1010.889842][ T6082] should_fail.cold+0xa/0x15 [ 1010.894463][ T6082] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1010.900285][ T6082] ? ___might_sleep+0x163/0x280 [ 1010.905152][ T6082] __should_failslab+0x121/0x190 [ 1010.910108][ T6082] should_failslab+0x9/0x14 [ 1010.914625][ T6082] kmem_cache_alloc+0x2b2/0x6f0 [ 1010.919497][ T6082] ? rcu_read_lock_sched_held+0x110/0x130 [ 1010.925248][ T6082] ? kmem_cache_alloc+0x32e/0x6f0 [ 1010.930325][ T6082] security_file_alloc+0x39/0x170 [ 1010.935370][ T6082] __alloc_file+0xac/0x300 [ 1010.939801][ T6082] alloc_empty_file+0x72/0x170 [ 1010.944581][ T6082] alloc_file+0x5e/0x4d0 [ 1010.948833][ T6082] alloc_file_pseudo+0x189/0x280 [ 1010.953785][ T6082] ? alloc_file+0x4d0/0x4d0 [ 1010.958302][ T6082] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1010.964580][ T6082] __shmem_file_setup.part.0+0x108/0x2b0 [ 1010.970231][ T6082] shmem_file_setup+0x66/0x90 [ 1010.974925][ T6082] __x64_sys_memfd_create+0x2a2/0x470 [ 1010.980309][ T6082] ? memfd_fcntl+0x1550/0x1550 [ 1010.985083][ T6082] ? do_syscall_64+0x26/0x610 [ 1010.989769][ T6082] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1010.995075][ T6082] ? trace_hardirqs_on+0x67/0x230 [ 1011.000113][ T6082] do_syscall_64+0x103/0x610 [ 1011.004714][ T6082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1011.010605][ T6082] RIP: 0033:0x458209 [ 1011.010622][ T6082] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1011.010631][ T6082] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1011.010645][ T6082] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000000458209 [ 1011.010654][ T6082] RDX: 00000000200001e8 RSI: 0000000000000000 RDI: 00000000004bd167 15:30:14 executing program 3 (fault-call:0 fault-nth:5): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0xfffffffffffffffd, 0x0, 0x4, 0x7, 0x20, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1b}, 0x1b) 15:30:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000fffffd", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x200000000000000]}) [ 1011.010663][ T6082] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1011.010671][ T6082] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f70dfade6d4 [ 1011.010680][ T6082] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:14 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$NBD_SET_SIZE(r3, 0xab02, 0x6) write$FUSE_IOCTL(r4, &(0x7f00000000c0)={0x20, 0xfffffffffffffffe, 0x2, {0x9, 0x0, 0x6, 0x528a54b6}}, 0x20) epoll_create1(0x80000) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r5, 0x21d9, &(0x7f0000000040)) 15:30:14 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000000c0)={0xffffffffffffffff}, 0x106, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r1, &(0x7f0000000140)={0x9, 0x108, 0xfa00, {r2, 0x7c, "dc9c46", "ce52b4b488e1dd03325294ef2bfa51f0d389894375a7d212d9ee90a7ded552cd10169374dfa24f130409fa44696a7c16f78b15ca8604a486a4e0fcbb74df1f29f2b7a2b011d1d1204fac8b9ef759bd7abfb0f444ee2b2ac5ac58ff5dc8cefcb6caa6529dcdfa1a5ba497a35a2cf516f3c4fbaf0e6e1fe5627e6ffa439f819a172d3437e6496499b7852579d19d71d15e7f60829ac9f954643c19389f02087efab183cc1e3db6017b0069551b9a6442cf9e14bcad6604c4d98947c7b646155a8a01e95133415a616df925000f681b6729e0d32a3dd9790f65953a0ab216ae9a848d34f6f447b505160937aa069ad659be333e572c0d7cdc16272275873a560776"}}, 0x110) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x300000000000000]}) [ 1011.153768][ T6258] binder: BINDER_SET_CONTEXT_MGR already set [ 1011.183229][ T6258] binder: 6248:6258 ioctl 40046207 0 returned -16 15:30:14 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000140)={0x27, 0x0, 0x0, 0x400, 0x0, 0x2, "780cd0b0fcf4110c019c79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af00", 0x1d}, 0x60) fstat(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm-control\x00', 0x57db88b9fecf35f1, 0x0) ioctl$IOC_PR_RELEASE(r3, 0x401070ca, &(0x7f0000000380)={0x7, 0x20}) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(r2, r4, r5) r6 = getpgrp(0x0) get_robust_list(r6, &(0x7f00000000c0)=&(0x7f0000000080)={&(0x7f0000000040)={&(0x7f0000000000)}}, &(0x7f0000000100)=0x18) [ 1011.265979][ T6249] binder_alloc: 6248: binder_alloc_buf, no vma [ 1011.298200][ T8371] binder_release_work: 9 callbacks suppressed [ 1011.298208][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 15:30:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x400000000000000]}) [ 1011.310040][ T6313] FAULT_INJECTION: forcing a failure. [ 1011.310040][ T6313] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1011.325161][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 15:30:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000007fffffffef", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1011.394126][ T6313] CPU: 1 PID: 6313 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1011.402049][ T6313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1011.412102][ T6313] Call Trace: [ 1011.415409][ T6313] dump_stack+0x172/0x1f0 [ 1011.419742][ T6313] should_fail.cold+0xa/0x15 [ 1011.424338][ T6313] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1011.430143][ T6313] ? ___might_sleep+0x163/0x280 [ 1011.435005][ T6313] should_fail_alloc_page+0x50/0x60 [ 1011.440205][ T6313] __alloc_pages_nodemask+0x1a1/0x7e0 [ 1011.445582][ T6313] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1011.451396][ T6313] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1011.457632][ T6313] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1011.463877][ T6313] alloc_pages_vma+0xdd/0x540 [ 1011.468561][ T6313] shmem_alloc_page+0xc0/0x180 [ 1011.473323][ T6313] ? shmem_swapin+0x1a0/0x1a0 [ 1011.478001][ T6313] ? lock_downgrade+0x880/0x880 [ 1011.482855][ T6313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1011.489109][ T6313] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1011.494823][ T6313] ? __vm_enough_memory+0x320/0x5a0 [ 1011.500037][ T6313] shmem_alloc_and_acct_page+0x165/0x970 [ 1011.505673][ T6313] shmem_getpage_gfp+0x43b/0x2500 [ 1011.510711][ T6313] ? shmem_unuse_inode.constprop.0+0xfd0/0xfd0 [ 1011.516858][ T6313] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 1011.522661][ T6313] ? current_time+0x6b/0x140 [ 1011.527247][ T6313] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 1011.533055][ T6313] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1011.539293][ T6313] ? iov_iter_fault_in_readable+0x22c/0x450 [ 1011.545281][ T6313] shmem_write_begin+0x105/0x1e0 [ 1011.550239][ T6313] generic_perform_write+0x231/0x530 [ 1011.555537][ T6313] ? page_endio+0x780/0x780 [ 1011.560044][ T6313] ? current_time+0x140/0x140 [ 1011.564722][ T6313] ? lock_acquire+0x16f/0x3f0 [ 1011.569400][ T6313] __generic_file_write_iter+0x25e/0x630 [ 1011.575037][ T6313] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1011.580760][ T6313] generic_file_write_iter+0x360/0x610 [ 1011.586220][ T6313] ? __generic_file_write_iter+0x630/0x630 [ 1011.592032][ T6313] ? aa_path_link+0x460/0x460 [ 1011.596706][ T6313] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1011.602946][ T6313] ? iov_iter_init+0xee/0x220 [ 1011.607625][ T6313] new_sync_write+0x4c7/0x760 [ 1011.612307][ T6313] ? default_llseek+0x2e0/0x2e0 [ 1011.617158][ T6313] ? lock_downgrade+0x880/0x880 [ 1011.622036][ T6313] __vfs_write+0xe4/0x110 [ 1011.626364][ T6313] vfs_write+0x20c/0x580 [ 1011.630615][ T6313] ksys_pwrite64+0x183/0x1c0 [ 1011.635203][ T6313] ? __ia32_sys_pread64+0xf0/0xf0 [ 1011.640244][ T6313] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1011.645708][ T6313] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1011.651173][ T6313] ? do_syscall_64+0x26/0x610 [ 1011.655845][ T6313] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1011.661904][ T6313] ? do_syscall_64+0x26/0x610 [ 1011.666585][ T6313] __x64_sys_pwrite64+0x97/0xf0 [ 1011.671439][ T6313] do_syscall_64+0x103/0x610 [ 1011.676038][ T6313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1011.681921][ T6313] RIP: 0033:0x412207 [ 1011.685811][ T6313] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 c7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 0d fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1011.705416][ T6313] RSP: 002b:00007f70dfadda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 1011.713829][ T6313] RAX: ffffffffffffffda RBX: 00000000200001d0 RCX: 0000000000412207 [ 1011.721798][ T6313] RDX: 0000000000000016 RSI: 0000000020000040 RDI: 0000000000000004 [ 1011.729765][ T6313] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1011.737732][ T6313] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 1011.745699][ T6313] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xa, 0x6, 0x8001, 0x100000000, '\x00', 0xf3}) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000002c0), 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000003880), 0x4) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x102, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x1000, 0x2d, 0x8006, 0x1, 0x1, 0x3d4ba828, 0x2f, 0x6}, &(0x7f0000000100)=0x20) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000240)={0x5, &(0x7f0000000200)=[{}, {}, {}, {}, {0x0}]}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000280)={r3, &(0x7f0000000300)=""/4096}) [ 1011.794710][ T6379] binder_transaction: 6 callbacks suppressed [ 1011.794814][ T6379] binder: 6378:6379 transaction failed 29201/-28, size 8192-0 line 3147 [ 1011.825776][ T6382] binder: BINDER_SET_CONTEXT_MGR already set [ 1011.841913][ T6308] device nr0 entered promiscuous mode [ 1011.848005][ T6382] binder: 6378:6382 ioctl 40046207 0 returned -16 [ 1011.870093][ T6379] binder_alloc: 6378: binder_alloc_buf, no vma [ 1011.888931][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 [ 1011.896110][ T6379] binder: 6378:6379 transaction failed 29189/-3, size 8192-0 line 3147 [ 1011.905146][ T7784] binder: undelivered TRANSACTION_ERROR: 29189 [ 1011.955419][ T6313] FAT-fs (loop3): bogus number of reserved sectors [ 1012.013156][ T6313] FAT-fs (loop3): Can't find a valid FAT filesystem 15:30:15 executing program 3 (fault-call:0 fault-nth:6): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000ffffff", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x500000000000000]}) 15:30:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x400, 0x0, 0x3ff, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:15 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x80000000000000, 0x5, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:15 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) ioctl(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x4, 0x0, 0x50d, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x4000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9, 0x0, 0x5}, 0x0, 0xfffffffffffffdff, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f00000000c0)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x1, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000140), &(0x7f0000000240)=0x4) accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000440), 0x800) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x8) r2 = syz_open_dev$mice(&(0x7f0000000740)='/dev/input/mice\x00', 0x0, 0x410201) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, &(0x7f0000000900)=ANY=[]) openat$cuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x2, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/video37\x00', 0x2, 0x0) setreuid(0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000580)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000980)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20002000}, 0xc, &(0x7f0000000940)={&(0x7f0000000600)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100327bd7000fbdbdf2503000000080006000200000004000400080006000000000008000500040000009082d3a88761294724dd0524fc98ae08cdef"], 0x30}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) memfd_create(&(0x7f00000001c0)='\xa3t,\x13\x8d\xd3\x84\xa0\xbfG\xa6\xcb\xcd\x1f\xafzf\x00V\x18\x13#\xac[\xee\x12|\xc9\x12\xd9\xf3\xef<\x10/\x8b\xcf\xdas\x94 \xc3\xa91_Q\xcb]\xfe\xa3e?\xdd\xae\x88(\xbe\xb7\xe6`\xcf\xd3\b{\b8@\x8e\x7f):\xce\x8c\xb9sw\x16\xeak\xc9\xac\x19\xca}\xb1\xa8\x008\x9cb$q\x95zG\x8d\xd1XA\xc3\x93DsK\x16L\x84\xa5\a\x9aT\xfb\x1aM\xb5Z0\xb9)?\xa4\xd3\x18', 0xfffffffffffffffc) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000780)) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000840)={{{@in=@empty, @in6=@mcast2, 0x4e22, 0x100000001, 0x4e24, 0x0, 0x2, 0x80, 0xa0}, {0x7, 0x7ff, 0x7, 0xfffffffffffffffa, 0x1, 0x7f, 0xd5}, {0x9, 0x1, 0x16, 0x3}, 0x9b6, 0x6e6bbd, 0x2, 0x1, 0x2, 0x2}, {{@in=@loopback, 0x4d2, 0x3f}, 0xa, @in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x0, 0x6, 0x1, 0x4, 0x1000, 0x6, 0x9}}, 0xe8) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, &(0x7f0000000a80)=ANY=[]) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000340)={0x0, 0x3be06a3d}, &(0x7f00000003c0)=0x8) umount2(&(0x7f0000000800)='./file0\x00', 0x0) sendfile(r3, r3, &(0x7f0000000500), 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) [ 1012.173333][ T6512] FAULT_INJECTION: forcing a failure. [ 1012.173333][ T6512] name failslab, interval 1, probability 0, space 0, times 0 [ 1012.181566][ T6510] binder: 6507:6510 transaction failed 29201/-28, size 8192-0 line 3147 [ 1012.210805][ T6512] CPU: 0 PID: 6512 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1012.218745][ T6512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1012.228814][ T6512] Call Trace: [ 1012.232142][ T6512] dump_stack+0x172/0x1f0 [ 1012.236514][ T6512] should_fail.cold+0xa/0x15 [ 1012.241135][ T6512] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1012.241162][ T6512] ? ___might_sleep+0x163/0x280 [ 1012.241188][ T6512] __should_failslab+0x121/0x190 [ 1012.241212][ T6512] should_failslab+0x9/0x14 [ 1012.241230][ T6512] kmem_cache_alloc+0x2b2/0x6f0 [ 1012.241254][ T6512] ? lock_downgrade+0x880/0x880 [ 1012.251902][ T6512] getname_flags+0xd6/0x5b0 [ 1012.251921][ T6512] getname+0x1a/0x20 [ 1012.251936][ T6512] do_sys_open+0x2c9/0x5d0 [ 1012.251952][ T6512] ? filp_open+0x80/0x80 [ 1012.251973][ T6512] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1012.251988][ T6512] ? do_syscall_64+0x26/0x610 [ 1012.252004][ T6512] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1012.252018][ T6512] ? do_syscall_64+0x26/0x610 [ 1012.252047][ T6512] __x64_sys_open+0x7e/0xc0 [ 1012.308989][ T6512] do_syscall_64+0x103/0x610 [ 1012.309012][ T6512] entry_SYSCALL_64_after_hwframe+0x49/0xbe 15:30:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x600000000000000]}) 15:30:15 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x1, 0x2) perf_event_open(&(0x7f0000000080)={0x7, 0x70, 0x80000001, 0x6, 0x1, 0x4, 0x0, 0x8, 0x4, 0xc, 0x737, 0x3, 0xc0e, 0x7, 0xfffffffffffffd39, 0x7f, 0x100, 0x9, 0x9, 0xffff, 0x11, 0x7, 0x5, 0x7, 0x9, 0x0, 0x40, 0xffffffffffffffff, 0x7fffffff, 0x3, 0x20, 0x1ce, 0x4f, 0x24, 0x9, 0x40, 0x3, 0xff3, 0x0, 0x4, 0x0, @perf_config_ext={0x10000, 0x836}, 0x800, 0x5, 0x1, 0x6, 0x3, 0x81, 0x3}, 0x0, 0x2, r1, 0xb) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000200)={0x10, 0x17, 0xa, 0x13, 0x4, 0x8, 0x3, 0x142, 0xffffffffffffffff}) getsockopt$nfc_llcp(r1, 0x118, 0x0, &(0x7f0000000180)=""/68, 0x44) r2 = getpgrp(0x0) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000380)={r2, r3, r4}, 0xc) r5 = creat(&(0x7f0000000240)='./file0\x00', 0x44) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f00000003c0)) 15:30:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x8000, 0x0) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000040)=0x40) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x3f, 0x2, [0x100000001, 0x10001]}, &(0x7f0000000100)=0xc) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000140)={r1, 0x8, 0x6}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x800, 0x105000) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1012.309031][ T6512] RIP: 0033:0x4121a1 [ 1012.327890][ T6512] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1012.347515][ T6512] RSP: 002b:00007f70dfadda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1012.355952][ T6512] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 00000000004121a1 [ 1012.359665][ T6514] binder: BINDER_SET_CONTEXT_MGR already set [ 1012.363928][ T6512] RDX: 00007f70dfaddb0a RSI: 0000000000000002 RDI: 00007f70dfaddb00 [ 1012.363937][ T6512] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1012.363947][ T6512] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1012.363956][ T6512] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x700000000000000]}) [ 1012.430471][ T6514] binder: 6507:6514 ioctl 40046207 0 returned -16 15:30:15 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = accept4(r0, &(0x7f0000000080)=@nfc_llcp, &(0x7f0000000100)=0x80, 0x80800) setsockopt$inet6_MRT6_DEL_MFC(r3, 0x29, 0xcd, &(0x7f0000000180)={{0xa, 0x4e24, 0x4, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x80000000}, {0xa, 0x4e23, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4}, 0x7, [0xfffffffffffffabf, 0x7f, 0x8c75, 0x2, 0x1, 0x2a3e, 0x83, 0x2]}, 0x5c) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x200a40, 0x40) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x28400, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x20000, 0x2) r0 = accept$inet6(0xffffffffffffff9c, 0x0, &(0x7f0000000280)) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1012.500601][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 15:30:16 executing program 3 (fault-call:0 fault-nth:7): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000060ffffffff", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x800000000000000]}) 15:30:16 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x80000000000004, 0x0, 0x0, 0xffffffffffffffff, 0x0, "ce939ada2d0823590900e700ba8d707a5df28fdd74edab9d670ac32c0eec7dfcee0b9ee2ddbff2f748f6d228dda5dae2989444063278f6da9424bb940300ad", 0x2b}, 0x60) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000100)=0x20) 15:30:16 executing program 2: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x4200, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8000, 0x80) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@ipv4_delroute={0x2c, 0x19, 0x300, 0x70bd26, 0x25dfdbfb, {0x2, 0x34, 0x7a8e5442962749b8, 0x6, 0xfd, 0x4, 0xc8, 0xf, 0x3200}, [@RTA_SRC={0x8, 0x2, @broadcast}, @RTA_MARK={0x8, 0x10, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040050}, 0x4040) ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) connect$nfc_llcp(0xffffffffffffffff, &(0x7f0000000340)={0x27, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1012.672818][ T6640] device nr0 entered promiscuous mode [ 1012.767944][ T6655] binder: 6647:6655 transaction failed 29201/-28, size 8192-0 line 3147 [ 1012.795715][ T6689] FAULT_INJECTION: forcing a failure. [ 1012.795715][ T6689] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1012.808954][ T6689] CPU: 0 PID: 6689 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 15:30:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xa00000000000000]}) [ 1012.816853][ T6689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1012.826920][ T6689] Call Trace: [ 1012.830232][ T6689] dump_stack+0x172/0x1f0 [ 1012.834596][ T6689] should_fail.cold+0xa/0x15 [ 1012.834625][ T6689] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1012.845012][ T6689] ? __lock_acquire+0x548/0x3fb0 [ 1012.849970][ T6689] should_fail_alloc_page+0x50/0x60 [ 1012.855188][ T6689] __alloc_pages_nodemask+0x1a1/0x7e0 [ 1012.856895][ T6746] binder: BINDER_SET_CONTEXT_MGR already set 15:30:16 executing program 0: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-monitor\x00', 0x4001, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={[], [], @loopback}, 0x1}, 0x1c) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, r2, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e22}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x3c}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x3c}, @FOU_ATTR_AF={0x8, 0x2, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0xd8a}, &(0x7f0000000180)=0x8) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r3, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1012.860575][ T6689] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1012.860600][ T6689] ? find_held_lock+0x35/0x130 [ 1012.860623][ T6689] ? new_sync_write+0x527/0x760 [ 1012.860642][ T6689] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1012.860662][ T6689] cache_grow_begin+0x9c/0x860 [ 1012.860683][ T6689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1012.860703][ T6689] kmem_cache_alloc+0x62d/0x6f0 [ 1012.860726][ T6689] ? lock_downgrade+0x880/0x880 [ 1012.908501][ T6689] getname_flags+0xd6/0x5b0 [ 1012.908521][ T6689] getname+0x1a/0x20 [ 1012.908545][ T6689] do_sys_open+0x2c9/0x5d0 [ 1012.918868][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 [ 1012.921337][ T6689] ? filp_open+0x80/0x80 [ 1012.921359][ T6689] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1012.921375][ T6689] ? do_syscall_64+0x26/0x610 [ 1012.921391][ T6689] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1012.921405][ T6689] ? do_syscall_64+0x26/0x610 [ 1012.921426][ T6689] __x64_sys_open+0x7e/0xc0 [ 1012.936358][ T6655] binder_alloc: 6647: binder_alloc_buf, no vma [ 1012.937275][ T6689] do_syscall_64+0x103/0x610 15:30:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x4800000000000000]}) [ 1012.948009][ T6689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1012.973759][ T6689] RIP: 0033:0x4121a1 [ 1012.977662][ T6689] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1012.978783][ T6655] binder: 6647:6655 transaction failed 29189/-3, size 8192-0 line 3147 [ 1012.997268][ T6689] RSP: 002b:00007f70dfadda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 15:30:16 executing program 2: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240)='/dev/hwrng\x00', 0x4000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x20) r0 = syz_open_dev$audion(&(0x7f0000000300)='/dev/audio#\x00', 0xfff, 0x480080) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) getpeername(r1, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, &(0x7f0000000080)=0x80) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0xffffffff80000000, 0x30}, &(0x7f0000000100)=0xc) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000140)={r3, 0x2, 0xf7d}, 0x8) [ 1012.997283][ T6689] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 00000000004121a1 [ 1012.997291][ T6689] RDX: 00007f70dfaddb0a RSI: 0000000000000002 RDI: 00007f70dfaddb00 [ 1012.997300][ T6689] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1012.997308][ T6689] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1012.997316][ T6689] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1012.997719][ T6746] binder: 6647:6746 ioctl 40046207 0 returned -16 15:30:16 executing program 5: syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x77b4000000000000, 0x20100) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffa000/0x3000)=nil) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0xa100, 0x0) ioctl$VHOST_GET_VRING_ENDIAN(r2, 0x4008af14, &(0x7f00000000c0)={0x0, 0xfffffffffffffffa}) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r2, 0x8971, &(0x7f0000000180)={'lo\x00', @ifru_flags=0x1800}) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x4c00000000000000]}) 15:30:16 executing program 3 (fault-call:0 fault-nth:8): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x80a, 0x28000) getsockopt$sock_int(r0, 0x1, 0x3f, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x131000, 0x0) ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f00000003c0)=""/4096) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000020000000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:16 executing program 0: syz_init_net_socket$x25(0x9, 0x5, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x6800000000000000]}) [ 1013.266860][ T6884] device nr0 entered promiscuous mode [ 1013.269817][ T7784] binder: undelivered TRANSACTION_ERROR: 29189 [ 1013.341451][ T6888] device nr0 entered promiscuous mode 15:30:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x6c00000000000000]}) [ 1013.423826][ T6901] binder: 6899:6901 got transaction with invalid data ptr [ 1013.434171][ T6901] binder: 6899:6901 transaction failed 29201/-14, size 8192-0 line 3179 [ 1013.468913][ T6923] FAULT_INJECTION: forcing a failure. [ 1013.468913][ T6923] name failslab, interval 1, probability 0, space 0, times 0 [ 1013.471736][ T6951] binder: BINDER_SET_CONTEXT_MGR already set [ 1013.508393][ T6923] CPU: 0 PID: 6923 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1013.516330][ T6923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1013.526388][ T6923] Call Trace: [ 1013.528958][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 [ 1013.529695][ T6923] dump_stack+0x172/0x1f0 [ 1013.529722][ T6923] should_fail.cold+0xa/0x15 [ 1013.529745][ T6923] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1013.538148][ T6901] binder_alloc: 6899: binder_alloc_buf, no vma [ 1013.540214][ T6923] ? ___might_sleep+0x163/0x280 [ 1013.540236][ T6923] __should_failslab+0x121/0x190 [ 1013.540256][ T6923] should_failslab+0x9/0x14 [ 1013.540273][ T6923] kmem_cache_alloc+0x2b2/0x6f0 [ 1013.540325][ T6923] ? __save_stack_trace+0x99/0x100 [ 1013.540347][ T6923] __alloc_file+0x27/0x300 [ 1013.553888][ T6901] binder: 6899:6901 transaction failed 29189/-3, size 8192-0 line 3147 [ 1013.556898][ T6923] alloc_empty_file+0x72/0x170 [ 1013.556922][ T6923] path_openat+0xef/0x46e0 [ 1013.556939][ T6923] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1013.556962][ T6923] ? kasan_slab_alloc+0xf/0x20 15:30:17 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = request_key(&(0x7f0000001bc0)='cifs.idmap\x00', &(0x7f0000001c00)={'syz', 0x1}, &(0x7f0000001c40)='subj_type', 0xffffffffffffffff) r2 = getpgid(0xffffffffffffffff) fcntl$lock(r0, 0x7, &(0x7f0000001b00)={0x3, 0x1, 0x74, 0x8, r2}) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000001c80)={r1, 0x4, 0x800}, &(0x7f0000001cc0)={'enc=', 'raw', ' hash=', {'ghash-generic\x00'}}, &(0x7f0000001d40)="463f1f96bc97a3852a7fc19e41c1eaa75c04b90fcd7c33e41f6f0702206fb00dc1c5aa2a70f3ed5dc4059dfd8d0b58f24b961b9820059dfb2ec30c9f02b6393ad2736c816c8e008205e08fc8b1e799bec1fbd83836b0b442af6366a6087c61955ef795cc9532ae6333c4e4e111f587cffb824189823aff0ad3ead1175681ffacabc04f2da0c5f47a8fadb7cd7a29e27bb1ddff36a8c0a7a6ab41f4e6e3c43cd2d13aa285b23e04c1ec2f8d149802c256a2a7f67eaded80c8cb010454a7465a4340c39abd4b3ae98e22f32fce4d80624891981471894ed02725e6bfc28e82cb23d5d87663c08fd8e9c52b6ae42aef793c1e1da1ca972a121bae40c1f341f11f878f3d7ab03ef3da8ca09748089497c92e46090d607fb87c589c6987463333bf2b64d3d8f03685de30850a1d79620bbc60b816129c56ff1859a42f1580302deebca9adc939a2b2ecb4d41b81f4d79e7b773d161794a3389027d86c60e289c2514564ce595450f0c0657a2cc83ce219ced4469f67a2bb7f3d11d2b611ec29d4cd7f02a292a1f7d89013ed888ed5d97c58b37a5888fbe457a0a4e1b5a47d86e1c8b8845be51375a50e6ea41cd3c05dff3aeabd6b0546485a92a4cecc0ca74f3d096a5e6f045613601e8cde47fd7bce07cd67e8749814cc5dcbdb41ecc560c8ab08f33b94d61d65696167fc0b0d3d6ecea1847b3084ae17b40ee66fa666e873063248e222994afa0d0e183fd04f19bf07e6d268b5775f6e8630f79ce3873e49cbb2d426c745f585ca64a2e98c9a6feabeb68ad003a8ae20d70cb220013f316d32a4adeb99172621875af2aa5f7f227007a0311825f3723678f9c720e3be71c96bd9c2b75dadd42b47bdbaa69a0ba2a3746aad4a1dde26d083d5e0d5812fe8ab92268f99f1cad795a9dc021770b49ef781c619151d3ab3a695d4bed7f928918b12b72a26e7daf58ae5daa585717e55651f9f89b45d931bc429e7bed10ac3db3dbf9599e252389b79f7bec669b2ae1d9cd70c04ec9ff88790136af277af5f53fccdb3792737a138dac0d75b89f8b9408aab27b9d03bca7ede0d0f0ca9f1f2f101aba173bf1eb636ec1c76fa15fdbaffeb365dd4f0d8a147377bd5d9194324f75f194b27950272c29a581452ebcbb2d5beab14436c3a38cf4456f18988a84f28f2b6e28c634666683df9c1d2dd8be56921e76ec3ca8c63af5133a309326c53c114908e2f6e93d532651104995e69eb520892991fccc5bd2c8da89f5a242ee03ed6639fce81230d14abafb35aeaf3fb91f468f3dea5ab8d20d7ae0280312df0e5cce53d70c6df56dd669249a9da58eeff2f078af4413e7b7d2d1a0db312e5540818b76503570db2e40b848f62eb9a47a5f50b93dc3949f5f31bb609907d7a9ed7f26a560ea77f40f05f2026587a068538d054812ed2b03386907b65b9102e7640215264ab14b54e4023ec7bb3297cb14ff13c965fdec565fe917fc044c721a40a3cf4a0bb43f52eb5a75608b42017bef3ff2d80349b2e173e1f6634563eb02b7b80c69f50d842589e38a5bded9596e6bdf7933b5dbce7f57e1d4cdf307843735970532f50e664d75ebc5f4ce2d9828512c9fa63f6e4e5f344b89608a07de6a7341eba67c0e712ba43f6f14a88e7be9ecbfd8cee6fd129d12eebb861d45c292569c39815de78bdd2aea831a0ade0b14f61ec6c165695ba518c565f59698c98c9b76b08ca4251ee12a6c5ebd5b44d1d88f77c8264af2136338367e06564e31a82f3381b9a2ccd04218a9df7b9200031189659b8836b2be233e78534defd52a297114a877fa816aca5bd6b6b20ea2b8e83dc5fc1db1809a8d1126a0aab4dbdec58ee0f87d678b11661def64f4529f7753f41e148f98d5b3b7cbec812487f637f6abbc0b2a6a86c3d67f1fff7c1be4ff8f1b526a780708ba2c136ab47b166de8788e7699806fa7b731de19a9346f52d33435e90ce27202988ab0ed992386626fe7ae52c1422f9f957a88d9ccce8f36b2fbb65e033fed4fb20e1fe9ae87bd33136e79081df1851b538920f28ad8a3e5f41934650325cdf6adb6c23e24c3bd31a347263f27a9b85e96becb69d5af9b8d378ebd24a042896070f1b9f4f6446f9e22e5b5e5b1b51e6d32f4adf321b3b4f57dfac775b2bfa40d85b25f838a078eb4df117e57c96294a4a82c09979cfddb95540a2c718d57cc0e6912ad3d8791e32d080969b93c5c53326bb8cdc97f96c96e705914df9a2630fc2a60a7c95ffdfc2a3954d31ac3757a10d9b2cdbdfef6ac286e9b83a1042e178589fc3f86c65b1d1ecc53813088b539525dae3e42326fadbe390d67924fff7e5c0e071ae615ad80e16d23d805330896b15573d5265e246597de4f17912ac49be271096c7f3d12227a497ab3c2c7f83d61653be1aa358d6106917f4de23bc3cd538aab6b05b08dd0382d39b049a80834243413a28822e2f14559f463b5e5571806bddafa54da6fa769e7aad0a8cb2c510a9c253119199ed2db780f958eb498a2310a45e369893ef97797d486f0f700972fdaa09ce2ad94d599c9d53035192edbe059c0e16f8d33969511ff70dd0e317ceaff938efbfad2d6c4f5877121ef875e7695a3ff4bdfc5e50b06af8ca6994ce3114e331a7734e1fe0f4bc2ca6ea2fa382844182b210beecbc651efa03c28feaf725fe5d2f638d4fdd606fa198d4e3a45c3df7ed4deecf74b8c73b7ee501fa77a9fb21bf68fea684cf8356141fc84dbee5a792160664ad61aad9e8a0b22cb955b5fb8e0195bfb58f711f954dd1e3acef0f79d78a696155bfb497f1ff5d772ab7b848558c5144a2fd0b37c6322bd2c2a0accaee5013babb955513cf857250814e6ad7136a4c71359966a65ae08d3d8b86c0308ac0edfa0d6c1f639e107b38049a405ba3b487e322d24fd90cc398a26c4f744e6aceec1a65ac688d0e00457eed18d729f153ac70f18c0ce13df14212f87a1fddca99875405a60f9aabb6d32d6fde4816b439710ff94cb62f5de153f663d4a78c39dc6a47ec396cd20ba1a83d137aee0444dafc81ed7742fc07e512d83e4fd08950d236a882c0205df60b345d9a17ca18cad385475b655bbd59887888650a3a50069d5467de692765d187c15620eecc80d36ef5f5ce70e8939122b0f40d32ae55be866efa71867b3758a9555d374115ea5cbcae905c30a2456e6b245c6f107799ba04eeab1cb114de7446855c5c2eb6030841b6f6011512390449981f993f767a6edb5e1d945d3efe51960c0dc1619d13eea56445d01dd636587d343775d9d2ea1253108fc126542275115e1825ae93b68893501b49790208d4495f9bef6e83b4d997a0536b682a868e477ef4d70823e131dc2b2142335e909404a21cb892efed75ebd105ff90c53377ccf1c4ffd6d251960706439545d509250ef33b2ad17f8a135ad3d0ba57c862f414b5f6f00cffcac13f92e3d5ef1078d5092a2dd281812457be9181a5ac16c6b623f10c57961e1d81ad10a287bf5de4917771f1faa2720d03857eb3e18bd5068d94e53fdf0558acb2edeafb4a4ee7ebd9f07d3901937f0dd7aaaa7d0415f8ddc4546c1ed4190c985822039430ec356af3930ed31b41d548190ea56357abeefadab77551744f3a057c049a13ac067dd44b237ab9fdd1da759e5807b90485b5c736b5f55fef2d2228776398b38dcd5d1a54a1e321b9d27882079c4e0cb09e8dd18d479ae0ea5a46971f2609d6ecd20f84671c840a7a9739aea21fd6388d6197fda10f3ca6b6f8ee92a1fccef4d74e6ad2f7106f5d1374243c1f83226bf0fdd2e40a6a8de05301fb71ddc0cbc55cc63906533727ae7010eac9634994978ae589bb2fa837990b1b97355ec9cd8acd5bdb73a7091955e1fe2358faecf4fddcf491698539b4856be8a7b7e800076b2a2487dceba06d248faf8fa87fe8966cbb6aabdef70e4d1850ccab49e05cf106e360d351653ddcd2290f691235ad8ae1fe585106f2b4ea2ec2e8c2a9b60f0474d4403e801d8aac828422a4f98ceaff0b9a283ed57da081b1fa13bb37314de863eaa7ca23335a12646f66c7dd2d650fb464a1abd261dafd404f6fd680c3bd924f21c3d8911b2566332060d5b4727d449e332bd0611b7329466b17ab27530665a6566397ef7bd647b17f88e300e6b28b901b2c70dfe35528950ca72aadcf709e6ce5f205a72e6a067d4fd6b6d5087e13372e874dc84dd22cfeb794f21ca58e6ad6cae9761ebfd1c4ef2cfa080d2030cecc1b938e534099cd192cb34fb96000308a42b2feb6787874df56ea72ba12bcd1c1c3f3867bf1a1965d318e7a51e811cc6c5bcbe381e7213b2099d1f0030772de96b2f9268975574a3468482debbf465012a05c3ce37d64a5e4d135f6c52f35c2e6ffa946cb1402ca8b88dccf57e776e6495a811317c5fbda83457a2092e1dccaed79e2848f789f79e77e7bff200030fa3fa1990c9f6670ad198124b8f08f6921eafa10beb3499077db835a6552b80c91f0a4b0ff1c85962c2717468d4a7f5ac0692c0b2bcda5703536dfa2b15b637e65185d7847c481c777e1678429314a1d7d4f0b72c492eec84bf0d7956dd5fb1154000a3e0cb4e4d2dda796f043943b7bc7f83761e7172dfb777ae71a8daa09ef25a61a85658563aff6e18d51f06f3c826c2087159609210559c8e1525b507bde822d88fcf9dab3184f076e1c57dd9a7ca85751e58712291fba463c31074fccd5fcacf28e6dcd938fad2b328ba027d7b4432c0632c5c11d32e911cd79ecdfc636a1ec0a8786326b82275a3a17844e407de3a2b4065f0a2513132a4ff1c301efd3e2ae4d4c34eacc5571a2f6e78d34cd8a12f997f29fff54509f700143ce6fff93ddf52b3890db3df513fbfe2754f13cb7182c19e2867cbd0647273ad27dbe9768beab10f62f5e27b7d5a49da67fdec07333c9ba094ba99f7e07c6513d05edefdd6d9f12e404dfb854fc6b50ac49e0533faf872bdb9f27280e1848bf4117969ba0221d5ccf5162ed75adf703ca1a735c958040d38b6549db8b440289b8fec0dfdbef51138dbcc5732782a89f972864ce8f16b0b4d5c446addf17069b6038fd6c05527340c80347e4ee0ee641443e287f9aa2183f80e1ad6660a8d9df82450127083e85de04e93d3a921140fb4034ff9b97f764e0900378d301df58e8b5686c600de93f6d9787472b6034acfc40f4cb73cd6a94a773d6a9411689daeb23d24d7a1d9db355d4d61d64fa3570a5f809fda4c179dd9f7204a5de08809bd7cd7e3b68230073ae2cfa4b77978a8da25b655f9a6255388e9586a7fea09f531f9cc6800ebbb2d462c7a8b1194c9888eb092e955610c867afd0974d6f2f307fc6b6fe01ede53054382af725bd5535308f4c8b97f15c0a4f28879cf6d323ac8c9ab4257ef1c1aeddb91b4fe610526dac87b2e949dd5d2afac4d720aa8dbf18593d0d6d2376228f20efc18aa9198a86adf7def5737934fd8ad527e031435b69f600ceef4718a541bd9ea506455d5d42362acff182839329c69b750e0a42935af3935790afdd1ec47f61d96ab69123094d74409303e909643b24f4a9b166e6a770dd038fc0a170795c2214416938ef41bb668c4baa02be4aa3e51a95f34f4e0b02e992d7cf3346ae846425a46f270562bbb35b1cbfb94bc5b4790e361f5f8bc1d97e655c54327c10a284c27f52fd7043963badd1940b21b44ac702c6fd02b8bd9accb9792d293305f3a040acd542822a2ea71aa83bb805114937bea7b52b057d70020d0a23ffb0081b4558e6c4ada9c74a321a93e6f1258b69e605c4ee651719beea8d9f", &(0x7f0000002d40)=""/75) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$getsig(0x4202, r3, 0x0, &(0x7f00000000c0)) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$CAPI_NCCI_OPENCOUNT(r4, 0x80044326, &(0x7f0000002dc0)=0x9) vmsplice(r0, &(0x7f00000013c0)=[{&(0x7f0000001a00)="1ffcaa45b65c7ddf454f6cc92e94687297af8db0d30509859359f41313024821b733c0a3408b9a96bd71cca877f0d21bea434af2374dbd6fdc23d6c2a07a1231c4433417e66c9ba8a84d4647bbace92456abe39c73138ec2ba66113c4f46577fe52d25b1ba7b34ae7e909bfd5a4514138fb51078e3bed9774e0cb86c597c2078af33d89f64135bdde9550e37441eea88481a168bfebc1e94f63c99874506dbd9292471455e545cecb40a318360a48e48c041f469f8473e13deb4e691676af60797", 0xc1}, {&(0x7f0000000180)="8c41686dd67a4bf2ad16c21cc42a4bf49cf198e74667fb35f7ababc6264ec9ec6afb1e08ace4832972c2223679dfe78096958a0a22bc29df5f8cbd313087793cc4452b87ff02444baa5880c47e61fe82f8f12c343ca36c268b50ac5767bdf96856a9169eb24556173d7b29f02010a05c9fbc5152954cf3788bf1e6eac998eb9f9b7899adb3ef7eff750a106362a5c5f89459c12232f54d5777885f128f792418615091056a9d087656f820f90910354665085ea120b3fb28c8451a06e27f741ad6b706a3ea719c77cb62a2311fcba4e338c76a3b7f0db7b597d77bde4ddf3349b6c652807ec9fb6033a83ee3e4d2c2aa71f30711643c27ebd9e290fd143884aab7c6af87f901191f2760f46b5a17163e7125175b4f34d4b56d4c71bc72903596a50465410eed944df208bb40dbb2f829beeceeaf850a1ee79ce953bc66187c0334fac3773d776cd6f38a485a96429e848b413e2ea7c3d2abf4779a1b2a2660fa41a0132f5eff52fee1851efcabbcf6da1b64a8f4215beb2989208bce54950e1422cbd57337135eef2da87fc2afc2d6012b8f1a9388cb74efe100cc305f0deb7b54113806729fbe7bebe0faf7c11d2af81e6bd5255f5fb01c799f19d82cc9b475d1009e1c13ed5c73199a61044a2c71ac689426e2c7c1333cf2dd94667554e28a4fd3701289c655736280fcd28a317ba75d45880ce690054aa78a28231009847c25a5a186a100398131eef620b225b06869903efe93b26e739c47d8a39f33b67b52cd0200b15d6c19d358d4bad6891c3452c4985c7ea775da54cde2e5654df8567d1bd8a2b9b68d7e8b2b3213fe5b82754b720da12c2408d340e991df718d832ac5f3ae14a8f2b680c1b6935f46751bfdecda885a97593549a98c4b444b74a961d63a6c55d8a4855debac5705ad3c15a5a9add5f82f60f3be7cead9af4a29ff9b4756161996cc161e4862c44b925e8fe36c814674aadec64acb973761b4ba8581a23509876ab576ee97a28f3ae9cd255332235234680666e86400842a9c35cb0d240141d9d145c1a8470341f70c3b4d77e311f6a308d61dccfbc1938c4baf4addf8ee4af3a9ef075c43c8833134454fe9848347c2399d2901c74bf4d8a0274087206f34296f302a39d63f78f86f4316ef43bc09820e681203f14f3722990ad2d2fba44417257908a88392b0c6b827f76949842c3ddee0a267601c28464c8306393cfafa07a345432f333455ebf687ccf550dc4ffe497da724cc337306ef7b0bc101511b97482ba6275165cc27f7439e684dc4e9f260f68c22473e69be1d2940499f6d24136f9b37e648c4456ff2e8ae8adc8684bddd69770b96e37eee72f258d18480b0a474fcdda7cfea93e31eab95a1e54b292ae356df000e2371e4cff7e1481e08968a48c7f69390e4c234ec7337f79c3e94c9a54635a2a91434a104f8b7a2891b186842c75109adf5b954a975a86848ce14a9535a0c80fb5da0b0fbe8bb21ea23a05aaf9610429c28503f0512d3a81b4751fbeaa26d1d176aa6ee4d52ce66c2b4cf924863dc7484ed21c15315b1301784b12ba72bc3b033abb6c0cf3ca41d0feb0ace3d1762d355573ddb6cfceb6fca7af88dba12b9df770cd8f51fad031fc252dd005cb5977b7da0ed4a8f0bb05e859aad993fbd06faf5334b3274ef991b832666a3a8ed74184d7951671aa09f8bbcad0f5137786f77d0d9a4b6fd7513747e8b9a2db094e939c12a42c4638ef045ab0ddb48fda94587331b2edf58c70c6bdb52a002cf69b4caad66281e21e59d8bf5f400c5eb3b85727e69930c5eec0e7f4db2582a96bc657e046d60c6ff94dc2423cf90c34709111da0e5576d0f2ef74a9d51567e5ec948a3238a978a7e203bed443d580961167e75422053ed74d11ff8aa5c212341ab4bb5205961b2299ac9b178b957d8686630d73617796c719df2aa1f62775a1bae870778b7ddea061f2629a156ad446b66192a1e492fdd03ac840cdefea467bee44c8f1ef0054738359c47dccbd4eb696fb988cab4c3875462deab03cab1d3124866898da6f9035a6c59e3a0af6344844a55d53476c09dea20d9db86b6b4b2977ba8a2ab25c59b3eca6b6350cd89e4aa57b8b66c343131406f4ff196c6a42373a4d097ec00422622f630592fc54400f85b8bfb0916244648612f3cf81a0770612222cd37c3d986f50d76eb05d17036940ec7fc61825cd2b9586560a4d37404c024b0e10734c97519a4d0dc96c77c39d53dca57c7946f678260695af5dac7a0d057aa0e5905554060acc8bc373e26c66a774ef4ca55fa65abe03c53cd91219a9fba6fddcdf06b23e219053b78330bcbb4272f82641968d8d2c240104d41b15dda7ba8b5536e8934f0d6559f5330fa8e0a2b0164f9c5de5299079c5ffbab5e1c4f46e43d76eb75169d0693f62fb4f559fed6f89a344367c940ff8968cfab7da05ce71daa2c72512c9ad68fa4567e446ec5505b1fae841ae44842e92db62ecee69a42d336565a7ec13df0cdd48b4460e4e17a9fc5ca3833b616bc12b37f9669ecee6d73d8755b7d3ee6e7edebea076c3fe9d099f2a6db7ad6fc0881f576a0fe20ca7d478826a347c060a99d106e7f1b72ad06abe3fc3513223d250fab2e37ca4ca3890877bdefb2904c1feb5f4ef6a0b2dc55c92877ed11b42c6f2b156e9069bd82cff553622a1bf9f9870460235d5568a3b1d710c3245e7b51d963a38dceb26a94fdcb520dfba3e6f90eb0844da64a127358f0ebd6a75bfd050fcffffc74543b3955e122bd5a7808ed63b815185383c7837f1e1a54f058e6b38fb0b258a70f110885dd7151122e6de866282abe7cefe90676123cf35c5054d91fe26ea2fae6035311df7a0fb4cb531ae589c5f98a1a385553ca9dea19e1d3231b9cd19e3d17722c47032c6cc43b8d236f9fb262e2dbed374343a84e36f9685fc0c373a29fba03ba917345186c76b8a1676cd2c3ff84a9788333b3bd58d5872fb09b34d712a38f167e9d98e33e5c36196d7e3f717338c3a82e85118de236fbf27b5ce479566701d4ff2301ec517306c1a35a30e7dfc6fdcb49cb57d5befdd5515ee7a9339761158d5493de458c99771f21b6fa6b090887a85e5492e77d6226476268a55e15461a691e6749f02ce7bcaacdcb063e223abeb3884aab77b7c023e82ab686a63aed2381f25ceb0bc0133b00b9cb29e56372c4383708428bbaea00302877766b70daca64af2c65ab7c91402b2ebe369e9d88f02f5475d93fee07655ab745847157a7697e3990418960307edab611cb859496164925e23870d38d7b8cacd76e5de08337d555ed6f1ba063933fef6419f2e70d7f5315b122c93350bffb8a94220092e61eeb4bb98a0d3c191278fd84277937f6840ab54468d016f573f22b20fed5da6026301b07fa6c0b211ce2e06746ece69550d26ef1c9dc66286f0f4298d1d1e6ff917b12d2f2fa1d7f5d7fee6f55294f090f1c38378f1458aed79c2fcde5313556ab10b1d612829a0daf4532c1b79cfec723703346de3702e0132cd5e33a96a8e0bd8da8dbadd593b0baaaed8ad9e3fca291d558022010693b6415635d58f797ce07c1048a163d2fa0e30fe0acc51cb6824e22559a020c077a964ffa2dbaaaf3d8c24610763334b7f6f5c813cc5ed7f51e2ae89d54e531e247e40e8b696a7295a59e9b2796344a9e4175e2b5d796eb4dca89aee791e1cb6bf43cb3225d0714d9ea6191338fc1d695876ba584508eac1bca3b71b6e8a4a4ef0f3c2e14cf236491aa23cc0de2b02c0ca419e292dd83e1b0c8976a73c45531657380dca65309e5a7e950e245b30a36531fc9d67b145cd1568f7715afc68f4acfa5ae0e1b234768cddf208db9d11bce718fc7441a6f3e5869f8fed995c263f4b895002aa1173b0d04009c2293343230aa09a2b78706cb195da6ab0659ffb16cd36802189297be7145112fe5683647acaae05b86cb5ec962ff1f766615967193a055e74677860ada63d1ec6c899f8b2ff4c324641b016cdde5b18b4b91bbeeeaf4dadf1f7f997398c518a01c45885fa5441d479dd9b44fcde459ded6a46922ee359f719d592c4306c6172e39da4c3d5e5cab206b7158fca49dc919b5070cceafddfae122ea08c2e55485497402f77204d46deaf340df55b7fba7f348ae465283ba8731c5ba013b6364e89ded58e3dff694f9b26f41bf46f1f3263d6593677c3d86131a546b9e15eeb7747bc2cf39d4cc63e21dac92429c7e5f51e9d5d122a132c4e481f264194419b990291ae0902f6e15d477e091e70321a255d20a145d1199581918e45058d7b119ee21bed84bfaceeb31e8f188e8c10e7b542e681df84ba05a817c8b54b18fffb8ab2f273c28190ba14f9a1a082f2309a287411fb368d68d0f07f0fa48559714bda23f34263e91819bae84cdaa597d6f3a57eef81f6599c8e1a932abfb31abe69ceb1be261bba7518e19ae524a1e48f989143984d3dd5944d9f3fb1b992c02ef7d60102a2c3a4186a5d2c2f5ee48e0b7047e6ee6c9e728544bb97c755caa52ea5d9a431adee290f0c52f6ae79d50ec882dee97847f3aaf4aead1acd5cd49d41fdb54b871f5543d12c4f2b89fa4f94b31b8f2e631ab73dec4dba010317bb5a62d28821df7b8814eadd7ddc613d0e7faf5e150fa9dde36c295e295b11d349bccaa0bf23718bd1e9365b921f094f9ac2a2d419004d0856896c9739a3f0314cf518eed9be1e73939c7bc2f22c597fa9309f8f7b684c5ea9f1cd1a1a1793b32433c270a3faad454e6998096b1bf7800136ff5ba69a89834d7aa64ea9dc7176468cac2816a3d562f661243a83d30fe09c493ab0613513179d34e47a6765f26d855f9acca7581c3235f0c4d07fe58161c050ae8a109aba1e51a25356084f2428f62e0a6d0a49bb36f288d6d7292565529ab7837443b71e78300d0c58f37cdc313e057b29f5c2771d1bc990cf60b3d1e2dcaed71e9f50ac07ec4041b0ca614a3a766df9fb60267e9291d78b332c5945011d06da2d41bcacc3d0a05083508a381140b4b5fde7e3e5380be2c568f9505f3dd7a8cc0d14958cb7f3a5c1a78d4765b330f9ae1a2bc53d30a5934f9ab9046d145b04eb0e0d771b20adb6c8ba0b0152ab03eadc28821d065561a0e31a619810b233665df7cdd49be31657ff19aaf960fd1d8c488e4db2781e42ea69595d28f50ff26774517afd35a4f7a076dc425c885af98c34b56353b8e5992dff09741916755fb5f9b330b95342cf9ec1c55f8f8a06bb41ac88ae03dd1df779cc0e4e5519c9b0cd21bfebe9dbb1908f16e16a43e5287d59214235f1ed2a22a525fdf3e8918e25bd9e1c7d9e1fb4e2b0072fff126d64b30b96ad2f91f37fabf4aa9eecf9b03ec881ee41e24e930d05272c36cae3bf1fb63baca3c1736a9afcefbcb389ff040d10193794d7503bd8e2f0817283c6ad23cb19a68148abb4d20bd4c200c31731b557e4053d489eeff47e91e109abcc2c287ecdd7633fece29345889436967c4e511ab348e1383beaf9b18b0f0c75836b6a6f0e171d1b4f507ddc5ca38138b4490bbfb060618e8acacea7af81930d5d5a31f50b464e0f8970d941637368f89bcc218b991bb02dbfb252d75648092117dc3ab912269dadde0ea1ac57a83ce1570f9b4dba9d431337972a98adc865eabfcb60565ce53863b15cd222b4b9aac47a347161a809827759098a5f172f9d63e64616ddb07a457489c045a5b780871580843dc55185b747d9b055120f5aa2ee1112a65cd2fee88bad859595ebfe456c303649d739bfe06adffb9aa80948b020663032029b3", 0x1000}, {&(0x7f0000001180)="e6d479273bff22655b979c2a23845e1e4a391226d959c620d41b82341df6553b72171cbf9c50d661bf4c0ce8d8f15d0a120d52d73f6dc76f4086cc4b143033b0afbb2a7f754139df430c89e7779f55dca9c26cbcb7061e74a4aa77a61b546e01943c51aba1e800a200000000000000000000000000", 0x75}, {&(0x7f0000001200)="b36d01c67c1addd34051403ba70a99141ca0fa11709f46249c124f99b71532642441d278638db059b45da04f207258edfcfbdc7dabe60359956447299910bf74cc53e0da66d7ce6303e92a85e2093a67a6b95dcc773bb0ec7cc9fe4677ce006af874f7f61ea23bb14f7b7deee0d990807eac3737e82dad2675f1614bcdd68994158a393088be5e2580a2e4fcdf73c98b1e455ffa0a7b0cb77035ff799a3bf1493ba6c756", 0xa4}, {&(0x7f00000012c0)="7d5545f95ccec7286223c0a3a0183c1b3f6c436a8f8308fe112007384dc0cbcac8a87ad92f049a5f3c4cbad985d75887100f656f76df977cf09f88c6cb9cc43d7678a0338e5aec7480a43cf5dfa9b032b16b03a0242f0f606d392e0832e434930a7be0fa71430b3eab8ac5183654909e9b82db6af02c6e62d0cac391db83", 0x7e}, {&(0x7f0000001340)="2b79d71ad2caa076f5e03dd97f7c765d069fd8996950472e911c4c91e18bde9b672a7b7f60289a7c37e50d719669b2c988315e8e05741ab72b514b7f", 0x3c}, {&(0x7f0000001380)="90d6968f79c945e37164ad4fa1cb4fd5b423f90659743f85", 0x18}], 0x7, 0x4) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000002fc0)='/dev/cachefiles\x00', 0x0, 0x0) r5 = accept4(r0, &(0x7f0000003000)=@alg, &(0x7f0000003080)=0x80, 0x800) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000002e00)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@initdev}}, &(0x7f0000002f00)=0xfffffe62) syz_mount_image$btrfs(&(0x7f0000001440)='btrfs\x00', &(0x7f0000001480)='./file0\x00', 0x7fff, 0x8, &(0x7f0000001940)=[{&(0x7f00000014c0)="56f6b6b12ded8b21679e61c3a9bcca9078810b93f98c18fcdfb109731983a765ee07fca83a8d898dd28ea1f6f398c6a22973dacb0276bd7bd34cc779ca8152fa6ebb07a0c23f6ce38db8adcd6de4888cab7501fcd7883bb2ea4ffae388b08ac40ce8200c499b267013d6feeca5c988c33c75053e6d41cc2396e476335e16af1a5c31901727847c23234861e275dbefa3d930b33b", 0x94, 0x9}, {&(0x7f0000001580)="6dd3b16db3b75edf5387ee9435198241e832140dbe4c3d13c7ee49e58a4d261edd8a3d4f2a1d5747cd4dea39ab8a8c733cf31bc96d05999f8836582563bc", 0x3e}, {&(0x7f00000015c0)="468efcaa08b33626b22f7ba98a12c44826cccc2d81881301bdec8ec9fe273bc1b6bda6edea80bc060c92971337d7e8ab", 0x30, 0x5}, {&(0x7f0000001600)="5899a24e4e4072bb11074782758c6d840f1a82edbbc295009546c7977d26e7c4c076003bc76ce5fa126f00fc6fe18dafed0392abecf96c664fdae18493bf089f67ee09c4653da3e40227", 0x4a, 0x4}, {&(0x7f0000001680)="47dfcd7839cda9e792d4108330093ec6894ff13e58e93317474573175e75791ae462af3fdbd8f0df1ff790cc64e15d01fa7bcf72f2db4a658270ada3da36abc69306cbb5e574e5fc0ea3d25ff8c4e474decab4f35436b532ed5c9e81011d51176e81b928586b37c16e2995f35713026f001a2a0fbece85ba9974fc7052fae900e6fe73b9a22e7b4103102f739fe8f00fa52e", 0x92, 0x5}, {&(0x7f0000001740)="7714fbbf9dd4a5e349cb2a3028a3ba21df582225d08e2e9c7545619c683676b1ea79e849aa32ca8eebbadf25d70134db4c2af4d939bc26da6a58a2dfbb9b5a0a864c24b4aafacb4be668febb0402a8f8e81e294b0d326ab6b3c699a91f00bc459092b2804b2a060550cc6d2108335d84327a5fd8507a30445052e7fbe13397ef8f7d4b10b99711552a46e5d71f8b5d8b2111768d1bf04d67abdb79c12ed25e9a2698520cd1c5ebb9a7483d577b68f5db84", 0xb1, 0xffffffff80000001}, {&(0x7f0000001800)="657038f1e42fb01cfa1e35f74bddb65abcddf9f1a7f39a0bc2cd41e8fce5b5173f088594f2fe40bd77d43626b761fda0eaae725feb4cafaa554df12b8f246b476a10e2329fe364b761331e0a91e717d8edbde7", 0x53, 0x5}, {&(0x7f0000001880)="2821cb012656678052c01169aca50d5e7b18ba10b1387c65d53b105172b0416f0deee90b626f824c0747c2d8f732a710606e555513e2b4a304c126d7b3ceadc7abb7b7daaf6725f6c6b9669ed608aa08133ffd4ec6fe7091cb771c76aeeb99cba3c3a8549f0de0dd193aa407a807cd5c6095b2310b157cfb76795f860ca433d5790e1191f2b3cad231fa5d8791f2033d09f3df1297d5e6277eac3f1fb9575bab38b3f47e", 0xa4, 0xb9af}], 0x20000, &(0x7f0000001b40)={[{@metadata_ratio={'metadata_ratio', 0x3d, 0x2}}], [{@subj_type={'subj_type', 0x3d, '\xe1eth0\''}}, {@dont_hash='dont_hash'}, {@uid_gt={'uid>', r6}}]}) [ 1013.566036][ T6951] binder: 6899:6951 ioctl 40046207 0 returned -16 [ 1013.566730][ T6923] ? kmem_cache_alloc+0x11a/0x6f0 [ 1013.566745][ T6923] ? getname_flags+0xd6/0x5b0 [ 1013.566757][ T6923] ? getname+0x1a/0x20 [ 1013.566772][ T6923] ? do_sys_open+0x2c9/0x5d0 [ 1013.566786][ T6923] ? __x64_sys_open+0x7e/0xc0 [ 1013.566809][ T6923] ? do_syscall_64+0x103/0x610 [ 1013.576152][ T6923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1013.585664][ T6923] ? __lock_acquire+0x548/0x3fb0 [ 1013.585684][ T6923] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1013.585715][ T6923] ? __alloc_fd+0x430/0x530 15:30:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x7400000000000000]}) [ 1013.595538][ T7784] binder: undelivered TRANSACTION_ERROR: 29189 [ 1013.598716][ T6923] do_filp_open+0x1a1/0x280 [ 1013.598735][ T6923] ? may_open_dev+0x100/0x100 [ 1013.598757][ T6923] ? lock_downgrade+0x880/0x880 [ 1013.598781][ T6923] ? kasan_check_read+0x11/0x20 [ 1013.693729][ T6923] ? do_raw_spin_unlock+0x57/0x270 [ 1013.693748][ T6923] ? _raw_spin_unlock+0x2d/0x50 [ 1013.693765][ T6923] ? __alloc_fd+0x430/0x530 [ 1013.693794][ T6923] do_sys_open+0x3fe/0x5d0 [ 1013.693811][ T6923] ? filp_open+0x80/0x80 15:30:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x7a00000000000000]}) [ 1013.693836][ T6923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1013.693859][ T6923] ? do_syscall_64+0x26/0x610 [ 1013.703803][ T6923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1013.703819][ T6923] ? do_syscall_64+0x26/0x610 [ 1013.703841][ T6923] __x64_sys_open+0x7e/0xc0 [ 1013.703858][ T6923] do_syscall_64+0x103/0x610 [ 1013.703877][ T6923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1013.703889][ T6923] RIP: 0033:0x4121a1 [ 1013.703904][ T6923] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1013.703921][ T6923] RSP: 002b:00007f70dfadda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1013.784745][ T6923] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 00000000004121a1 [ 1013.792739][ T6923] RDX: 00007f70dfaddb0a RSI: 0000000000000002 RDI: 00007f70dfaddb00 [ 1013.800721][ T6923] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1013.808697][ T6923] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 15:30:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x200800, 0x0) ioctl$IMGETDEVINFO(r1, 0x80044944, &(0x7f0000000040)={0xcc3}) [ 1013.816680][ T6923] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:17 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x27, 0x100) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r0, r1, 0x9, 0xac, &(0x7f0000000180)="ac5c19b92b1b847cdca930cef222c59f753e472675b1b911fb60eaef0897f1fa587c915bcee8fc56fc5a09839873318b00b984ddee6d00ba27ad3277da5311586c1621573f20ef6f437e1f443367f22f1d57e8b58a1f97c0dc3b7a359bcecb985cda5e7f5ef16efa0c6e3add696915addd2f33ce98f2efc3657bab49e449b99e40b411dfb079ba1c9dfdbd2bb112896359beb99c5a864eeb8464485ca17820753cf16b53fb79cc38fd3ecd71", 0xd21, 0x80000001, 0x0, 0x1, 0x200, 0x1, 0x8, 'syz0\x00'}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r5, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000030000000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:17 executing program 3 (fault-call:0 fault-nth:9): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xbf00000000000000]}) 15:30:17 executing program 2: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x28, &(0x7f0000000000)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r0, 0x6, 0x10}, 0xc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:17 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0xff55) [ 1014.000870][ T7134] binder: 7131:7134 got transaction with invalid data ptr [ 1014.016269][ T7134] binder: 7131:7134 transaction failed 29201/-14, size 8192-0 line 3179 [ 1014.061556][ T7137] binder: BINDER_SET_CONTEXT_MGR already set [ 1014.080662][ T7137] binder: 7131:7137 ioctl 40046207 0 returned -16 [ 1014.091516][ C0] net_ratelimit: 25 callbacks suppressed [ 1014.091562][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1014.103765][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:17 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x1, 0x40000000000000, 0x0, 0x0, 0x1ffffffffffc, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xfd00000000000000]}) [ 1014.118363][ T7146] device nr0 entered promiscuous mode [ 1014.120615][ T7134] binder_alloc: 7131: binder_alloc_buf, no vma [ 1014.126692][ T7147] FAULT_INJECTION: forcing a failure. [ 1014.126692][ T7147] name failslab, interval 1, probability 0, space 0, times 0 [ 1014.132603][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1014.150550][ T7134] binder: 7131:7134 transaction failed 29189/-3, size 8192-0 line 3147 15:30:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000040000000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1014.269388][ T7147] CPU: 0 PID: 7147 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1014.277314][ T7147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1014.277328][ T7147] Call Trace: [ 1014.290677][ T7147] dump_stack+0x172/0x1f0 [ 1014.295019][ T7147] should_fail.cold+0xa/0x15 [ 1014.299706][ T7147] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1014.305522][ T7147] ? ___might_sleep+0x163/0x280 [ 1014.310390][ T7147] __should_failslab+0x121/0x190 [ 1014.310411][ T7147] should_failslab+0x9/0x14 [ 1014.310427][ T7147] kmem_cache_alloc+0x2b2/0x6f0 [ 1014.310444][ T7147] ? rcu_read_lock_sched_held+0x110/0x130 [ 1014.310460][ T7147] ? kmem_cache_alloc+0x32e/0x6f0 [ 1014.310481][ T7147] security_file_alloc+0x39/0x170 [ 1014.310498][ T7147] __alloc_file+0xac/0x300 [ 1014.310513][ T7147] alloc_empty_file+0x72/0x170 [ 1014.310538][ T7147] path_openat+0xef/0x46e0 [ 1014.310561][ T7147] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1014.353768][ T7147] ? kasan_slab_alloc+0xf/0x20 [ 1014.353784][ T7147] ? kmem_cache_alloc+0x11a/0x6f0 [ 1014.353797][ T7147] ? getname_flags+0xd6/0x5b0 [ 1014.353808][ T7147] ? getname+0x1a/0x20 [ 1014.353831][ T7147] ? do_sys_open+0x2c9/0x5d0 [ 1014.353843][ T7147] ? __x64_sys_open+0x7e/0xc0 [ 1014.353859][ T7147] ? do_syscall_64+0x103/0x610 [ 1014.353875][ T7147] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1014.353900][ T7147] ? __lock_acquire+0x548/0x3fb0 [ 1014.353920][ T7147] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1014.364148][ T7147] ? __alloc_fd+0x430/0x530 [ 1014.364166][ T7147] do_filp_open+0x1a1/0x280 [ 1014.364181][ T7147] ? may_open_dev+0x100/0x100 [ 1014.364200][ T7147] ? lock_downgrade+0x880/0x880 [ 1014.364220][ T7147] ? kasan_check_read+0x11/0x20 [ 1014.364236][ T7147] ? do_raw_spin_unlock+0x57/0x270 [ 1014.364252][ T7147] ? _raw_spin_unlock+0x2d/0x50 [ 1014.364267][ T7147] ? __alloc_fd+0x430/0x530 [ 1014.364303][ T7147] do_sys_open+0x3fe/0x5d0 [ 1014.382788][ T7158] binder: 7154:7158 got transaction with invalid data ptr [ 1014.382833][ T7158] binder: 7154:7158 transaction failed 29201/-14, size 8192-0 line 3179 [ 1014.387389][ T7147] ? filp_open+0x80/0x80 [ 1014.425253][ T7162] binder: BINDER_SET_CONTEXT_MGR already set [ 1014.426771][ T7147] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1014.426788][ T7147] ? do_syscall_64+0x26/0x610 [ 1014.426804][ T7147] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1014.426826][ T7147] ? do_syscall_64+0x26/0x610 [ 1014.445952][ T7162] binder: 7154:7162 ioctl 40046207 0 returned -16 [ 1014.446453][ T7147] __x64_sys_open+0x7e/0xc0 [ 1014.446471][ T7147] do_syscall_64+0x103/0x610 [ 1014.446494][ T7147] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1014.464821][ T7158] binder_alloc: 7154: binder_alloc_buf, no vma [ 1014.471236][ T7147] RIP: 0033:0x4121a1 [ 1014.471252][ T7147] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1014.471261][ T7147] RSP: 002b:00007f70dfadda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 15:30:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0xfdfdffff00000000]}) 15:30:17 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x101000, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f00000000c0)=""/3, &(0x7f0000000100)=""/74, &(0x7f0000000180)=""/6, 0x2000}) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) dup2(r0, r0) socket$inet_sctp(0x2, 0x1, 0x84) 15:30:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0x3e6e, 0x47504a4d, 0x3, @stepwise={0x5, 0x1, 0x400, 0x100000000, 0x6, 0xffffffffffff8000}}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1014.471275][ T7147] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 00000000004121a1 [ 1014.471283][ T7147] RDX: 00007f70dfaddb0a RSI: 0000000000000002 RDI: 00007f70dfaddb00 [ 1014.471292][ T7147] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1014.471300][ T7147] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1014.471308][ T7147] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1014.650378][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1014.656176][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1014.660343][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1014.662040][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1014.667650][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1014.673387][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1014.679152][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1014.690574][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000050000000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$mice(&(0x7f0000000540)='/dev/input/mice\x00', 0x0, 0x40) write$P9_RREADLINK(r1, &(0x7f0000000580)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/dlm-monitor\x00', 0x408000, 0x0) inotify_add_watch(r2, &(0x7f0000000500)='./file0\x00', 0x30000800) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x6, 0x10000) ioctl$EVIOCGPROP(r3, 0x80404509, &(0x7f0000000400)=""/150) r4 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3f, 0x10000) r5 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r5, &(0x7f0000000080)={0x2, 0x1400000000004e20, @loopback}, 0x10) sendmsg(r5, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000000)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x7c, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r6 = semget(0x3, 0x4, 0x0) semctl$GETNCNT(r6, 0x0, 0xe, &(0x7f00000001c0)=""/207) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r4, &(0x7f00000000c0)="e714bce15b9ffd0091df6183bbab81e1f393fedd64ea35693635a7a0490f9d024f08f060d5eba75b29d1adce85ac11fd5ed9d47362b0e51a033b634f4c000e7ca2783c9fc59192f205e13e8690ecd10cc76b17f0f0e55a2b509ffebd3b4362cee91d484933c7a6b75c030a34000bf4753923b6e06c6137de4289c9ab6f0691f8c06da865fb118fd3f4644be1160dc14d2464d8d47b0edd27947ab92fbc24bc84956687b2a989a6563f293b373483da9a14e0adf271cb6e0c8e2e729579d0b2eede12bfb206db1c5f5fb76c74a876a2fe896493d5a4cdc5455d36e0c07a02aa02f52c652108b8e9963e", &(0x7f00000002c0)=""/73}, 0x18) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x1, r4}) 15:30:18 executing program 3 (fault-call:0 fault-nth:10): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x2]}) 15:30:18 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) ioctl$CAPI_GET_SERIAL(r2, 0xc0044308, &(0x7f0000000080)=0x7) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:18 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824eb20e20b0bb50f69da9bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2c}, 0x245) [ 1014.818554][ T7280] FAULT_INJECTION: forcing a failure. [ 1014.818554][ T7280] name failslab, interval 1, probability 0, space 0, times 0 [ 1014.849406][ T7280] CPU: 0 PID: 7280 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1014.857330][ T7280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1014.867381][ T7280] Call Trace: [ 1014.870686][ T7280] dump_stack+0x172/0x1f0 [ 1014.875036][ T7280] should_fail.cold+0xa/0x15 [ 1014.879640][ T7280] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1014.885479][ T7280] ? ___might_sleep+0x163/0x280 [ 1014.890340][ T7280] __should_failslab+0x121/0x190 [ 1014.895301][ T7280] ? loop_info64_to_compat+0x6d0/0x6d0 [ 1014.900995][ T7280] should_failslab+0x9/0x14 [ 1014.905502][ T7280] kmem_cache_alloc_trace+0x2d1/0x760 [ 1014.910971][ T7280] ? lockdep_init_map+0x1be/0x6d0 [ 1014.916122][ T7280] ? loop_info64_to_compat+0x6d0/0x6d0 [ 1014.921653][ T7280] __kthread_create_on_node+0xf2/0x460 [ 1014.927124][ T7280] ? lock_acquire+0x16f/0x3f0 [ 1014.931811][ T7280] ? kthread_parkme+0xb0/0xb0 [ 1014.936505][ T7280] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1014.942760][ T7280] ? kasan_check_read+0x11/0x20 [ 1014.947627][ T7280] ? mutex_trylock+0x1e0/0x1e0 [ 1014.952427][ T7280] ? loop_info64_to_compat+0x6d0/0x6d0 [ 1014.957895][ T7280] kthread_create_on_node+0xbb/0xf0 [ 1014.963100][ T7280] ? __kthread_create_on_node+0x460/0x460 15:30:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x3]}) [ 1014.965668][ T7288] binder: 7282:7288 got transaction with invalid data ptr [ 1014.968831][ T7280] ? lockdep_init_map+0x1be/0x6d0 [ 1014.980943][ T7280] ? lockdep_init_map+0x1be/0x6d0 [ 1014.985980][ T7280] lo_ioctl+0xc1b/0x2150 [ 1014.990237][ T7280] ? lo_rw_aio+0x1120/0x1120 [ 1014.994845][ T7280] blkdev_ioctl+0xee8/0x1c40 [ 1014.999443][ T7280] ? blkpg_ioctl+0xa90/0xa90 [ 1015.004042][ T7280] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1015.007388][ T7292] binder: BINDER_SET_CONTEXT_MGR already set [ 1015.009864][ T7280] ? __fget+0x35a/0x550 [ 1015.009887][ T7280] block_ioctl+0xee/0x130 [ 1015.009908][ T7280] ? blkdev_fallocate+0x410/0x410 [ 1015.019054][ T7292] binder: 7282:7292 ioctl 40046207 0 returned -16 [ 1015.020053][ T7280] do_vfs_ioctl+0xd6e/0x1390 [ 1015.027624][ T7288] binder_alloc: 7282: binder_alloc_buf, no vma [ 1015.029375][ T7280] ? ioctl_preallocate+0x210/0x210 [ 1015.029390][ T7280] ? __fget+0x381/0x550 [ 1015.029414][ T7280] ? ksys_dup3+0x3e0/0x3e0 [ 1015.060199][ T7280] ? do_sys_open+0x31d/0x5d0 [ 1015.064796][ T7280] ? tomoyo_file_ioctl+0x23/0x30 [ 1015.069738][ T7280] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1015.075986][ T7280] ? security_file_ioctl+0x93/0xc0 [ 1015.081093][ T7280] ksys_ioctl+0xab/0xd0 [ 1015.085254][ T7280] __x64_sys_ioctl+0x73/0xb0 [ 1015.089836][ T7280] do_syscall_64+0x103/0x610 [ 1015.094434][ T7280] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1015.100332][ T7280] RIP: 0033:0x458077 [ 1015.104226][ T7280] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1015.123829][ T7280] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1015.132236][ T7280] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1015.140197][ T7280] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1015.148145][ T7280] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1015.156097][ T7280] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 15:30:18 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x200000000000006, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x7, 0x10002) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f00000000c0)=0x3) 15:30:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000060000000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1015.164053][ T7280] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1015.235453][ T7296] binder: 7295:7296 got transaction with invalid data ptr 15:30:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x400, 0x0) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x6, 0x200000) openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x46400, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x18200, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x800, 0x0) syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x0, 0x2) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x2, 0x8) r0 = accept4(0xffffffffffffff9c, 0x0, &(0x7f00000001c0), 0x800) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:18 executing program 3 (fault-call:0 fault-nth:11): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x4]}) [ 1015.305252][ T7332] binder: BINDER_SET_CONTEXT_MGR already set [ 1015.343867][ T7317] device nr0 entered promiscuous mode [ 1015.371341][ T7332] binder: 7295:7332 ioctl 40046207 0 returned -16 [ 1015.380734][ T7387] binder: 7295:7387 got transaction with invalid data ptr [ 1015.456789][ T7416] FAULT_INJECTION: forcing a failure. [ 1015.456789][ T7416] name failslab, interval 1, probability 0, space 0, times 0 [ 1015.479943][ T7416] CPU: 0 PID: 7416 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1015.487855][ T7416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1015.497923][ T7416] Call Trace: [ 1015.501248][ T7416] dump_stack+0x172/0x1f0 15:30:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000040)={0x40000000, 0x20, @value=0x6}) getsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000080)={@mcast1, 0x0}, &(0x7f00000000c0)=0x14) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000100)={@loopback, r1}, 0x14) accept4(r0, &(0x7f0000000140)=@rc, &(0x7f00000001c0)=0x80, 0x80800) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1015.505592][ T7416] should_fail.cold+0xa/0x15 [ 1015.510194][ T7416] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1015.516001][ T7416] ? ___might_sleep+0x163/0x280 [ 1015.520840][ T7416] __should_failslab+0x121/0x190 [ 1015.525763][ T7416] should_failslab+0x9/0x14 [ 1015.530282][ T7416] kmem_cache_alloc+0x2b2/0x6f0 [ 1015.535136][ T7416] __kernfs_new_node+0xef/0x690 [ 1015.539989][ T7416] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1015.545530][ T7416] ? __lock_acquire+0x548/0x3fb0 [ 1015.550451][ T7416] kernfs_new_node+0x99/0x130 [ 1015.555109][ T7416] kernfs_create_dir_ns+0x52/0x160 [ 1015.560259][ T7416] internal_create_group+0x7f8/0xc40 [ 1015.565547][ T7416] ? bd_set_size+0x89/0xb0 [ 1015.569948][ T7416] ? remove_files.isra.0+0x190/0x190 [ 1015.575215][ T7416] sysfs_create_group+0x20/0x30 [ 1015.580058][ T7416] lo_ioctl+0x10af/0x2150 [ 1015.584372][ T7416] ? lo_rw_aio+0x1120/0x1120 [ 1015.589127][ T7416] blkdev_ioctl+0xee8/0x1c40 [ 1015.593708][ T7416] ? blkpg_ioctl+0xa90/0xa90 [ 1015.598303][ T7416] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1015.604104][ T7416] ? __fget+0x35a/0x550 [ 1015.608245][ T7416] block_ioctl+0xee/0x130 [ 1015.612556][ T7416] ? blkdev_fallocate+0x410/0x410 [ 1015.617564][ T7416] do_vfs_ioctl+0xd6e/0x1390 [ 1015.622186][ T7416] ? ioctl_preallocate+0x210/0x210 [ 1015.627278][ T7416] ? __fget+0x381/0x550 [ 1015.631418][ T7416] ? ksys_dup3+0x3e0/0x3e0 [ 1015.635813][ T7416] ? do_sys_open+0x31d/0x5d0 [ 1015.640401][ T7416] ? tomoyo_file_ioctl+0x23/0x30 [ 1015.645319][ T7416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1015.651571][ T7416] ? security_file_ioctl+0x93/0xc0 [ 1015.656677][ T7416] ksys_ioctl+0xab/0xd0 [ 1015.660820][ T7416] __x64_sys_ioctl+0x73/0xb0 [ 1015.665393][ T7416] do_syscall_64+0x103/0x610 [ 1015.669966][ T7416] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1015.675858][ T7416] RIP: 0033:0x458077 [ 1015.679733][ T7416] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1015.699315][ T7416] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 15:30:19 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) sendmmsg(r0, &(0x7f0000000080), 0x0, 0x40) ioctl$sock_proto_private(r0, 0x89e4, &(0x7f0000000080)="09140d903f7ed25d19e50f5b246ef2cead5169aa0e8f118527bc9f2196f86d58301efd55a9e33895b78ea5c357efc1f0f78db895f9996cbe41464c29efe253ecb94a59a9325eb10cc74141e0b7deb1a08da9dfac855d646f9b9ea618f63a31d2c7bbca07b99eaf07b5ce8b5999f45da4f48750174dfc38761db199b82ac44b72cb4c02536cb42501f4b843582c89104d2492866b7561452ff8343553855f1f7857b2016f3c762ce9faf141dd9bb14a2a4ec51ac166d7051c7f008c83eb185b37da390c5fa0d9dfde1b32") bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x5]}) [ 1015.707804][ T7416] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1015.715756][ T7416] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1015.723707][ T7416] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1015.731671][ T7416] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1015.739636][ T7416] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:19 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) r4 = shmget(0x3, 0xe000, 0x0, &(0x7f0000ff0000/0xe000)=nil) shmctl$SHM_UNLOCK(r4, 0xc) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:19 executing program 3 (fault-call:0 fault-nth:12): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x6]}) [ 1015.893695][ T7464] binder: 7463:7464 got transaction with invalid data ptr [ 1015.909083][ T7501] binder: BINDER_SET_CONTEXT_MGR already set [ 1015.918877][ T7501] binder: 7463:7501 ioctl 40046207 0 returned -16 [ 1015.930022][ T7464] binder_alloc: 7463: binder_alloc_buf, no vma 15:30:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8001, 0x400) recvmmsg(0xffffffffffffff9c, &(0x7f0000000680)=[{{&(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/78, 0x4e}, {&(0x7f0000000140)=""/114, 0x72}, {&(0x7f00000001c0)=""/210, 0xd2}, {&(0x7f00000002c0)=""/92, 0x5c}], 0x4, &(0x7f0000000400)=""/143, 0x8f}, 0x9}, {{&(0x7f00000004c0)=@tipc=@id, 0x80, &(0x7f0000000640)=[{&(0x7f0000000540)=""/223, 0xdf}], 0x1}, 0x9}], 0x2, 0x0, &(0x7f0000000700)) openat$vfio(0xffffffffffffff9c, &(0x7f0000000740)='/dev/vfio/vfio\x00', 0x12042, 0x0) pipe2(&(0x7f0000000780), 0x800) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/sequencer2\x00', 0x200, 0x0) accept4$inet6(0xffffffffffffff9c, &(0x7f0000000800), &(0x7f0000000840)=0x1c, 0x80800) syz_open_dev$dmmidi(&(0x7f0000000880)='/dev/dmmidi#\x00', 0xf2, 0x400) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/vcs\x00', 0x400, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:19 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0x1, 0x6, 0xe0e, 0x580, "48786c3e4e25f4887b8516d0080a7d3087de0c160e2d3bdd68828514ee89efee2696b1b2e558baf2230fd1fde2cca984b6f7de3c324e0ec8c4f18683a0d89e", 0x2f}, 0x60) [ 1016.076561][ T7557] device nr0 entered promiscuous mode [ 1016.094644][ T7558] FAULT_INJECTION: forcing a failure. [ 1016.094644][ T7558] name failslab, interval 1, probability 0, space 0, times 0 [ 1016.118300][ T7558] CPU: 0 PID: 7558 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 15:30:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x7]}) [ 1016.126201][ T7558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1016.136269][ T7558] Call Trace: [ 1016.139581][ T7558] dump_stack+0x172/0x1f0 [ 1016.143936][ T7558] should_fail.cold+0xa/0x15 [ 1016.149535][ T7558] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1016.149561][ T7558] ? ___might_sleep+0x163/0x280 [ 1016.149596][ T7558] __should_failslab+0x121/0x190 [ 1016.165159][ T7558] should_failslab+0x9/0x14 [ 1016.169670][ T7558] kmem_cache_alloc+0x2b2/0x6f0 [ 1016.174536][ T7558] ? find_held_lock+0x35/0x130 [ 1016.179311][ T7558] ? kernfs_activate+0x192/0x1f0 [ 1016.184256][ T7558] __kernfs_new_node+0xef/0x690 [ 1016.189121][ T7558] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1016.194587][ T7558] ? lock_downgrade+0x880/0x880 [ 1016.199466][ T7558] ? kasan_check_write+0x14/0x20 [ 1016.199483][ T7558] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1016.199500][ T7558] ? wait_for_completion+0x440/0x440 15:30:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000120000000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1016.199521][ T7558] kernfs_new_node+0x99/0x130 [ 1016.199548][ T7558] __kernfs_create_file+0x51/0x340 [ 1016.199565][ T7558] sysfs_add_file_mode_ns+0x222/0x560 15:30:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x8]}) 15:30:19 executing program 3 (fault-call:0 fault-nth:13): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1016.199585][ T7558] internal_create_group+0x35b/0xc40 [ 1016.199598][ T7558] ? bd_set_size+0x89/0xb0 [ 1016.199618][ T7558] ? remove_files.isra.0+0x190/0x190 [ 1016.199641][ T7558] sysfs_create_group+0x20/0x30 [ 1016.199656][ T7558] lo_ioctl+0x10af/0x2150 15:30:19 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) r3 = add_key(&(0x7f0000000080)='trusted\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f0000000100)='\x00', &(0x7f0000000180)) io_setup(0x200, &(0x7f0000000140)=0x0) io_getevents(r4, 0x0, 0x1, &(0x7f0000000200)=[{}], 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f00000002c0)='-\'@eth1-GPLem0system*(&cpusetproc\x00', &(0x7f0000000340)) r5 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f00000003c0)=0x10000) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x228002, 0x0) io_submit(r6, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, r5}]) ioctl$VIDIOC_SUBDEV_S_CROP(r1, 0xc038563c, &(0x7f0000000280)={0x0, 0x0, {0x6, 0xffff, 0xffffffff, 0x7}}) [ 1016.199674][ T7558] ? lo_rw_aio+0x1120/0x1120 15:30:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1016.199691][ T7558] blkdev_ioctl+0xee8/0x1c40 [ 1016.199706][ T7558] ? blkpg_ioctl+0xa90/0xa90 [ 1016.199720][ T7558] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1016.199744][ T7558] ? __fget+0x35a/0x550 [ 1016.199762][ T7558] block_ioctl+0xee/0x130 [ 1016.199774][ T7558] ? blkdev_fallocate+0x410/0x410 [ 1016.199790][ T7558] do_vfs_ioctl+0xd6e/0x1390 [ 1016.199807][ T7558] ? ioctl_preallocate+0x210/0x210 [ 1016.199820][ T7558] ? __fget+0x381/0x550 [ 1016.199838][ T7558] ? ksys_dup3+0x3e0/0x3e0 [ 1016.199853][ T7558] ? do_sys_open+0x31d/0x5d0 [ 1016.199870][ T7558] ? tomoyo_file_ioctl+0x23/0x30 [ 1016.199884][ T7558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1016.199899][ T7558] ? security_file_ioctl+0x93/0xc0 [ 1016.199914][ T7558] ksys_ioctl+0xab/0xd0 [ 1016.199931][ T7558] __x64_sys_ioctl+0x73/0xb0 [ 1016.199947][ T7558] do_syscall_64+0x103/0x610 [ 1016.199965][ T7558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1016.199975][ T7558] RIP: 0033:0x458077 [ 1016.199989][ T7558] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1016.199997][ T7558] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1016.200010][ T7558] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1016.200018][ T7558] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1016.200025][ T7558] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1016.200034][ T7558] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1016.200041][ T7558] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1016.393813][ T7638] binder: 7620:7638 got transaction with invalid data ptr [ 1016.395516][ T7649] binder: BINDER_SET_CONTEXT_MGR already set 15:30:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000040)=0x9, 0xfffffffffffffffd) connect$nfc_llcp(0xffffffffffffffff, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000000)=0x0) capset(&(0x7f0000000080)={0x20071026, r0}, &(0x7f00000000c0)={0x3, 0x18, 0x3f, 0x6667, 0x80000007ff, 0x6}) 15:30:20 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) timer_create(0x4, &(0x7f0000000080)={0x0, 0x1}, &(0x7f00000000c0)=0x0) timer_delete(r1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x1, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r2 = syz_open_dev$cec(&(0x7f00000001c0)='/dev/cec#\x00', 0x1, 0x2) r3 = syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x9, 0x1) perf_event_open$cgroup(&(0x7f0000000140)={0x3, 0x70, 0x7fff, 0x5, 0x0, 0xffff, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x10000, 0x8001, 0x45f68762, 0x10000, 0x101, 0xfffffffffffff800, 0x8001, 0x0, 0xfffffffffffffffb, 0xf022196, 0x200, 0x3b6e244a, 0x10001, 0x8c5d, 0x7, 0x5e30, 0x10001, 0x0, 0x100, 0x4, 0x1000000000000000, 0x1, 0x83, 0xfd5, 0x101, 0xffff, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000100)}, 0x20, 0x400, 0x3ff, 0xb, 0x1, 0x7, 0x4}, r2, 0x2, r3, 0x3) semget$private(0x0, 0x7, 0x702) 15:30:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xa]}) 15:30:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00L\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1016.395539][ T7649] binder: 7620:7649 ioctl 40046207 0 returned -16 [ 1016.395734][ T8371] binder_release_work: 9 callbacks suppressed [ 1016.395741][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1016.510731][ T7695] FAULT_INJECTION: forcing a failure. [ 1016.510731][ T7695] name failslab, interval 1, probability 0, space 0, times 0 [ 1016.598143][ T7699] binder: 7698:7699 got transaction with invalid data ptr [ 1016.608841][ T7695] CPU: 1 PID: 7695 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1016.608850][ T7695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1016.608856][ T7695] Call Trace: [ 1016.608880][ T7695] dump_stack+0x172/0x1f0 [ 1016.608908][ T7695] should_fail.cold+0xa/0x15 [ 1016.627031][ T7700] binder: BINDER_SET_CONTEXT_MGR already set [ 1016.633346][ T7695] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1016.633372][ T7695] __should_failslab+0x121/0x190 [ 1016.633391][ T7695] should_failslab+0x9/0x14 [ 1016.633406][ T7695] kmem_cache_alloc+0x47/0x6f0 [ 1016.633428][ T7695] ? save_stack+0xa9/0xd0 [ 1016.641533][ T7700] binder: 7698:7700 ioctl 40046207 0 returned -16 [ 1016.649365][ T7695] ? save_stack+0x45/0xd0 [ 1016.649383][ T7695] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1016.649405][ T7695] radix_tree_node_alloc.constprop.0+0x1eb/0x340 [ 1016.649424][ T7695] idr_get_free+0x425/0x8d0 [ 1016.657714][ T7699] binder_alloc: 7698: binder_alloc_buf, no vma [ 1016.664522][ T7695] idr_alloc_u32+0x19e/0x330 [ 1016.664544][ T7695] ? __fprop_inc_percpu_max+0x230/0x230 [ 1016.664562][ T7695] ? mark_held_locks+0xf0/0xf0 [ 1016.664586][ T7695] idr_alloc_cyclic+0x132/0x270 [ 1016.670759][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1016.676961][ T7695] ? idr_alloc+0x150/0x150 [ 1016.676989][ T7695] __kernfs_new_node+0x171/0x690 [ 1016.677011][ T7695] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1016.690554][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 [ 1016.701768][ T7695] ? finish_task_switch+0x1f0/0x780 [ 1016.701783][ T7695] ? __switch_to_asm+0x34/0x70 [ 1016.701795][ T7695] ? __switch_to_asm+0x40/0x70 [ 1016.701815][ T7695] ? __schedule+0x81f/0x1cc0 [ 1016.701837][ T7695] ? __lock_acquire+0x548/0x3fb0 [ 1016.873349][ T7695] kernfs_new_node+0x99/0x130 [ 1016.878012][ T7695] kernfs_create_dir_ns+0x52/0x160 [ 1016.883110][ T7695] internal_create_group+0x7f8/0xc40 [ 1016.888373][ T7695] ? bd_set_size+0x89/0xb0 [ 1016.892783][ T7695] ? remove_files.isra.0+0x190/0x190 [ 1016.898072][ T7695] sysfs_create_group+0x20/0x30 [ 1016.902921][ T7695] lo_ioctl+0x10af/0x2150 [ 1016.907283][ T7695] ? lo_rw_aio+0x1120/0x1120 [ 1016.911897][ T7695] blkdev_ioctl+0xee8/0x1c40 [ 1016.916469][ T7695] ? blkpg_ioctl+0xa90/0xa90 [ 1016.921044][ T7695] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1016.926835][ T7695] ? __fget+0x35a/0x550 [ 1016.930992][ T7695] block_ioctl+0xee/0x130 [ 1016.935302][ T7695] ? blkdev_fallocate+0x410/0x410 [ 1016.940316][ T7695] do_vfs_ioctl+0xd6e/0x1390 [ 1016.944921][ T7695] ? ioctl_preallocate+0x210/0x210 [ 1016.950031][ T7695] ? __fget+0x381/0x550 [ 1016.954174][ T7695] ? ksys_dup3+0x3e0/0x3e0 [ 1016.958591][ T7695] ? do_sys_open+0x31d/0x5d0 [ 1016.963352][ T7695] ? tomoyo_file_ioctl+0x23/0x30 [ 1016.968272][ T7695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1016.974502][ T7695] ? security_file_ioctl+0x93/0xc0 [ 1016.979612][ T7695] ksys_ioctl+0xab/0xd0 [ 1016.983756][ T7695] __x64_sys_ioctl+0x73/0xb0 [ 1016.988332][ T7695] do_syscall_64+0x103/0x610 [ 1016.992905][ T7695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1016.998785][ T7695] RIP: 0033:0x458077 [ 1017.002670][ T7695] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1017.022270][ T7695] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1017.030659][ T7695] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1017.038612][ T7695] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1017.046560][ T7695] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1017.054521][ T7695] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1017.062474][ T7695] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1017.111280][ T7701] device nr0 entered promiscuous mode 15:30:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.effective_cpus\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x10400, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x800, 0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) 15:30:20 executing program 3 (fault-call:0 fault-nth:14): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1017.236344][ T7730] binder: 7709:7730 got transaction with invalid data ptr [ 1017.258771][ T7730] binder_transaction: 10 callbacks suppressed [ 1017.258789][ T7730] binder: 7709:7730 transaction failed 29201/-14, size 8192-0 line 3179 15:30:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x48]}) [ 1017.282572][ T7832] binder: BINDER_SET_CONTEXT_MGR already set [ 1017.288766][ T7832] binder: 7709:7832 ioctl 40046207 0 returned -16 [ 1017.295925][ T7730] binder_alloc: 7709: binder_alloc_buf, no vma [ 1017.302910][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1017.309635][ T7730] binder: 7709:7730 transaction failed 29189/-3, size 8192-0 line 3147 [ 1017.318215][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:20 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x1, 0x1) setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000000c0)=@int=0x1, 0x4) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:20 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000180)=0x0) ptrace$getregs(0xc, r2, 0x73fe, &(0x7f00000001c0)=""/177) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_rdma(&(0x7f0000000280)='127.0.0.1\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x1000002, &(0x7f0000000380)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@sq={'sq', 0x3d, 0x1e76}}, {@sq={'sq', 0x3d, 0x7ff}}, {@common=@cachetag={'cachetag', 0x3d, 'mime_type'}}], [{@smackfshat={'smackfshat', 0x3d, 'posix_acl_access{md5sum'}}]}}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000100)='}\x00') r6 = dup3(r5, r1, 0x80000) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r6, 0x84, 0x8, &(0x7f0000000080)=0x3fff8, 0x4) io_setup(0x4, &(0x7f00000000c0)=0x0) io_submit(r7, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1017.445772][ T7870] FAULT_INJECTION: forcing a failure. [ 1017.445772][ T7870] name failslab, interval 1, probability 0, space 0, times 0 [ 1017.486091][ T7870] CPU: 0 PID: 7870 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1017.494017][ T7870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1017.504074][ T7870] Call Trace: [ 1017.507379][ T7870] dump_stack+0x172/0x1f0 [ 1017.511723][ T7870] should_fail.cold+0xa/0x15 [ 1017.516325][ T7870] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1017.522144][ T7870] ? ___might_sleep+0x163/0x280 [ 1017.527013][ T7870] __should_failslab+0x121/0x190 [ 1017.527045][ T7881] binder: 7877:7881 transaction failed 29201/-14, size 8192-0 line 3179 [ 1017.531956][ T7870] should_failslab+0x9/0x14 [ 1017.531973][ T7870] kmem_cache_alloc+0x2b2/0x6f0 [ 1017.531986][ T7870] ? find_held_lock+0x35/0x130 [ 1017.532004][ T7870] ? kernfs_activate+0x192/0x1f0 [ 1017.532023][ T7870] __kernfs_new_node+0xef/0x690 [ 1017.532042][ T7870] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1017.532057][ T7870] ? lock_downgrade+0x880/0x880 [ 1017.532073][ T7870] ? kasan_check_write+0x14/0x20 [ 1017.532090][ T7870] ? __mutex_unlock_slowpath+0xf8/0x6b0 15:30:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x4c]}) 15:30:21 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x4000, 0x0) ioctl$SIOCX25GFACILITIES(r0, 0x89e2, &(0x7f0000000180)) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000200), &(0x7f0000000240)=0x4) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) open_by_handle_at(r1, &(0x7f0000001400)=ANY=[@ANYBLOB="081000000700000047efddb1ef92c499f33cbc9465d8b0dd764b85188ab95ecbd359556ea76188595692511c300b4edf15e22b5fc5d257365509353f00f2dd51ce60a5d9d6d13242ad74b5b2b95a303354c518ec24c4d362f21bd07ee993408665041d5c1ae37f2300bd3bd834ab320a0f21f7ec6daf4c3b2a5af34133e8e59edf46e799655ac81cfccdb99d9a150d0bd53633f01f5a1857f94b9ce5fd5c51a5868679bb959287723b769e689914bedea48625fbadcb5fe7e5cc10e9843a411a34e73564a09c388f5776cdb5a0919fa7e7fe56097f1f3f21a96b905f10513a3e3a518424c75648cc9d53411436e29ef2e39ce62bb7ee9c3e73d4e4463427ec47e85c28e9afd8bf571e5dabaa275ce56d67612bb7d362e9150631adf8eade3781b6a3058bccb11d7b79dc09f51d1dc9db471a8f6b2c204118bd6979c5bc2f3cafba62f3e8fdfa2074780764a85b18256ce5b13e3296c73a6a6e640ca63fc04f0571d444a6add25c04004a0e32a51856c79a17343f76bdef9eab569999f5230a5790b16ae4cd5e186b1c1662ad9c6304ffb2bccf0d7e3e7dca081bb362837152bd9f329eb1d3eec61e7f2275f1e7cae2b7ca7bd43ef1fd012a1dc829e685415f203b276af42926f27223a55046ed0236fc7f477d22b2f1b2c97eacc8387b8b9bccc70f6d6a7f722c1b6d6607fae97acd9e9acd9a75918b5f89a5be213e44805f01bcb8a19dd9bf6a412d3b3cca150a0123dd312e6006736cd0614a00fd1ccb6dead2e671c02bc298d8a5dc671eea5bb6ca49e0f08bb7f5a37c73a27b7e47df04e4bc9cd3ef7ac0c435f0efdd65054f66019f1b655172672099e3a35450fd7bf0d1ad49d56cdead76825a4c16fc38045943422e68a97f5dafd2bc556299eb03e42a20ef85dca1ff164630fc73caa444031f3abc1130b625946e74525563a07ab4d25f5795a5deb1802b3fbdce6cbdb4a5a783b71ec275a651b83a50a05f85275147bce7d8ee21712001e858a15d91b84b6f423313d8a475621ccc16e6842fd3a0164367e0e37d7a0db297384a634e88977002faff8cc597ca26660a4b05563a1f542513892f0819fe9a004426ba52025e0387e1b44e6839a6500d3e24c1055624360b1296cefc3e03c3462fffa18ebc7255e929f0f1e06ae44144363c77249af01bcd04b8e200c141d0b5b6b160e5d1e781a2c78ade17ff3709d436c87ef2964f5ec704142a32be3ff78e4e7cace3e95833d801a8cfc7c37cb4084500db6f8510e647b9345b9dd929aec64a80b7b4de2c44b05bb2fde217d3afaac22ff9e1f4be812da40f2bd6990d76d9fbb17bc5e69a849e892c6d181bef8f4b640d2c0cb9167bc75ecb94d117210349824578dcefeb5ef1274fab110fcb5882f297819b0fdc20ac17e037bde17e332fc382e734d252d213745e21fa4515cb4b9bcdd5a14636a2a0acd37b8cb64948dcfb32cf38f2eacff9517a2d09441b63292aacfbb223992af2d6dd755aacc9f55e8511c33c53a47d893548bfae0882700f687b2c2a883a6456936f640c8651a84b3039f327c911a401349644418a67fff1f4fa32c0e78ea02240a14949582c73469f4b1c8f1573808c280b889602208af88b6b471acebc3fa5992c6a679f68581b262f5c913acff0d6d3712afe194dcb2944915fbb989ac818a0d673c11808c38d0fc87e60e393dae67f17764c707cb1ca29f9adab2d6c9793e4590a68dae39a753ba5489c11864ffc45e370de2944a4d37666e26d495c0610dbe3cdc84ec25740c8cb4c96db84bb499931dccd05cb2b55d1899263fc9c0631aa68b9520fa12584d399b758817a48c9eec063227acc44f09ae93b815a207fafd1a7e873ec4d0a2c740487bc64472165cc3ecb7b53d77778dfdbe2b4e46452960b5d6cb2c3cd5ea0baba73b603c39b8b3564e359072e32ec5bf45187601192e84847e54baf42db8aab25ab47fd90c46e705471a8dbf099666b9707a5a241c52186175b244a8b59484f8a9a1a27ba6fb7e52f9679974ea9e49e94939654f682559cf58fb572ec3fe90382dba57731a3193d90a37fed72f922dcf99f9dba14af4200000000000000070a0046d5dc16c5ca6ce601da2f9d604f7e81a6230c97963644ff18cc7b036e5399c1e69a2227884bc03696caab659606ea8afb4678d0433c773e4007a49fd8a12fcc3a0d29e3368bd03495266b2b91b4d037a7e4653b91c3904d8cf7f491ee47391c2fb35d490cdea0f9f69484fb1962ae669b085773244112e41e02393556aba7a35ecae9b7b725a980bc8dac08e229eb558849574afa3d2ce2375ee6bd787bc8572721bf52fb61e29ac21354f35e3eb4d5d1a6f9212aee614732e70387b98ec5f0a9cbe1f5e542abbb5f1bd3520eca58b805c645b0f5d40d799ffa851da0512fcfba85d4172a410bdf8bd3f6fc533edaf87d0d655fbf433c7d32edc8469f6c697c45bb2cd08a30cf83ea833f4b551660966b8eefaad2046f05136c41cf06b86aa4b002b54767870d177142ca9450397dde534555bac15163610c098cc46d5a93fa5279a65b631d23f756b753141b8a6c59c5677ac0771b040000000a06a1cd5a19d4b96ab538d7a7012cb53c986565ad1c8a78106359e7c26ec14456dc3be12efbfd778d12bdbd73efb224cd658b28343a075b66f0e9618e62d2cc2fd28db6c3a3ad0ac4a013e9fe8f04b12b2aad126404d881423f02cd09ca0dae615f20d3433b9135ee1b87f72d2cc286be7a00996aa8a58e2f338bf1a0176e22e831f3c884cc6e098ae03b2a38f0d3a629b80afb4581561a9667ff7288f12a3b15d286fe64863f7b9e29ce2f98ae250ddd61ad0b037121e7fcf2f10f472aa7340f9994a5a0fab193495f61b833067eaabaeab3a54dfe3b04f8379c037c9ccde32f097e54dd5883cb77f9d4ffe106e0fa7c85e64a5433970c8e569dbffc1ea1a0ebdf7d268ab32fa17e3f8ae301e6b5cc0d6aaaecfe2694b6ac9f98af1a1d58396daaede2266c29417547d14f35fcb4f656c3a607baf46f47303e9d7bb99523893df8c0865ded6a8713455663a4368a87f9421a72e72e93b835ca4e1ea3c6ff5e91aa7ac2cf39de44e9a9125d99dc4c2ffbbb1525a83dc8728e45e65935715da51b2bcb5bde1e0d15c653851d670c6f4fb963a133d2526ca2166d91c8e10c4b047f2f74113bd4352d399cc9182f76ca95289597f072fbad3c03dde2349dcba6457b871d64ed5da5c1f6443f336f31d20104c85a3ce3740883101c2378a8e20870c3df8248594c3966e82a363c107c13f3a8401cf14fc799eec4dc17866d43e7a2e0ec40f6ddbdf5421f4c5143fae91452f69b1423bfc4fe02f128b888f9944702983c09e469dd79da0c6661e9127b2a62c53118477620bea2e8d1abee722c526b4a6bdf307313bad7c1f0b6b8609432939343998de076c223f2c87d2d0ba66240c392a87f2003b80bc8992435e0118844b56de65cf0ca3756d1fc67d0d0888e70fc60463d59e24423d82f48e797442ad5edb8811e81cc17da66676e1cf711217be311b397d62beee4566f5ed2ac1afa65de4f475476666b1b5423c0455c395154a395315a1ba03c6c3768d3d4b539c92eac7ae6e8b9cbae4cd67f696b6004792abdd2568264cb2219771b9601990d4485966681acdf8bb40412f866d4bfa221d109ed27f5c0e981ebb6ce26cd97eb1bb17a80e696d86e898c7ead09770067bf0de14fb971bd0003fb29c5bb0596622b31a2ba5da0c2614551053a60ca195b24df4a17639ba9b7cb313e6f6aeb91cdf2572ae806ba27425c55017b99ba4649fea1fe98b9dce0b3a374f4b3fa04ca740af96e7ea7a5b4ba64aaf3483e53394af5efa2500cc9190cad9da24c9dcc857fe534a3670132c929746276f9e8dd0a2082229674166f8909df5c30ca0ba5a77e0a649556f8e22b8e60b832741225d10aaca4e0a01e8133bb50152db1bd9c918b350d6ac83d6e228d2f8253909d45325a55f4f9085804f5cf9202d1f4e776dbafbddccbf0a5a9ee06e190ab40fda34c9e8c73f9a7a156e20cc551cd2a28dc9f54cab668fa6022a3fded5ecdea6bf174dd66a2cfde6d433c9a64cdcbb11c3b49016c88671e322d794110201fa16d9e0d06250ab4ea13a9da284a6f88424bdcde0d0465fb3c672b35987ca848c5dcaed233aede9820c6c3b06a62a8a7447682cf993f99b522587edbe3a5cc2c7cad8f4ccd0c460352e7841f8fc7cb0c495bba7d9b102608eac72c88bcf47f4891beca1ef1ca5114d4db15eca0eb65182e5a7c109eb4c6bc24548d31acfba7da5ed6b208e8429c0c1476fc9b3657f9dd675424ad16bf1a8a3d90e9b8898c4c7dfd82452b02889653a7221fb24566adb19b7735895c3042ad7a27dad10da9f9694010df88fc2aa1ed7f887cd4ddea37ff0a12a9be47046ac341fb18bc4e271a758e708416f1a96e4b99547bc3df6a24c7a1bf202b3e0b131cb5c7270febe63a4d351d7c3fc22b295bbea097f99c5a883cb6a307ab518bbb703597f2358f2d5c67ee170a7f00de0e5223322814b68432776e927499ede5295f7eb79f3139f6e055b1bb76ea8fa621e96e93167ededece91e78143f177ffae0161f3a9e564efcd066c147415a27b5b3e6c8671e453ed33eeb37d50981149f43a1a8e035848f6ece1b1e8a0c50e3fb25f75003541d520ef5bd562a02613e1b01ab3ba2bb600e1b7421bbb8d6fa306626a9707aaf565262f981aca08c510372bfd55d9eb4927a8dca7997982550b7ec6b6c4eab0e3b069d9c475e5b75d9361bff8e662b30b34951dab122fe4b46aece50be1c22fd30c6455cc322b01104bfe133689077608f262bdb465e6f27b8033051b75babdf6a1edb72f35acf82cfd9ff71901678f9eda2c06c93959f0a637c58563128b79fefbe0fb868fcbb65f49b64708b246d5260115511ce2600752ff90b408cdc2f3399607c19272ec057856170e3f1c9c0d578ffffe70ff858f491782b399150acdd22fd4680f5249f38119077797a697bb0960fb35f8cb614f8447efe11500de3f6dbaf09d315734b83905a8f5d5b7f3db19e6a24d6c0965af6e3359e4020238d9ba7ecbee019dd5392980c90f4d32c38f66eae56fc157e5e8fa8f624cffd96ac68c348dc00b011589200ad13bea0b521c5cde5844379a27ee9f9f2f6dd46ee2fdea622e73850037ddfb748476239ccb7ab85f59e1534e77560498e151bb59a8babc6fa013582c9a704eacc3e080434f8bca9f9b56f83f1434f5579f8d77a27d3b6c89122c10dce31737aaa288c75f2a48c826155689f714e1a709b702e15c2d09b59026ddf3dc038b465d13ac69cff4d1de1fd155f7afef2cc8a48073cce0b395aab2183bb4130631e1d5d3f2e83008405dff8c3b56265dc8f360285a9ac9146c648b96759d8d3ffa3d69704e60cca01079649a464eeccd1f47df26916468ce72baf8b53335ee4c57266de25b45f5ac1d3e9b4bd25a1511ebdba4db087bd3a3a8e2531ed3223ea87df943849c678eddc20e82216e71f4a2da9760bc30b0eb4193f27dceb41a9a3b4e01814f4a208e9a99fdcc19718f408da78002d6ef0e2a46c0e0df8ff2fc1d573d673cc4dfa79545f1e1644b48acd2aff07ccd727aa56af3323c34795fcbddf672c756179773d956887002a6bd3f40c097822390ae6a898efd552c7be188b5f9242ca61cee8be8d336fc174ddb42d9ce7f0c79632f21248deb73ccd7008aa3a81b2a679c9a74336f5170d7b8e1750e03ac68a65b360574aa073b3dfa12cb21ddbc12aaa8300ce09ff400000000000000000000000000000000"], 0xa880) r3 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x5, 0x20040) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000100)={0xf000, &(0x7f00000000c0), 0x7, r3, 0x8}) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f00000001c0)={0xc077, 0x3}) ioctl$VHOST_SET_VRING_ENDIAN(r3, 0x4008af13, &(0x7f0000000080)={0x3, 0xee}) delete_module(&(0x7f0000000000)='eth1\\@vmnet1\x00', 0xa00) [ 1017.532109][ T7870] ? wait_for_completion+0x440/0x440 [ 1017.532131][ T7870] kernfs_new_node+0x99/0x130 [ 1017.532150][ T7870] __kernfs_create_file+0x51/0x340 [ 1017.532165][ T7870] sysfs_add_file_mode_ns+0x222/0x560 [ 1017.532191][ T7870] internal_create_group+0x35b/0xc40 [ 1017.532205][ T7870] ? bd_set_size+0x89/0xb0 [ 1017.532226][ T7870] ? remove_files.isra.0+0x190/0x190 [ 1017.532251][ T7870] sysfs_create_group+0x20/0x30 [ 1017.532268][ T7870] lo_ioctl+0x10af/0x2150 [ 1017.532289][ T7870] ? lo_rw_aio+0x1120/0x1120 [ 1017.532307][ T7870] blkdev_ioctl+0xee8/0x1c40 [ 1017.532330][ T7870] ? blkpg_ioctl+0xa90/0xa90 [ 1017.551473][ T7883] binder: BINDER_SET_CONTEXT_MGR already set [ 1017.554736][ T7870] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1017.559662][ T7883] binder: 7877:7883 ioctl 40046207 0 returned -16 [ 1017.564504][ T7870] ? __fget+0x35a/0x550 [ 1017.564534][ T7870] block_ioctl+0xee/0x130 [ 1017.564548][ T7870] ? blkdev_fallocate+0x410/0x410 [ 1017.564566][ T7870] do_vfs_ioctl+0xd6e/0x1390 [ 1017.564586][ T7870] ? ioctl_preallocate+0x210/0x210 15:30:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1017.564600][ T7870] ? __fget+0x381/0x550 [ 1017.564622][ T7870] ? ksys_dup3+0x3e0/0x3e0 [ 1017.564642][ T7870] ? do_sys_open+0x31d/0x5d0 [ 1017.577912][ T7881] binder_alloc: 7877: binder_alloc_buf, no vma [ 1017.579935][ T7870] ? tomoyo_file_ioctl+0x23/0x30 [ 1017.585625][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1017.590735][ T7870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1017.590753][ T7870] ? security_file_ioctl+0x93/0xc0 [ 1017.590773][ T7870] ksys_ioctl+0xab/0xd0 15:30:21 executing program 3 (fault-call:0 fault-nth:15): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1017.590792][ T7870] __x64_sys_ioctl+0x73/0xb0 [ 1017.590812][ T7870] do_syscall_64+0x103/0x610 [ 1017.590832][ T7870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1017.590844][ T7870] RIP: 0033:0x458077 [ 1017.590858][ T7870] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1017.590865][ T7870] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1017.590877][ T7870] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1017.590886][ T7870] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1017.590894][ T7870] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1017.590910][ T7870] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1017.606018][ T7870] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1017.625347][ T7881] binder: 7877:7881 transaction failed 29189/-3, size 8192-0 line 3147 [ 1017.635172][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:21 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f00000000c0)) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x40, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x4000, 0x0) ioctl$RTC_VL_CLR(r2, 0x7014) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000080)={0x0, 0x9, 0x0, 0x400}) ioctl$TIOCCONS(r1, 0x541d) [ 1017.872072][ T7953] binder: 7947:7953 transaction failed 29201/-14, size 8192-0 line 3179 15:30:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x68]}) [ 1017.930917][ T8002] binder: BINDER_SET_CONTEXT_MGR already set [ 1017.936944][ T8002] binder: 7947:8002 ioctl 40046207 0 returned -16 15:30:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaf, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1018.023966][ T7953] binder_alloc: 7947: binder_alloc_buf, no vma [ 1018.024884][ T8013] FAULT_INJECTION: forcing a failure. [ 1018.024884][ T8013] name failslab, interval 1, probability 0, space 0, times 0 [ 1018.037644][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1018.049746][ T7953] binder: 7947:7953 transaction failed 29189/-3, size 8192-0 line 3147 [ 1018.056854][ T8013] CPU: 0 PID: 8013 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 15:30:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x6c]}) [ 1018.065877][ T8013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1018.067627][ T17] binder: undelivered TRANSACTION_ERROR: 29189 [ 1018.075925][ T8013] Call Trace: [ 1018.075950][ T8013] dump_stack+0x172/0x1f0 [ 1018.075971][ T8013] should_fail.cold+0xa/0x15 [ 1018.075997][ T8013] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1018.100112][ T8013] ? ___might_sleep+0x163/0x280 [ 1018.104970][ T8013] __should_failslab+0x121/0x190 [ 1018.109888][ T8013] should_failslab+0x9/0x14 [ 1018.114393][ T8013] kmem_cache_alloc+0x2b2/0x6f0 [ 1018.119243][ T8013] ? lock_downgrade+0x880/0x880 [ 1018.124076][ T8013] ? kasan_check_read+0x11/0x20 [ 1018.128908][ T8013] __kernfs_new_node+0xef/0x690 [ 1018.133737][ T8013] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1018.139173][ T8013] ? wait_for_completion+0x440/0x440 [ 1018.144440][ T8013] ? mutex_unlock+0xd/0x10 [ 1018.148836][ T8013] ? kernfs_activate+0x192/0x1f0 [ 1018.153755][ T8013] kernfs_new_node+0x99/0x130 [ 1018.158410][ T8013] __kernfs_create_file+0x51/0x340 [ 1018.163554][ T8013] sysfs_add_file_mode_ns+0x222/0x560 [ 1018.168910][ T8013] internal_create_group+0x35b/0xc40 [ 1018.174253][ T8013] ? bd_set_size+0x89/0xb0 [ 1018.178650][ T8013] ? remove_files.isra.0+0x190/0x190 [ 1018.183918][ T8013] sysfs_create_group+0x20/0x30 [ 1018.188749][ T8013] lo_ioctl+0x10af/0x2150 [ 1018.193080][ T8013] ? lo_rw_aio+0x1120/0x1120 [ 1018.197649][ T8013] blkdev_ioctl+0xee8/0x1c40 [ 1018.202222][ T8013] ? blkpg_ioctl+0xa90/0xa90 [ 1018.206790][ T8013] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1018.212601][ T8013] ? __fget+0x35a/0x550 [ 1018.216738][ T8013] block_ioctl+0xee/0x130 [ 1018.221047][ T8013] ? blkdev_fallocate+0x410/0x410 [ 1018.226047][ T8013] do_vfs_ioctl+0xd6e/0x1390 [ 1018.230617][ T8013] ? ioctl_preallocate+0x210/0x210 [ 1018.235703][ T8013] ? __fget+0x381/0x550 [ 1018.239857][ T8013] ? ksys_dup3+0x3e0/0x3e0 [ 1018.244253][ T8013] ? do_sys_open+0x31d/0x5d0 [ 1018.248822][ T8013] ? tomoyo_file_ioctl+0x23/0x30 [ 1018.253749][ T8013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1018.259978][ T8013] ? security_file_ioctl+0x93/0xc0 [ 1018.265072][ T8013] ksys_ioctl+0xab/0xd0 [ 1018.269206][ T8013] __x64_sys_ioctl+0x73/0xb0 [ 1018.273775][ T8013] do_syscall_64+0x103/0x610 [ 1018.278344][ T8013] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1018.284215][ T8013] RIP: 0033:0x458077 [ 1018.288088][ T8013] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1018.307668][ T8013] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1018.316052][ T8013] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 15:30:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1018.323997][ T8013] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1018.331945][ T8013] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1018.339890][ T8013] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1018.347863][ T8013] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:21 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x79e, 0x204000) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000280)='/dev/cachefiles\x00', 0x4000, 0x0) setsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f00000002c0)={0x1}, 0x2) ioctl$KVM_GET_PIT(r3, 0xc048ae65, &(0x7f0000000180)) syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x78, 0x200) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, &(0x7f0000000080)=0x1, &(0x7f00000000c0)=0x4) syz_init_net_socket$x25(0x9, 0x5, 0x0) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r6, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1018.451617][ T8074] binder_transaction: 2 callbacks suppressed [ 1018.451628][ T8074] binder: 8022:8074 got transaction with invalid data ptr 15:30:21 executing program 3 (fault-call:0 fault-nth:16): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x74]}) 15:30:22 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x800, 0x0) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000040)) fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) connect$nfc_llcp(r0, &(0x7f00000001c0)={0x27, 0x1, 0x1, 0x7, 0x200, 0x8, "cdc6ea9f49ff4d66a3ec8c046deead36119ff48a6169ed927bdfde814043097ef0a85ee7b999ab232d119fa9321c3903042f2be2b838726070e76bd2b0a7ac", 0x27}, 0x60) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, 0x0, 0x0) ioctl$TUNSETOWNER(r1, 0x400454cc, r2) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2000000001, 0x1) finit_module(r0, &(0x7f0000000000)='\x00', 0x1) ioctl$SIOCAX25CTLCON(r1, 0x89e8, &(0x7f0000000240)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, 0xf, 0x6d, 0x0, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) getsockopt$nfc_llcp(r3, 0x118, 0x7, &(0x7f00000002c0)=""/11, 0xb) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000300)={0x1, [0x792]}, 0x6) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x4, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) membarrier(0x13, 0x0) [ 1018.539823][ T8074] binder: 8022:8074 transaction failed 29201/-14, size 8192-0 line 3179 15:30:22 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x40000000000000, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1018.600904][ T8138] binder: BINDER_SET_CONTEXT_MGR already set [ 1018.621384][ T8138] binder: 8022:8138 ioctl 40046207 0 returned -16 15:30:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x7a]}) [ 1018.651314][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1018.682945][ T8121] device nr0 entered promiscuous mode [ 1018.686600][ T8145] Unknown ioctl 1074025676 [ 1018.734058][ T8145] Unknown ioctl 35304 [ 1018.756813][ T8147] FAULT_INJECTION: forcing a failure. [ 1018.756813][ T8147] name failslab, interval 1, probability 0, space 0, times 0 [ 1018.773409][ T8152] Unknown ioctl 1074025676 [ 1018.780972][ T8153] binder: 8149:8153 got transaction with invalid data ptr [ 1018.785090][ T8147] CPU: 0 PID: 8147 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1018.794787][ T8145] Unknown ioctl 35304 15:30:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1018.795985][ T8147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1018.795993][ T8147] Call Trace: [ 1018.796030][ T8147] dump_stack+0x172/0x1f0 [ 1018.796081][ T8147] should_fail.cold+0xa/0x15 [ 1018.796100][ T8147] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1018.796121][ T8147] ? ___might_sleep+0x163/0x280 [ 1018.796141][ T8147] __should_failslab+0x121/0x190 [ 1018.796160][ T8147] should_failslab+0x9/0x14 [ 1018.796183][ T8147] kmem_cache_alloc+0x2b2/0x6f0 [ 1018.815573][ T8153] binder: 8149:8153 transaction failed 29201/-14, size 8192-0 line 3179 15:30:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1018.817790][ T8147] ? lock_downgrade+0x880/0x880 [ 1018.817807][ T8147] ? kasan_check_read+0x11/0x20 [ 1018.817838][ T8147] __kernfs_new_node+0xef/0x690 [ 1018.839106][ T8154] binder: BINDER_SET_CONTEXT_MGR already set [ 1018.842448][ T8147] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1018.842470][ T8147] ? wait_for_completion+0x440/0x440 [ 1018.842495][ T8147] ? mutex_unlock+0xd/0x10 [ 1018.842509][ T8147] ? kernfs_activate+0x192/0x1f0 [ 1018.842537][ T8147] kernfs_new_node+0x99/0x130 [ 1018.842560][ T8147] __kernfs_create_file+0x51/0x340 [ 1018.842581][ T8147] sysfs_add_file_mode_ns+0x222/0x560 [ 1018.850409][ T8154] binder: 8149:8154 ioctl 40046207 0 returned -16 [ 1018.855744][ T8147] internal_create_group+0x35b/0xc40 [ 1018.855760][ T8147] ? bd_set_size+0x89/0xb0 [ 1018.855791][ T8147] ? remove_files.isra.0+0x190/0x190 [ 1018.867172][ T8153] binder_alloc: 8149: binder_alloc_buf, no vma [ 1018.870311][ T8147] sysfs_create_group+0x20/0x30 [ 1018.870331][ T8147] lo_ioctl+0x10af/0x2150 [ 1018.870352][ T8147] ? lo_rw_aio+0x1120/0x1120 [ 1018.870370][ T8147] blkdev_ioctl+0xee8/0x1c40 [ 1018.870387][ T8147] ? blkpg_ioctl+0xa90/0xa90 [ 1018.870402][ T8147] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1018.870427][ T8147] ? __fget+0x35a/0x550 [ 1018.878033][ T8153] binder: 8149:8153 transaction failed 29189/-3, size 8192-0 line 3147 [ 1018.881851][ T8147] block_ioctl+0xee/0x130 [ 1018.881867][ T8147] ? blkdev_fallocate+0x410/0x410 [ 1018.881884][ T8147] do_vfs_ioctl+0xd6e/0x1390 [ 1018.881905][ T8147] ? ioctl_preallocate+0x210/0x210 [ 1018.881918][ T8147] ? __fget+0x381/0x550 [ 1018.881939][ T8147] ? ksys_dup3+0x3e0/0x3e0 [ 1018.881964][ T8147] ? do_sys_open+0x31d/0x5d0 [ 1019.012059][ T8147] ? tomoyo_file_ioctl+0x23/0x30 [ 1019.016981][ T8147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1019.023212][ T8147] ? security_file_ioctl+0x93/0xc0 [ 1019.028311][ T8147] ksys_ioctl+0xab/0xd0 [ 1019.032467][ T8147] __x64_sys_ioctl+0x73/0xb0 [ 1019.037047][ T8147] do_syscall_64+0x103/0x610 [ 1019.041617][ T8147] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1019.047505][ T8147] RIP: 0033:0x458077 [ 1019.051384][ T8147] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1019.070967][ T8147] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1019.079381][ T8147] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1019.087343][ T8147] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1019.095318][ T8147] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1019.103267][ T8147] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1019.111216][ T8147] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1019.130367][ C1] net_ratelimit: 16 callbacks suppressed [ 1019.130375][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1019.130402][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1019.136058][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:30:22 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.events\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='mime_type/}keyringvmnet0\x00', r1}, 0x10) [ 1019.141848][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1019.147553][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1019.153238][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1019.158951][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1019.164723][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1019.181911][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:22 executing program 3 (fault-call:0 fault-nth:17): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1019.262332][ T8163] binder: 8161:8163 got transaction with invalid data ptr 15:30:22 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8, 0x11010, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x5, &(0x7f00000001c0)=0x0) io_submit(r4, 0x358, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0}]) 15:30:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xbf]}) [ 1019.324432][ T8163] binder: 8161:8163 transaction failed 29201/-14, size 8192-0 line 3179 15:30:22 executing program 2: r0 = open(&(0x7f0000000080)='./file0\x00', 0x10002, 0xa) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x9, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0xb6, 0x1, "1dcbb7821775e9b458223e51408a688f6aafe1d93602eb83840440441e74927433d5994511ea06f527de2afc88b488e56a38dc513eba3b5f473a5efedcf4323f6b44e7cddd4af36d5ba2b2993b8632b393d1b1931a37c8b88093ab4696814d8594cc99019b2346e584d99eef08b098e06b8f581a49d8c4f9dea4a17795c695917861b764ea59b83b4229c2278e929be6066a6df26f52bc62a4b4ac8315b049ba8be27d4df0113818c1bb818760b5"}, &(0x7f0000000040), 0x1400) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1019.422448][ T8278] binder: BINDER_SET_CONTEXT_MGR already set [ 1019.443629][ T8278] binder: 8161:8278 ioctl 40046207 0 returned -16 [ 1019.474060][ T8279] FAULT_INJECTION: forcing a failure. [ 1019.474060][ T8279] name failslab, interval 1, probability 0, space 0, times 0 [ 1019.487085][ T8279] CPU: 0 PID: 8279 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1019.495020][ T8279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1019.504404][ T8289] device nr0 entered promiscuous mode [ 1019.505087][ T8279] Call Trace: [ 1019.513995][ T8279] dump_stack+0x172/0x1f0 [ 1019.518332][ T8279] should_fail.cold+0xa/0x15 15:30:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xfd]}) 15:30:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000300000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@remote}}, &(0x7f0000000140)=0xe8) getgroups(0x1, &(0x7f0000000180)=[0xffffffffffffffff]) write$FUSE_CREATE_OPEN(r0, &(0x7f00000001c0)={0xa0, 0x0, 0x7, {{0x5, 0x1, 0xfffffffffffffdbb, 0x6, 0x100000000, 0xfffffffffffffffe, {0x2, 0x80, 0xfff, 0x4, 0x401, 0x4, 0xfffffffffffffff8, 0x7, 0x8, 0x9, 0x2, r1, r2, 0x2, 0x7}}, {0x0, 0x1}}}, 0xa0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$llc_int(r0, 0x10c, 0x7, &(0x7f0000000280)=0x9, 0x4) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:23 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$VIDIOC_RESERVED(0xffffffffffffffff, 0x5601, 0x0) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1019.522942][ T8279] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1019.528744][ T8279] ? __save_stack_trace+0x99/0x100 [ 1019.533864][ T8279] __should_failslab+0x121/0x190 [ 1019.538811][ T8279] should_failslab+0x9/0x14 [ 1019.543339][ T8279] kmem_cache_alloc+0x47/0x6f0 [ 1019.548113][ T8279] ? save_stack+0xa9/0xd0 [ 1019.552447][ T8279] ? save_stack+0x45/0xd0 [ 1019.556784][ T8279] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1019.562602][ T8279] ? kasan_slab_alloc+0xf/0x20 [ 1019.567371][ T8279] radix_tree_node_alloc.constprop.0+0x1eb/0x340 [ 1019.573706][ T8279] idr_get_free+0x425/0x8d0 [ 1019.578231][ T8279] idr_alloc_u32+0x19e/0x330 [ 1019.582823][ T8279] ? __fprop_inc_percpu_max+0x230/0x230 [ 1019.588362][ T8279] ? mark_held_locks+0xf0/0xf0 [ 1019.593111][ T8279] idr_alloc_cyclic+0x132/0x270 [ 1019.597951][ T8279] ? idr_alloc+0x150/0x150 [ 1019.602383][ T8279] __kernfs_new_node+0x171/0x690 [ 1019.607333][ T8279] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1019.612774][ T8279] ? wait_for_completion+0x440/0x440 [ 1019.618077][ T8279] ? mutex_unlock+0xd/0x10 [ 1019.622536][ T8279] ? kernfs_activate+0x192/0x1f0 [ 1019.627475][ T8279] kernfs_new_node+0x99/0x130 [ 1019.632149][ T8279] __kernfs_create_file+0x51/0x340 [ 1019.637275][ T8279] sysfs_add_file_mode_ns+0x222/0x560 [ 1019.642646][ T8279] internal_create_group+0x35b/0xc40 [ 1019.647924][ T8279] ? bd_set_size+0x89/0xb0 [ 1019.652339][ T8279] ? remove_files.isra.0+0x190/0x190 [ 1019.657630][ T8279] sysfs_create_group+0x20/0x30 [ 1019.662471][ T8279] lo_ioctl+0x10af/0x2150 [ 1019.666809][ T8279] ? lo_rw_aio+0x1120/0x1120 [ 1019.671405][ T8279] blkdev_ioctl+0xee8/0x1c40 [ 1019.675990][ T8279] ? blkpg_ioctl+0xa90/0xa90 [ 1019.680580][ T8279] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1019.686385][ T8279] ? __fget+0x35a/0x550 [ 1019.690550][ T8279] block_ioctl+0xee/0x130 [ 1019.694873][ T8279] ? blkdev_fallocate+0x410/0x410 [ 1019.699891][ T8279] do_vfs_ioctl+0xd6e/0x1390 [ 1019.704481][ T8279] ? ioctl_preallocate+0x210/0x210 [ 1019.709575][ T8279] ? __fget+0x381/0x550 [ 1019.713714][ T8279] ? ksys_dup3+0x3e0/0x3e0 [ 1019.718111][ T8279] ? do_sys_open+0x31d/0x5d0 [ 1019.722722][ T8279] ? tomoyo_file_ioctl+0x23/0x30 [ 1019.727687][ T8279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1019.733912][ T8279] ? security_file_ioctl+0x93/0xc0 [ 1019.739017][ T8279] ksys_ioctl+0xab/0xd0 [ 1019.743171][ T8279] __x64_sys_ioctl+0x73/0xb0 [ 1019.747753][ T8279] do_syscall_64+0x103/0x610 [ 1019.752342][ T8279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1019.758229][ T8279] RIP: 0033:0x458077 [ 1019.762110][ T8279] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1019.781726][ T8279] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1019.790137][ T8279] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1019.798112][ T8279] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1019.806079][ T8279] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1019.814050][ T8279] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1019.822024][ T8279] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x300]}) [ 1019.952799][ T8302] binder: 8297:8302 got transaction with invalid data ptr 15:30:23 executing program 3 (fault-call:0 fault-nth:18): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:23 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e22, 0xf24, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x80}}, 0x6, 0x1, 0x3ff, 0x5, 0x800}, &(0x7f0000000180)=0x98) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000340)={r4, @in={{0x2, 0x4e21, @local}}, [0x2, 0x5, 0xfe22, 0x7, 0x0, 0x2, 0x7bef6b3b, 0x8, 0x100000001, 0x2, 0x43, 0x3ff, 0x9, 0x1, 0x3]}, &(0x7f00000001c0)=0x100) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r5, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x7, 0x202300) getsockopt$netlink(r0, 0x10e, 0x7, &(0x7f0000000100)=""/43, &(0x7f0000000140)=0x2b) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f00000001c0), &(0x7f0000000200)=0x4) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000004}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000302bd02e28bd7000a7b634fedbdff98cc9cb00ff03000098e57223ab434b0806abf176663a007f0e187de82db831b8f5e5979d6f0f4c8d35f19059e3236d84dded7d3dad64e727e398104112d384ef832aed4a31c098b0210afa22a17161b1e2b43f8fb0"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x41) r2 = shmget$private(0x0, 0x3000, 0x1c34, &(0x7f0000ffb000/0x3000)=nil) shmctl$IPC_INFO(r2, 0x3, &(0x7f00000013c0)=""/4096) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x5, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1019.997836][ T8358] binder_alloc: binder_alloc_mmap_handler: 8297 20000000-20002000 already mapped failed -16 [ 1020.060047][ T8361] binder: BINDER_SET_CONTEXT_MGR already set [ 1020.070101][ T8361] binder: 8297:8361 ioctl 40046207 0 returned -16 15:30:23 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x4002, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 15:30:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000500000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1020.161451][ T8421] FAULT_INJECTION: forcing a failure. [ 1020.161451][ T8421] name failslab, interval 1, probability 0, space 0, times 0 [ 1020.188734][ T8421] CPU: 0 PID: 8421 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1020.196644][ T8421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1020.206694][ T8421] Call Trace: 15:30:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x500]}) [ 1020.210009][ T8421] dump_stack+0x172/0x1f0 [ 1020.214359][ T8421] should_fail.cold+0xa/0x15 [ 1020.218955][ T8421] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1020.224772][ T8421] ? ___might_sleep+0x163/0x280 [ 1020.229638][ T8421] __should_failslab+0x121/0x190 [ 1020.234589][ T8421] should_failslab+0x9/0x14 [ 1020.239103][ T8421] kmem_cache_alloc_trace+0x2d1/0x760 [ 1020.244499][ T8421] kobject_uevent_env+0x2fb/0x1030 [ 1020.249647][ T8421] kobject_uevent+0x20/0x26 [ 1020.254184][ T8421] lo_ioctl+0x112b/0x2150 15:30:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1020.258518][ T8421] ? lo_rw_aio+0x1120/0x1120 [ 1020.263147][ T8421] blkdev_ioctl+0xee8/0x1c40 [ 1020.267745][ T8421] ? blkpg_ioctl+0xa90/0xa90 [ 1020.271162][ T8425] device nr0 entered promiscuous mode [ 1020.272350][ T8421] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1020.283602][ T8421] ? __fget+0x35a/0x550 [ 1020.287772][ T8421] block_ioctl+0xee/0x130 [ 1020.292123][ T8421] ? blkdev_fallocate+0x410/0x410 [ 1020.297154][ T8421] do_vfs_ioctl+0xd6e/0x1390 [ 1020.301757][ T8421] ? ioctl_preallocate+0x210/0x210 [ 1020.306871][ T8421] ? __fget+0x381/0x550 15:30:23 executing program 0: bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0xfffffffffffffffe, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac3a77e6498ce44caff7f0000e8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r0 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x20, 0x402) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') r2 = syz_genetlink_get_family_id$team(&(0x7f0000000240)='team\x00') accept4$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000400)=0x14, 0x80000) getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000440)={@initdev, 0x0}, &(0x7f0000000480)=0x14) getsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f00000055c0)={@local, 0x0}, &(0x7f0000005600)=0x14) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000005640)={@broadcast, @loopback, 0x0}, &(0x7f0000005680)=0xc) accept4$packet(r0, &(0x7f00000056c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000005700)=0x14, 0x80000) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000005740)={{{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000005840)=0xe8) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000005880)={{{@in6=@initdev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f0000005980)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000005a80)={'bridge0\x00', 0x0}) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000005ac0)={@loopback, @loopback, 0x0}, &(0x7f0000005b00)=0xc) getpeername$packet(r0, &(0x7f0000005b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000005b80)=0x14) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000005d00)={0x0, @initdev, @multicast2}, &(0x7f0000005d40)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000005e80)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@initdev}}, &(0x7f0000005f80)=0xe8) getpeername$packet(r0, &(0x7f0000005fc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000006000)=0x14) getsockname$packet(r0, &(0x7f0000006040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000006080)=0x14) getsockname(r0, &(0x7f0000009580)=@hci={0x1f, 0x0}, &(0x7f0000009600)=0x80) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@initdev}}, &(0x7f0000000380)=0x2c) accept$packet(r0, &(0x7f00000097c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000009800)=0x14) accept4$packet(r0, &(0x7f0000009840)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000009880)=0x14, 0x80800) accept4$packet(r0, &(0x7f00000098c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000009900)=0x14, 0x80000) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000009940)={0x0, @rand_addr, @dev}, &(0x7f0000009980)=0xc) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000009a80)={0x0, @dev, @multicast1}, &(0x7f0000009ac0)=0xc) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000009b80)={@multicast1, @multicast1, 0x0}, &(0x7f0000009bc0)=0xc) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f000000d580)={{{@in=@multicast2, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@multicast2}}, &(0x7f000000d680)=0xe8) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f000000d6c0)={@remote, @dev, 0x0}, &(0x7f000000d700)=0xc) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f000000d740)={{{@in6=@local, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@mcast1}}, &(0x7f000000d840)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f000000d880)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f000000e200)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f000000e1c0)={&(0x7f000000d8c0)=ANY=[@ANYBLOB="c8080000", @ANYRES16=r2, @ANYBLOB="200026bd7000fbdbdf250200000008000100", @ANYRES32=r3, @ANYBLOB="780002003c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000000c000400686173680000000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004002000000008000100", @ANYRES32=r4, @ANYBLOB="2002020040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000200000008000600", @ANYRES32=r5, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400ffffffff38000100240001006c625f73746174735f726566726573685f696e74657276616c0000000000000008000300030000000800040092000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000400000008000600", @ANYRES32=r8, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400040000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r9, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b00000008000400d20a0000080007000000000008000100", @ANYRES32=r10, @ANYBLOB="7801020040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r11, @ANYBLOB="0800070000000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004003f00000008000600", @ANYRES32=r12, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400010000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r13, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040000100000080007000000000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r14, @ANYBLOB="080007000000000008000100", @ANYRES32=r15, @ANYBLOB="f400020040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e00000008000400e208000008000600", @ANYRES32=r16, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000100000038000100240001006d636173745f72656a6f696e5f636f756e74000000000000000000000000000008000300030000000800040006000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000500000008000600", @ANYRES32=r17, @ANYBLOB="08000100", @ANYRES32=r18, @ANYBLOB="700102003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r19, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004000000010040000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b00000008000c0007000000080007000000000038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400ff0f000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040037000000080007000000000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004002f00000008000600", @ANYRES32=r20, @ANYBLOB="08000100", @ANYRES32=r21, @ANYBLOB="44000200400001002400010071756575655f6964000000000000000000000000000000000000000000000000080003000300000008000400ff0f000008000600", @ANYRES32=r22, @ANYBLOB="08000100", @ANYRES32=r23, @ANYBLOB="3c00020038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000300000008000100", @ANYRES32=r24, @ANYBLOB="80010200400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000200000008000600", @ANYRES32=r25, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000900000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000700000008000600", @ANYRES32=r26, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000600000008000600", @ANYRES32=r27, @ANYBLOB="4c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e67000000003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r28], 0x8c8}, 0x1, 0x0, 0x0, 0x41}, 0x8000) sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x600, 0x70bd26, 0x25dfdbfe, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x20000041) [ 1020.311057][ T8421] ? ksys_dup3+0x3e0/0x3e0 [ 1020.315480][ T8421] ? do_sys_open+0x31d/0x5d0 [ 1020.320078][ T8421] ? tomoyo_file_ioctl+0x23/0x30 [ 1020.325023][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1020.331275][ T8421] ? security_file_ioctl+0x93/0xc0 [ 1020.336405][ T8421] ksys_ioctl+0xab/0xd0 [ 1020.340590][ T8421] __x64_sys_ioctl+0x73/0xb0 [ 1020.345191][ T8421] do_syscall_64+0x103/0x610 [ 1020.349797][ T8421] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1020.355694][ T8421] RIP: 0033:0x458077 [ 1020.359597][ T8421] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1020.379204][ T8421] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1020.387661][ T8421] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1020.395616][ T8421] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1020.403567][ T8421] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1020.411529][ T8421] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1020.419493][ T8421] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1020.427733][ C0] protocol 88fb is buggy, dev hsr_slave_0 15:30:24 executing program 3 (fault-call:0 fault-nth:19): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x600]}) [ 1020.557100][ T8541] binder: 8533:8541 got transaction with invalid data ptr [ 1020.581575][ T8549] binder: BINDER_SET_CONTEXT_MGR already set [ 1020.587591][ T8549] binder: 8533:8549 ioctl 40046207 0 returned -16 15:30:24 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1020.612105][ T8541] binder_alloc: 8533: binder_alloc_buf, no vma 15:30:24 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x4, 0x2, "780cd0b0fcf4110c019c56b89bc1effd5768f7ae79d490b632da37e2a44df49d00000000000000000000296500", 0x1d}, 0x60) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40000, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=0x0, &(0x7f0000000080)=0x4) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000140), &(0x7f0000000180)=0x4) getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000000c0)=@assoc_id=r3, &(0x7f0000000100)=0x4) 15:30:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000600000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:24 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x2400, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xc4, r2, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x17}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000000}]}, @TIPC_NLA_NODE={0x2c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x34, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000001}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x72}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1020.711636][ T8642] FAULT_INJECTION: forcing a failure. [ 1020.711636][ T8642] name failslab, interval 1, probability 0, space 0, times 0 15:30:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x700]}) [ 1020.774869][ T8657] device nr0 entered promiscuous mode [ 1020.795242][ T8642] CPU: 1 PID: 8642 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1020.803170][ T8642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1020.813234][ T8642] Call Trace: [ 1020.816538][ T8642] dump_stack+0x172/0x1f0 [ 1020.820888][ T8642] should_fail.cold+0xa/0x15 [ 1020.825485][ T8642] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1020.825507][ T8642] ? ___might_sleep+0x163/0x280 [ 1020.825526][ T8642] __should_failslab+0x121/0x190 [ 1020.825546][ T8642] should_failslab+0x9/0x14 [ 1020.825562][ T8642] kmem_cache_alloc+0x2b2/0x6f0 [ 1020.825584][ T8642] ? lock_downgrade+0x880/0x880 [ 1020.855266][ T8642] ? kasan_check_read+0x11/0x20 [ 1020.855291][ T8642] __kernfs_new_node+0xef/0x690 [ 1020.864977][ T8642] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1020.870459][ T8642] ? wait_for_completion+0x440/0x440 [ 1020.875739][ T8642] ? mutex_unlock+0xd/0x10 [ 1020.880136][ T8642] ? kernfs_activate+0x192/0x1f0 [ 1020.885058][ T8642] kernfs_new_node+0x99/0x130 [ 1020.889718][ T8642] __kernfs_create_file+0x51/0x340 [ 1020.894817][ T8642] sysfs_add_file_mode_ns+0x222/0x560 [ 1020.900175][ T8642] internal_create_group+0x35b/0xc40 [ 1020.905441][ T8642] ? bd_set_size+0x89/0xb0 [ 1020.909839][ T8642] ? remove_files.isra.0+0x190/0x190 [ 1020.915106][ T8642] sysfs_create_group+0x20/0x30 [ 1020.919937][ T8642] lo_ioctl+0x10af/0x2150 [ 1020.924246][ T8642] ? lo_rw_aio+0x1120/0x1120 [ 1020.928818][ T8642] blkdev_ioctl+0xee8/0x1c40 [ 1020.933399][ T8642] ? blkpg_ioctl+0xa90/0xa90 [ 1020.937977][ T8642] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1020.943788][ T8642] ? __fget+0x35a/0x550 [ 1020.947926][ T8642] block_ioctl+0xee/0x130 [ 1020.952234][ T8642] ? blkdev_fallocate+0x410/0x410 [ 1020.957237][ T8642] do_vfs_ioctl+0xd6e/0x1390 [ 1020.961809][ T8642] ? ioctl_preallocate+0x210/0x210 [ 1020.966898][ T8642] ? __fget+0x381/0x550 [ 1020.971063][ T8642] ? ksys_dup3+0x3e0/0x3e0 [ 1020.975462][ T8642] ? do_sys_open+0x31d/0x5d0 [ 1020.980044][ T8642] ? tomoyo_file_ioctl+0x23/0x30 [ 1020.984981][ T8642] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1020.991217][ T8642] ? security_file_ioctl+0x93/0xc0 [ 1020.996312][ T8642] ksys_ioctl+0xab/0xd0 [ 1021.000474][ T8642] __x64_sys_ioctl+0x73/0xb0 [ 1021.005060][ T8642] do_syscall_64+0x103/0x610 [ 1021.009669][ T8642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1021.015543][ T8642] RIP: 0033:0x458077 [ 1021.019419][ T8642] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1021.039110][ T8642] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1021.047515][ T8642] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1021.055469][ T8642] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1021.063418][ T8642] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 15:30:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x1, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x574) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00') r3 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x2, 0x2) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x20000, 0x0) r5 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x180000, 0x400200) r6 = fcntl$dupfd(r1, 0x406, r1) r7 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x2, 0x101000) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x80, r2, 0x0, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7}, @NBD_ATTR_SOCKETS={0x34, 0x7, [{0x8, 0x1, r3}, {0x8, 0x1, r1}, {0x8, 0x1, r4}, {0x8, 0x1, r5}, {0x8, 0x1, r6}, {0x8, 0x1, r7}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x800}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xc2d}, @NBD_ATTR_TIMEOUT={0xc}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x90) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f00000002c0)={0x5, 0x31435750, 0x3, 0xffffffffffffffff, 0x3, @discrete={0x8001, 0x59b}}) write$eventfd(r7, &(0x7f0000000300)=0xfff, 0x8) [ 1021.071368][ T8642] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1021.079316][ T8642] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1021.146391][ T8670] binder: 8665:8670 got transaction with invalid data ptr [ 1021.156217][ T8672] binder: BINDER_SET_CONTEXT_MGR already set [ 1021.162428][ T8672] binder: 8665:8672 ioctl 40046207 0 returned -16 [ 1021.169133][ T8670] binder_alloc: 8665: binder_alloc_buf, no vma 15:30:24 executing program 3 (fault-call:0 fault-nth:20): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:24 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x20000, 0x0) getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f00000000c0), &(0x7f0000000100)=0x4) close(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xa00]}) [ 1021.293433][ T8689] binder: 8685:8689 got transaction with invalid data ptr [ 1021.321629][ T8734] binder: BINDER_SET_CONTEXT_MGR already set 15:30:24 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7ff, 0x751800) syz_open_pts(r2, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000040)={0x0, @aes128, 0x1, "51819210abfa6b72"}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000003c0)={"e51a675ced961f41d62027be9f2409ffd1160ad1a58292e4fd2f8c6f73778727006332289f519e77cd7ac8932802dc510cce8540f2e65d160b53e55d572e9e8598a19e2639e85dd594a9c2e4adee64da23dc39d442a7e68bc32583620c1b806aa8cdf1d0f98620a3f7fefc23c205de9a3801f54ec7848ee2fe4c23576f47196d0eafc9fb291f3c51aae1f7bbd28b43f87650f72a27d1243325b04dedf03a755c789b556b9a29ddd825cceddb71b1d881774b321d9cf202fe34eece5c950c787d3ebd5ac97499aa3517a6478b4e5e20c5144251c0d3a9ad1d71a0f53845909251bbecdff26e3d136714b0d2ec09e0e26cdeb9b54afc312203dbde3bbd4524c27e314fbe56d8b5573ac75c9c415a8d89bc9aac1553c772b26299eeeb9e0aaf610354e1090564b83ec29a905b11ea378b91ddeca3333581e766346b911b4965f4e6edca19ea5b5ac6ebc791750885c016247474c09ff3a70eb8fdedb0017c8a143899ec7b0f75b03fdb16b28ae16c4aee2a6b19775dd7d3e48b1ffdf10e6fb92e89b3f415ef2ea1e37ddf33c0bae4b3cee7864566866cb482267bde6ddb258a0caed099b0ead123e5ae5286d44d4ab49149b5ef51f707307d222cd968c7c728d5512ba83ba5da2d84c0471a27631028eb26d66db2db81920d8818dcb13f42feb26063a0350776b8c2daeda525a53f1453b94deab771bfc380799d45b594679eecfcf33650893de84e965b23240610774b5a0c6f21dde4153b948e95a8e22b6f481c04c02c4eb3dcbcb81b88a9b3f2d8fc05f87747cd5591c4cf62b4b62cfab1434f5a9089f738405938e7c67c3c16b4d7de05d5b0cb893184420f621e06e70e38fb3fdbd1ad3512e8e5d924ab5026858ae64ea4bd219107953c0aa222fe59f472ef8d9d4216ae754bb105e79119114c0a3b58383507d68bb8efd0c49117e882396688256ba06ec98a16d03ec31bc98a65308b096df392b8aea8d4d6e9e169ca1e3a16a7bf4a7e28d4752029fd2bcca6c30d5221f6032a690f820d6b7196ab2995fad5a068dbfbbee3b869109784ca86f629b05bcb5cd99bebe88a3a9215e0b471cc54a255519a9c9ca6458a2126453f1f63482553ec7c3fe683852980b91289f48a17673896778e4a523bd521f6404c345d5e5680fff760f92e5810c0ef43852ab8f2d86ab50b68f8d88035a0c00ddc1e21090fda86285b4335162384c261d832092dc42c8981e06c4b9faca4789370cad2a7542f991fe87581d4c4c2b6ff8788dec757a922dacfca30cd65b30c35e4864fdb31d1779895dc801d9602db7e0632f805722390629d77808046cd16d8ffa7addb49c45f477d82870481403fa5dec2ff1c0719e3a3d194c55b5eb7552c57f58a538e04971d62b3f37311386ce5fb307702681025a40de6efb6cd25564a7a101c3f3c27d58f7ee45f97d6ecbd0fd735c6"}) 15:30:24 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x2, 0x0, 0x8000000, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1021.354763][ T8734] binder: 8685:8734 ioctl 40046207 0 returned -16 [ 1021.512562][ T8810] FAULT_INJECTION: forcing a failure. [ 1021.512562][ T8810] name failslab, interval 1, probability 0, space 0, times 0 [ 1021.530772][ T8810] CPU: 1 PID: 8810 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1021.538726][ T8810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1021.548802][ T8810] Call Trace: [ 1021.552146][ T8810] dump_stack+0x172/0x1f0 [ 1021.556480][ T8810] should_fail.cold+0xa/0x15 [ 1021.561092][ T8810] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1021.566899][ T8810] ? ___might_sleep+0x163/0x280 [ 1021.571752][ T8810] __should_failslab+0x121/0x190 [ 1021.576691][ T8810] should_failslab+0x9/0x14 [ 1021.581189][ T8810] __kmalloc+0x2dc/0x740 [ 1021.585433][ T8810] ? kobject_uevent_env+0x2fb/0x1030 [ 1021.590745][ T8810] ? rcu_read_lock_sched_held+0x110/0x130 [ 1021.596478][ T8810] ? kobject_get_path+0xc4/0x1b0 [ 1021.601415][ T8810] kobject_get_path+0xc4/0x1b0 [ 1021.606188][ T8810] kobject_uevent_env+0x31f/0x1030 [ 1021.611323][ T8810] kobject_uevent+0x20/0x26 [ 1021.615854][ T8810] lo_ioctl+0x112b/0x2150 [ 1021.620202][ T8810] ? lo_rw_aio+0x1120/0x1120 [ 1021.624789][ T8810] blkdev_ioctl+0xee8/0x1c40 [ 1021.629383][ T8810] ? blkpg_ioctl+0xa90/0xa90 [ 1021.634006][ T8810] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1021.639849][ T8810] ? __fget+0x35a/0x550 [ 1021.644005][ T8810] block_ioctl+0xee/0x130 [ 1021.648332][ T8810] ? blkdev_fallocate+0x410/0x410 [ 1021.653352][ T8810] do_vfs_ioctl+0xd6e/0x1390 [ 1021.657939][ T8810] ? ioctl_preallocate+0x210/0x210 [ 1021.663048][ T8810] ? __fget+0x381/0x550 [ 1021.667204][ T8810] ? ksys_dup3+0x3e0/0x3e0 [ 1021.671629][ T8810] ? do_sys_open+0x31d/0x5d0 [ 1021.676219][ T8810] ? tomoyo_file_ioctl+0x23/0x30 [ 1021.681152][ T8810] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1021.687401][ T8810] ? security_file_ioctl+0x93/0xc0 [ 1021.692511][ T8810] ksys_ioctl+0xab/0xd0 [ 1021.696667][ T8810] __x64_sys_ioctl+0x73/0xb0 [ 1021.701255][ T8810] do_syscall_64+0x103/0x610 [ 1021.705846][ T8810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1021.711731][ T8810] RIP: 0033:0x458077 [ 1021.715648][ T8810] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1021.735249][ T8810] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1021.743652][ T8810] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1021.751617][ T8810] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 15:30:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x4800]}) [ 1021.759582][ T8810] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1021.767570][ T8810] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1021.775533][ T8810] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1021.789311][ T8811] binder: 8797:8811 got transaction with invalid data ptr 15:30:25 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x101000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000140)={{0x80000001, 0x100}, {0x4, 0x1}, 0xa2, 0x3, 0x6}) r2 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x0, 0x551601) ioctl$IMGETVERSION(r2, 0x80044942, &(0x7f00000000c0)) ioctl$CAPI_SET_FLAGS(r1, 0x80044324, &(0x7f00000001c0)=0x1) [ 1021.809057][ T8815] binder_alloc: binder_alloc_mmap_handler: 8797 20000000-20002000 already mapped failed -16 [ 1021.809372][ T8816] binder: BINDER_SET_CONTEXT_MGR already set 15:30:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0xac, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x2d7d, 0x100) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000040)={0x4, 0x200000004000, 0x800, 0x4000, r1}) 15:30:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000001200000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1021.860790][ T8816] binder: 8797:8816 ioctl 40046207 0 returned -16 [ 1021.860823][ T8371] binder_release_work: 9 callbacks suppressed [ 1021.860830][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1021.896705][ T8817] device nr0 entered promiscuous mode [ 1021.966287][ T8827] binder: 8825:8827 got transaction with invalid data ptr 15:30:25 executing program 3 (fault-call:0 fault-nth:21): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1022.008573][ T8930] binder: BINDER_SET_CONTEXT_MGR already set 15:30:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x4c00]}) 15:30:25 executing program 2: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f00000005c0)={&(0x7f0000000200), 0xc, &(0x7f0000000580)={&(0x7f0000000280)={0x2fc, r1, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xe8, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd97}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @loopback, 0x2}}, {0x14, 0x2, @in={0x2, 0x4e22, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9800}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'dummy0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfdd7}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}]}, @TIPC_NLA_LINK={0x68, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x94b2}]}]}, @TIPC_NLA_MON={0x44, 0x9, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3127}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x762c}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8a2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000001}]}, @TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_NODE={0x14, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xb38}]}, @TIPC_NLA_SOCK={0x38, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9462}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3ff}]}, @TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5b}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0xcc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5f}]}]}]}, 0x2fc}, 0x1, 0x0, 0x0, 0x20040040}, 0x40) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x10001, 0x521000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r2, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, 0x0, 0x0) setsockopt$inet6_int(r2, 0x29, 0x13, &(0x7f0000000040)=0x3ad6, 0x4) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f0000000140)={0x3, 0x70, 0x23b, 0x401, 0x3ff, 0x1ff, 0x0, 0x101, 0x80400, 0x4, 0x10001, 0x2, 0x6, 0x6d, 0x5, 0x3, 0x2, 0x8001, 0x0, 0x7, 0x5, 0xfffffffffffffffc, 0x2, 0xd0, 0x3f, 0x80000001, 0x0, 0x720, 0x7fffffff, 0x0, 0x280000000000, 0x4, 0x71fd, 0xfffffffffffffffe, 0x3, 0x100000001, 0x8000, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000100), 0x4}, 0x120, 0x8001, 0x4, 0x9, 0x20, 0x8, 0x101}) connect$nfc_llcp(r2, &(0x7f0000000080)={0x27, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1022.050075][ T8930] binder: 8825:8930 ioctl 40046207 0 returned -16 [ 1022.064614][ T8827] binder_alloc: 8825: binder_alloc_buf, no vma [ 1022.071752][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1022.090349][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 15:30:25 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x4080, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f00000002c0), &(0x7f0000000100)=0x4) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r3, 0xc0305616, &(0x7f0000000180)={0x0, {0x3, 0x92}}) r4 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ashmem\x00', 0x400, 0x0) fsetxattr$security_ima(r4, &(0x7f0000000200)='security.ima\x00', &(0x7f0000000280)=@sha1={0x1, "9a518df7d8631e5f1ab40abbc155da0a1ab12363"}, 0x15, 0x3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r5, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:25 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x800001, 0x1) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x84000) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x1, 0x20}, &(0x7f0000000100)=0xc) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000140)={r2, 0x101, 0x7}, &(0x7f0000000180)=0x8) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r3 = request_key(&(0x7f00000001c0)='dns_resolver\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)='($#\\\x00', 0xfffffffffffffff9) keyctl$get_security(0x11, r3, &(0x7f0000000280)=""/195, 0xc3) 15:30:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1022.199610][ T8944] FAULT_INJECTION: forcing a failure. [ 1022.199610][ T8944] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1022.212855][ T8944] CPU: 0 PID: 8944 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1022.220750][ T8944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1022.230841][ T8944] Call Trace: [ 1022.234152][ T8944] dump_stack+0x172/0x1f0 [ 1022.238531][ T8944] should_fail.cold+0xa/0x15 [ 1022.243147][ T8944] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1022.248969][ T8944] ? __lock_acquire+0x548/0x3fb0 [ 1022.248987][ T8944] ? trace_hardirqs_on+0x67/0x230 [ 1022.249008][ T8944] should_fail_alloc_page+0x50/0x60 [ 1022.249032][ T8944] __alloc_pages_nodemask+0x1a1/0x7e0 [ 1022.269560][ T8944] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1022.275285][ T8944] ? find_held_lock+0x35/0x130 [ 1022.280077][ T8944] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1022.285901][ T8944] cache_grow_begin+0x9c/0x860 [ 1022.290678][ T8944] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1022.296932][ T8944] kmem_cache_alloc_trace+0x67f/0x760 [ 1022.302330][ T8944] kobject_uevent_env+0x2fb/0x1030 [ 1022.307456][ T8944] kobject_uevent+0x20/0x26 [ 1022.311983][ T8944] lo_ioctl+0x112b/0x2150 [ 1022.316311][ T8944] ? lo_rw_aio+0x1120/0x1120 [ 1022.320906][ T8944] blkdev_ioctl+0xee8/0x1c40 [ 1022.325488][ T8944] ? blkpg_ioctl+0xa90/0xa90 [ 1022.330076][ T8944] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1022.335891][ T8944] ? __fget+0x35a/0x550 [ 1022.340048][ T8944] block_ioctl+0xee/0x130 [ 1022.344392][ T8944] ? blkdev_fallocate+0x410/0x410 [ 1022.349413][ T8944] do_vfs_ioctl+0xd6e/0x1390 [ 1022.354006][ T8944] ? ioctl_preallocate+0x210/0x210 [ 1022.359110][ T8944] ? __fget+0x381/0x550 [ 1022.363265][ T8944] ? ksys_dup3+0x3e0/0x3e0 [ 1022.367681][ T8944] ? do_sys_open+0x31d/0x5d0 [ 1022.372420][ T8944] ? tomoyo_file_ioctl+0x23/0x30 [ 1022.377352][ T8944] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1022.383588][ T8944] ? security_file_ioctl+0x93/0xc0 [ 1022.388697][ T8944] ksys_ioctl+0xab/0xd0 [ 1022.392869][ T8944] __x64_sys_ioctl+0x73/0xb0 [ 1022.397457][ T8944] do_syscall_64+0x103/0x610 [ 1022.402047][ T8944] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1022.407932][ T8944] RIP: 0033:0x458077 [ 1022.411831][ T8944] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1022.431451][ T8944] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1022.439853][ T8944] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 15:30:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x6800]}) 15:30:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)={0xffffffffffffffff}, 0x0, 0x1001}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000002c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000040), r2}}, 0x18) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$l2tp(r0, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x3, 0x1, 0x0, {0xa, 0x4e22, 0x10001, @mcast1, 0x9a9}}}, 0x32) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f00000003c0)=r0) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000400)={{0xffffffffffffffff, 0x3, 0x7, 0x2, 0x6}, 0x39feeffd, 0x2, 0x6}) [ 1022.447819][ T8944] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1022.455824][ T8944] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1022.463797][ T8944] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1022.472201][ T8944] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:26 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0xfffffffffffffffe, 0x0, 0x0, 0x1, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x80002b}, 0x60) 15:30:26 executing program 3 (fault-call:0 fault-nth:22): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x200202, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000040}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x130, r1, 0x14, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x49}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7f}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xfffffffffffffff8}]}, @IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x5}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x400}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x400000000000}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x100}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x582}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8100}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x5}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7ff}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) prctl$PR_SET_ENDIAN(0x14, 0x1) 15:30:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x6c00]}) 15:30:26 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0xa00, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f00000000c0)={0x8, 0x20, 0x5, 0x0, 0xa, 0x3, 0x8, 0x1, 0x4, 0x400, 0x8, 0x7, 0x0, 0x42, 0x101, 0x8001, 0xffffffffffffffff, 0x4, 0x80}) syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0xca2, 0x4000000000) [ 1022.630546][ T9066] binder: 9060:9066 got transaction with invalid data ptr [ 1022.659818][ T9066] binder_transaction: 9 callbacks suppressed [ 1022.659835][ T9066] binder: 9060:9066 transaction failed 29201/-14, size 8192-0 line 3179 [ 1022.711566][ T9072] binder: BINDER_SET_CONTEXT_MGR already set 15:30:26 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$x25(r1, &(0x7f0000000080)={0x9, @remote={[], 0x0}}, 0x12) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1022.752560][ T9072] binder: 9060:9072 ioctl 40046207 0 returned -16 [ 1022.762042][ T9066] binder_alloc: 9060: binder_alloc_buf, no vma [ 1022.773700][ T9075] FAULT_INJECTION: forcing a failure. [ 1022.773700][ T9075] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1022.786908][ T9075] CPU: 0 PID: 9075 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1022.794819][ T9075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1022.804892][ T9075] Call Trace: [ 1022.808198][ T9075] dump_stack+0x172/0x1f0 [ 1022.812558][ T9075] should_fail.cold+0xa/0x15 [ 1022.817161][ T9075] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1022.822988][ T9075] ? __lock_acquire+0x548/0x3fb0 [ 1022.827961][ T9075] ? trace_hardirqs_on+0x67/0x230 [ 1022.833022][ T9075] should_fail_alloc_page+0x50/0x60 [ 1022.838228][ T9075] __alloc_pages_nodemask+0x1a1/0x7e0 [ 1022.843628][ T9075] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1022.849347][ T9075] ? find_held_lock+0x35/0x130 [ 1022.850511][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1022.854134][ T9075] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1022.854161][ T9075] cache_grow_begin+0x9c/0x860 [ 1022.862219][ T9066] binder: 9060:9066 transaction failed 29189/-3, size 8192-0 line 3147 [ 1022.866107][ T9075] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1022.866128][ T9075] kmem_cache_alloc_trace+0x67f/0x760 [ 1022.866153][ T9075] kobject_uevent_env+0x2fb/0x1030 [ 1022.895877][ T9075] kobject_uevent+0x20/0x26 [ 1022.900399][ T9075] lo_ioctl+0x112b/0x2150 [ 1022.904737][ T9075] ? lo_rw_aio+0x1120/0x1120 [ 1022.909338][ T9075] blkdev_ioctl+0xee8/0x1c40 [ 1022.910835][ T17] binder: undelivered TRANSACTION_ERROR: 29189 [ 1022.913954][ T9075] ? blkpg_ioctl+0xa90/0xa90 [ 1022.913971][ T9075] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1022.914001][ T9075] ? __fget+0x35a/0x550 [ 1022.934679][ T9075] block_ioctl+0xee/0x130 [ 1022.939020][ T9075] ? blkdev_fallocate+0x410/0x410 [ 1022.944051][ T9075] do_vfs_ioctl+0xd6e/0x1390 [ 1022.948684][ T9075] ? ioctl_preallocate+0x210/0x210 [ 1022.953812][ T9075] ? __fget+0x381/0x550 [ 1022.957993][ T9075] ? ksys_dup3+0x3e0/0x3e0 [ 1022.962420][ T9075] ? do_sys_open+0x31d/0x5d0 [ 1022.967026][ T9075] ? tomoyo_file_ioctl+0x23/0x30 [ 1022.971977][ T9075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1022.978229][ T9075] ? security_file_ioctl+0x93/0xc0 [ 1022.983353][ T9075] ksys_ioctl+0xab/0xd0 [ 1022.987518][ T9075] __x64_sys_ioctl+0x73/0xb0 [ 1022.992128][ T9075] do_syscall_64+0x103/0x610 [ 1022.996730][ T9075] entry_SYSCALL_64_after_hwframe+0x49/0xbe 15:30:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x7400]}) 15:30:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:26 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x9c7b, 0x87, 0x100, 0x9, 0x0, 0x1f, 0x4, 0xc, 0x10000, 0x9, 0x9, 0x788, 0x8, 0xe5, 0x6a884ca2, 0xfffffffffffffffc, 0x1f, 0x2, 0xfffffffffffff800, 0x8, 0x10001, 0x2, 0x2, 0x7, 0x10000, 0x7, 0x1f, 0x3, 0x2, 0xffffffffffffabe8, 0x1, 0x5, 0x6, 0xb5, 0x0, 0xff, 0x0, 0x65, 0x3, @perf_config_ext={0x7, 0x8}, 0x20, 0x5, 0x7, 0x8, 0x5b, 0x4, 0xfffffffffffffbff}, r1, 0x3, r0, 0x1) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1023.002636][ T9075] RIP: 0033:0x458077 [ 1023.006546][ T9075] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1023.026150][ T9075] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1023.034564][ T9075] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1023.042542][ T9075] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 15:30:26 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000080)) socket$caif_stream(0x25, 0x1, 0x4) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x80, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f0000000140)={r2, 0xa37bc321d0c82d71}) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x7, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1023.050572][ T9075] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1023.058562][ T9075] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1023.066612][ T9075] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:26 executing program 3 (fault-call:0 fault-nth:23): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1023.175594][ T9200] Unknown ioctl -1073191903 [ 1023.193646][ T9196] binder: 9194:9196 transaction failed 29201/-14, size 8192-0 line 3179 15:30:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x7a00]}) [ 1023.239394][ T9206] binder: BINDER_SET_CONTEXT_MGR already set [ 1023.246617][ T9199] device nr0 entered promiscuous mode [ 1023.249651][ T9206] binder: 9194:9206 ioctl 40046207 0 returned -16 [ 1023.266080][ T9196] binder_alloc: 9194: binder_alloc_buf, no vma 15:30:26 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0xd, 0x80f, 0x7, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$audion(&(0x7f0000000280)='/dev/audio#\x00', 0xda51, 0x20000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) getsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f0000000180)={@broadcast, @multicast2}, &(0x7f00000001c0)=0xc) ioctl$sock_rose_SIOCDELRT(r1, 0x890c, &(0x7f0000000200)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0='bpq0\x00', 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}) ioctl$sock_rose_SIOCDELRT(r2, 0x890c, &(0x7f0000000100)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={'nr', 0x0}, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @bcast, @default, @null]}) connect$nfc_llcp(r3, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x4, 0x3, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x100000000000001d}, 0x60) [ 1023.299336][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1023.312215][ T9196] binder: 9194:9196 transaction failed 29189/-3, size 8192-0 line 3147 15:30:26 executing program 0: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x200, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f00000001c0)={'U-', 0x80000000}, 0x28, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x208200, 0x0) getsockopt$inet_int(r2, 0x0, 0x22, &(0x7f0000000040), &(0x7f0000000100)=0x4) bind$nfc_llcp(r1, &(0x7f0000000080)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae23d5669263048e0969424bb945c40ad", 0x4000002b}, 0xfffffffffffffe05) [ 1023.354862][ T9300] FAULT_INJECTION: forcing a failure. [ 1023.354862][ T9300] name failslab, interval 1, probability 0, space 0, times 0 [ 1023.372604][ T12] binder: undelivered TRANSACTION_ERROR: 29189 15:30:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xbf00]}) [ 1023.484625][ T9300] CPU: 1 PID: 9300 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1023.492557][ T9300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1023.502618][ T9300] Call Trace: [ 1023.505926][ T9300] dump_stack+0x172/0x1f0 [ 1023.510303][ T9300] should_fail.cold+0xa/0x15 [ 1023.511679][ T9324] binder_transaction: 1 callbacks suppressed [ 1023.511688][ T9324] binder: 9323:9324 got transaction with invalid data ptr [ 1023.514915][ T9300] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1023.514941][ T9300] ? ___might_sleep+0x163/0x280 [ 1023.514964][ T9300] __should_failslab+0x121/0x190 [ 1023.514988][ T9300] should_failslab+0x9/0x14 [ 1023.521191][ T9324] binder: 9323:9324 transaction failed 29201/-14, size 8192-0 line 3179 [ 1023.528059][ T9300] kmem_cache_alloc+0x2b2/0x6f0 [ 1023.528074][ T9300] ? __fget+0x381/0x550 [ 1023.528097][ T9300] getname_flags+0xd6/0x5b0 [ 1023.528115][ T9300] do_mkdirat+0xa0/0x2a0 [ 1023.528135][ T9300] ? __ia32_sys_mknod+0xb0/0xb0 [ 1023.537838][ T9325] binder: BINDER_SET_CONTEXT_MGR already set [ 1023.538770][ T9300] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1023.538788][ T9300] ? do_syscall_64+0x26/0x610 [ 1023.538805][ T9300] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1023.538818][ T9300] ? do_syscall_64+0x26/0x610 [ 1023.538843][ T9300] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1023.543938][ T9325] binder: 9323:9325 ioctl 40046207 0 returned -16 [ 1023.548256][ T9300] __x64_sys_mkdir+0x5c/0x80 [ 1023.548274][ T9300] do_syscall_64+0x103/0x610 [ 1023.548293][ T9300] entry_SYSCALL_64_after_hwframe+0x49/0xbe 15:30:27 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x9, 0x80) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000100)={0x2, 0x0, &(0x7f0000ffc000/0x1000)=nil}) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xfd00]}) [ 1023.548305][ T9300] RIP: 0033:0x457627 [ 1023.548325][ T9300] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1023.557011][ T9324] binder_alloc: 9323: binder_alloc_buf, no vma [ 1023.561491][ T9300] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1023.561505][ T9300] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 [ 1023.561513][ T9300] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1023.561521][ T9300] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1023.561529][ T9300] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1023.561538][ T9300] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1023.628683][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1023.652780][ T9324] binder: 9323:9324 transaction failed 29189/-3, size 8192-0 line 3147 [ 1023.727197][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 15:30:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00L\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:27 executing program 3 (fault-call:0 fault-nth:24): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:27 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = msgget(0x0, 0x20) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000080)=""/233) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000180)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0xc) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x40000, 0x0) kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r0, &(0x7f0000000280)={r4, r0, 0x400}) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x40011, r0, 0x0) 15:30:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x1000000]}) [ 1023.851142][ T9439] device nr0 entered promiscuous mode [ 1023.986006][ T9457] binder: 9448:9457 got transaction with invalid data ptr [ 1023.996033][ T9457] binder: 9448:9457 transaction failed 29201/-14, size 8192-0 line 3179 [ 1024.025637][ T9464] FAULT_INJECTION: forcing a failure. 15:30:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x2000000]}) [ 1024.025637][ T9464] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.040028][ T9512] binder: BINDER_SET_CONTEXT_MGR already set [ 1024.063428][ T9464] CPU: 1 PID: 9464 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1024.071341][ T9464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1024.081407][ T9464] Call Trace: [ 1024.082709][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1024.084724][ T9464] dump_stack+0x172/0x1f0 [ 1024.084746][ T9464] should_fail.cold+0xa/0x15 [ 1024.084769][ T9464] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1024.092488][ T9457] binder_alloc: 9448: binder_alloc_buf, no vma [ 1024.095244][ T9464] ? ___might_sleep+0x163/0x280 [ 1024.095266][ T9464] __should_failslab+0x121/0x190 [ 1024.095286][ T9464] should_failslab+0x9/0x14 [ 1024.095310][ T9464] kmem_cache_alloc_node_trace+0x270/0x720 15:30:27 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x6, 0x40600) write$UHID_GET_REPORT_REPLY(r0, &(0x7f00000000c0)={0xa, 0x4, 0x8, 0x9}, 0xa) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) select(0x40, &(0x7f0000000100)={0x21beba20, 0x5, 0x80000001, 0x1, 0x7f, 0x800, 0x5, 0x4}, &(0x7f0000000140)={0x6, 0x3, 0x3, 0x9, 0x7fffffff, 0x1, 0x7fff, 0x101}, &(0x7f0000000180)={0x1, 0x8001, 0xfffffffffffffff8, 0x5, 0x8, 0x400, 0xa, 0xfffffffffffffffb}, &(0x7f0000000200)={r2, r3/1000+10000}) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0xc2, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1024.102859][ T9457] binder: 9448:9457 transaction failed 29189/-3, size 8192-0 line 3147 [ 1024.105719][ T9464] __kmalloc_node_track_caller+0x3d/0x70 [ 1024.105739][ T9464] __kmalloc_reserve.isra.0+0x40/0xf0 [ 1024.105759][ T9464] __alloc_skb+0x10b/0x5e0 [ 1024.122445][ T9512] binder: 9448:9512 ioctl 40046207 0 returned -16 [ 1024.126152][ T9464] ? skb_trim+0x190/0x190 [ 1024.126171][ T9464] ? kasan_check_read+0x11/0x20 [ 1024.126205][ T9464] alloc_uevent_skb+0x83/0x1e2 [ 1024.175819][ T9464] kobject_uevent_env+0xa63/0x1030 [ 1024.180948][ T9464] kobject_uevent+0x20/0x26 [ 1024.185436][ T9464] lo_ioctl+0x112b/0x2150 [ 1024.189749][ T9464] ? lo_rw_aio+0x1120/0x1120 [ 1024.194328][ T9464] blkdev_ioctl+0xee8/0x1c40 [ 1024.198898][ T9464] ? blkpg_ioctl+0xa90/0xa90 [ 1024.203470][ T9464] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1024.209264][ T9464] ? __fget+0x35a/0x550 [ 1024.213427][ T9464] block_ioctl+0xee/0x130 [ 1024.217735][ T9464] ? blkdev_fallocate+0x410/0x410 [ 1024.222790][ T9464] do_vfs_ioctl+0xd6e/0x1390 [ 1024.227372][ T9464] ? ioctl_preallocate+0x210/0x210 [ 1024.232464][ T9464] ? __fget+0x381/0x550 [ 1024.236602][ T9464] ? ksys_dup3+0x3e0/0x3e0 [ 1024.241042][ T9464] ? do_sys_open+0x31d/0x5d0 [ 1024.245618][ T9464] ? tomoyo_file_ioctl+0x23/0x30 [ 1024.250546][ T9464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1024.256777][ T9464] ? security_file_ioctl+0x93/0xc0 [ 1024.261870][ T9464] ksys_ioctl+0xab/0xd0 [ 1024.266009][ T9464] __x64_sys_ioctl+0x73/0xb0 [ 1024.270602][ T9464] do_syscall_64+0x103/0x610 [ 1024.275176][ T9464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1024.281050][ T9464] RIP: 0033:0x458077 [ 1024.284935][ T9464] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1024.304550][ T9464] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1024.312964][ T9464] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000458077 [ 1024.320931][ T9464] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1024.328895][ T9464] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 15:30:27 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = gettid() move_pages(r3, 0x1, &(0x7f0000000080)=[&(0x7f0000ffb000/0x2000)=nil], &(0x7f00000000c0)=[0x7, 0x3, 0x1, 0xfffffffffffffffe, 0x9], &(0x7f0000000100)=[0x0, 0x0, 0x0], 0x6) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1024.336842][ T9464] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1024.344806][ T9464] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xd65, 0x803) connect$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x1, 0x2, 0x3, 0x0, 0x7, "f9b7f9134b56f995dc9b4a8293363f7b59d86ceb15158e86ff58d136e0592b611b68d102bdeebd3cc278b4dadb7d3077cd03f5ca52d13473ab791865341702", 0x2b}, 0x60) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000100)='bpq0\x00') connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x80000000, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1b}, 0x60) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f00000000c0)=0x943, 0x8) 15:30:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x3000000]}) [ 1024.474444][ T9573] binder: 9572:9573 got transaction with invalid data ptr 15:30:28 executing program 3 (fault-call:0 fault-nth:25): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1024.530229][ T9573] binder: 9572:9573 transaction failed 29201/-14, size 8192-0 line 3179 15:30:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x4000000]}) [ 1024.571394][ C0] net_ratelimit: 20 callbacks suppressed [ 1024.571421][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1024.577273][ T9648] binder_alloc: binder_alloc_mmap_handler: 9572 20000000-20002000 already mapped failed -16 [ 1024.583578][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:28 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x1, 0x0) ioctl$SIOCX25CALLACCPTAPPRV(r1, 0x89e8) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1024.667996][ T9580] device nr0 entered promiscuous mode [ 1024.675827][ T9654] binder: BINDER_SET_CONTEXT_MGR already set [ 1024.709080][ T9654] binder: 9572:9654 ioctl 40046207 0 returned -16 [ 1024.741054][ T9695] FAULT_INJECTION: forcing a failure. [ 1024.741054][ T9695] name fail_page_alloc, interval 1, probability 0, space 0, times 0 15:30:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000ff6000000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1024.754271][ T9695] CPU: 1 PID: 9695 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1024.762163][ T9695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1024.772230][ T9695] Call Trace: [ 1024.775538][ T9695] dump_stack+0x172/0x1f0 [ 1024.779914][ T9695] should_fail.cold+0xa/0x15 [ 1024.784539][ T9695] ? lo_ioctl+0xcf/0x2150 [ 1024.788898][ T9695] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1024.794712][ T9695] ? __lock_acquire+0x548/0x3fb0 [ 1024.799669][ T9695] should_fail_alloc_page+0x50/0x60 [ 1024.804874][ T9695] __alloc_pages_nodemask+0x1a1/0x7e0 [ 1024.810285][ T9695] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1024.810300][ T9695] ? find_held_lock+0x35/0x130 [ 1024.810320][ T9695] ? __fget+0x35a/0x550 [ 1024.810341][ T9695] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1024.820804][ T9695] cache_grow_begin+0x9c/0x860 [ 1024.820824][ T9695] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1024.820843][ T9695] kmem_cache_alloc+0x62d/0x6f0 [ 1024.820862][ T9695] ? __fget+0x381/0x550 [ 1024.850790][ T9695] getname_flags+0xd6/0x5b0 [ 1024.855309][ T9695] do_mkdirat+0xa0/0x2a0 15:30:28 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x97, 0x40) ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0x1b) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$RDS_RECVERR(r2, 0x114, 0x5, &(0x7f0000000100)=0x1, 0x4) [ 1024.859562][ T9695] ? __ia32_sys_mknod+0xb0/0xb0 [ 1024.864422][ T9695] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1024.869884][ T9695] ? do_syscall_64+0x26/0x610 [ 1024.874572][ T9695] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1024.880647][ T9695] ? do_syscall_64+0x26/0x610 [ 1024.885339][ T9695] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1024.890664][ T9695] __x64_sys_mkdir+0x5c/0x80 [ 1024.895265][ T9695] do_syscall_64+0x103/0x610 [ 1024.899865][ T9695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1024.905765][ T9695] RIP: 0033:0x457627 [ 1024.909665][ T9695] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1024.927817][ T9851] binder: 9808:9851 got transaction with invalid data ptr [ 1024.929270][ T9695] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1024.929298][ T9695] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 15:30:28 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc01, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0xffffffff80000000}, 0x0, 0xb, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1024.929306][ T9695] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1024.929315][ T9695] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1024.929343][ T9695] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1024.946406][ T9851] binder: 9808:9851 transaction failed 29201/-14, size 8192-0 line 3179 [ 1024.952818][ T9695] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:28 executing program 3 (fault-call:0 fault-nth:26): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:28 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @loopback, @multicast2}, &(0x7f00000004c0)=0xc) bind(r0, &(0x7f0000000500)=@ll={0x11, 0x17, r1, 0x1, 0x3, 0x6, @dev={[], 0x13}}, 0x80) r2 = syz_open_dev$media(&(0x7f0000000300)='/dev/media#\x00', 0x2, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000440)={0x9, 0x1}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r4, 0x800448d3, &(0x7f00000001c0)={{0xa14, 0x4, 0x1, 0xacb, 0x800, 0x8}, 0x4, 0xd13, 0x0, 0x1, 0x3, "f2997f71deff35a2a65fb4bd527c9b212fdeb672cc8738530d4996d7a2e8a43bd0405e54642ccfa1151e71b322ca48e180d7cc6419c61a2fea6475119edfd2b684135959c4b09c3d127a5d5d17dc53c7e706c2b9934a1592531b75664186dcf73099415b0062d425e2dd1feb8acf6350ccc080cf6b0f6180221b0920f1701951"}) fstat(r3, &(0x7f00000003c0)) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x100) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r5, 0x800448d3, &(0x7f00000000c0)={{0x100000001, 0x0, 0x74, 0x9, 0x8000, 0x8}, 0x3f, 0xffffffff, 0x9, 0xff, 0x7, "4c62bf82d66893f052eae5d80a2482f1b63d512bc65a1c8e446040bde80ff886331be46a58075bdd218713004249c3f2a15d3e0038fa3c13b57d768789d3ff3da165a6f00c2961439535f2527bde8b0c7992e5536eb6d2fe40f99b3800ecf0c37a2bf6c38217680f9f56406afd8abf511d701095a70679ecc3d59a86a1604514"}) openat$audio(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/audio\x00', 0x400, 0x0) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x0, 0x0) sendfile(r5, r0, &(0x7f0000000580)=0xf, 0x1ff) write$UHID_SET_REPORT_REPLY(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="0e0000001f0000000003010149"], 0xd) pipe2(&(0x7f0000000280), 0x800) ioctl$VIDIOC_G_CROP(r6, 0xc014563b, &(0x7f0000000040)={0xa, {0x2, 0xfffffffffffffffd, 0x1f, 0x255c0914}}) 15:30:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x5000000]}) [ 1025.069551][ T9809] binder: BINDER_SET_CONTEXT_MGR already set [ 1025.086438][ T9809] binder: 9808:9809 ioctl 40046207 0 returned -16 15:30:28 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:28 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = open(&(0x7f0000000080)='./file0\x00', 0x80080, 0x100) ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) 15:30:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1025.271664][ T9931] FAULT_INJECTION: forcing a failure. [ 1025.271664][ T9931] name failslab, interval 1, probability 0, space 0, times 0 [ 1025.310531][ T9944] binder: 9930:9944 got transaction with invalid data ptr [ 1025.344549][ T9931] CPU: 0 PID: 9931 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1025.352470][ T9931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1025.352553][ T9931] Call Trace: [ 1025.352580][ T9931] dump_stack+0x172/0x1f0 [ 1025.352604][ T9931] should_fail.cold+0xa/0x15 [ 1025.352624][ T9931] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1025.352648][ T9931] ? ___might_sleep+0x163/0x280 [ 1025.352669][ T9931] __should_failslab+0x121/0x190 [ 1025.352697][ T9931] should_failslab+0x9/0x14 [ 1025.370850][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1025.375410][ T9931] kmem_cache_alloc+0x2b2/0x6f0 [ 1025.375425][ T9931] ? __d_lookup+0x433/0x760 [ 1025.375438][ T9931] ? lookup_dcache+0x23/0x140 [ 1025.375460][ T9931] ? d_lookup+0xf9/0x260 [ 1025.381725][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1025.386112][ T9931] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1025.386136][ T9931] __d_alloc+0x2e/0x8c0 [ 1025.392334][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1025.395549][ T9931] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1025.395578][ T9931] d_alloc+0x4d/0x2b0 [ 1025.401993][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1025.406389][ T9931] __lookup_hash+0xcd/0x190 [ 1025.406408][ T9931] filename_create+0x1a7/0x4f0 [ 1025.406426][ T9931] ? kern_path_mountpoint+0x40/0x40 [ 1025.406454][ T9931] ? strncpy_from_user+0x2a8/0x380 [ 1025.425550][ T9931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1025.425566][ T9931] ? getname_flags+0x277/0x5b0 [ 1025.425586][ T9931] do_mkdirat+0xb5/0x2a0 [ 1025.425611][ T9931] ? __ia32_sys_mknod+0xb0/0xb0 [ 1025.441469][ T9944] binder: BINDER_SET_CONTEXT_MGR already set [ 1025.446446][ T9931] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1025.446465][ T9931] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1025.446480][ T9931] ? do_syscall_64+0x26/0x610 [ 1025.446505][ T9931] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1025.446534][ T9931] __x64_sys_mkdir+0x5c/0x80 [ 1025.457709][ T9944] binder: 9930:9944 ioctl 40046207 0 returned -16 [ 1025.460726][ T9931] do_syscall_64+0x103/0x610 15:30:29 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x404000, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x2000}) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x6000000]}) [ 1025.460747][ T9931] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1025.460759][ T9931] RIP: 0033:0x457627 [ 1025.460775][ T9931] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1025.460783][ T9931] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1025.460798][ T9931] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 [ 1025.460806][ T9931] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 15:30:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00l\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1025.460814][ T9931] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1025.460823][ T9931] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1025.460839][ T9931] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1025.471054][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1025.502885][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1025.524516][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1025.535514][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x9, 0x4a8000) setsockopt$netrom_NETROM_T2(r1, 0x103, 0x2, &(0x7f0000000040)=0x1ff, 0x4) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1025.663538][ T9979] device nr0 entered promiscuous mode 15:30:29 executing program 3 (fault-call:0 fault-nth:27): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x7000000]}) [ 1025.784831][T10057] binder: 10053:10057 got transaction with invalid data ptr [ 1025.811296][T10093] binder: BINDER_SET_CONTEXT_MGR already set [ 1025.817311][T10093] binder: 10053:10093 ioctl 40046207 0 returned -16 15:30:29 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, &(0x7f00000000c0)={0xffffffffffff0001, 0x4}) 15:30:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x8000000]}) [ 1025.877601][T10165] FAULT_INJECTION: forcing a failure. [ 1025.877601][T10165] name failslab, interval 1, probability 0, space 0, times 0 15:30:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:29 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$unix(r1, &(0x7f0000000080)=@abs, &(0x7f0000000100)=0x6e) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x100000002, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000040)={0xf, {0x0, 0x8, 0x2bbb5cb0, 0xf4}}) [ 1025.989508][T10165] CPU: 1 PID: 10165 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1025.997526][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1026.007581][T10165] Call Trace: [ 1026.010889][T10165] dump_stack+0x172/0x1f0 [ 1026.015231][T10165] should_fail.cold+0xa/0x15 [ 1026.019846][T10165] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1026.025690][T10165] ? ___might_sleep+0x163/0x280 [ 1026.030577][T10165] __should_failslab+0x121/0x190 [ 1026.033178][T10179] binder: 10178:10179 got transaction with invalid data ptr [ 1026.035524][T10165] should_failslab+0x9/0x14 [ 1026.035540][T10165] kmem_cache_alloc+0x2b2/0x6f0 [ 1026.035565][T10165] ? __d_lookup+0x433/0x760 [ 1026.035587][T10165] ? lookup_dcache+0x23/0x140 [ 1026.045653][T10180] binder: BINDER_SET_CONTEXT_MGR already set [ 1026.047351][T10165] ? d_lookup+0xf9/0x260 [ 1026.047371][T10165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1026.047388][T10165] __d_alloc+0x2e/0x8c0 [ 1026.047410][T10165] ? __sanitizer_cov_trace_cmp4+0x16/0x20 15:30:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1026.052390][T10180] binder: 10178:10180 ioctl 40046207 0 returned -16 [ 1026.056758][T10165] d_alloc+0x4d/0x2b0 [ 1026.056778][T10165] __lookup_hash+0xcd/0x190 [ 1026.056803][T10165] filename_create+0x1a7/0x4f0 [ 1026.061742][T10179] binder_alloc: 10178: binder_alloc_buf, no vma [ 1026.067434][T10165] ? kern_path_mountpoint+0x40/0x40 [ 1026.067450][T10165] ? strncpy_from_user+0x2a8/0x380 [ 1026.067468][T10165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1026.067486][T10165] ? getname_flags+0x277/0x5b0 [ 1026.101895][T10165] do_mkdirat+0xb5/0x2a0 [ 1026.101915][T10165] ? __ia32_sys_mknod+0xb0/0xb0 [ 1026.101943][T10165] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1026.101962][T10165] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1026.101983][T10165] ? do_syscall_64+0x26/0x610 [ 1026.118152][T10165] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1026.118171][T10165] __x64_sys_mkdir+0x5c/0x80 [ 1026.118192][T10165] do_syscall_64+0x103/0x610 [ 1026.143340][T10165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1026.143353][T10165] RIP: 0033:0x457627 [ 1026.143368][T10165] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1026.143383][T10165] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1026.164842][T10165] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 [ 1026.197378][T10187] binder: 10184:10187 got transaction with invalid data ptr [ 1026.203337][T10165] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 15:30:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xa000000]}) [ 1026.203347][T10165] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1026.203355][T10165] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1026.203363][T10165] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:29 executing program 3 (fault-call:0 fault-nth:28): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0xffffffffffffffff, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000000)=0x0) move_pages(r1, 0x9, &(0x7f0000000040)=[&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0xd000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil], &(0x7f00000000c0)=[0x2, 0x35e7, 0xd5, 0x7, 0x81, 0x76, 0x1, 0x4, 0x8, 0x8000], &(0x7f0000000100)=[0x0, 0x0], 0x4) 15:30:29 executing program 0: fstat(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$jfs(&(0x7f0000000080)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0xc9, 0x3, &(0x7f00000003c0)=[{&(0x7f0000000100)="45634a87917f67713b972d923afe03f093c025a852ab1bee798e1c53716a5c35591d481d6fdc05568c182fb7b79699efffe0d8a8881ec531afb199b5af8559e901b04a8638dcbcef4748d32d59831de83ae1bd0bc1c15c24fc98b91bbb7b320c7a37ff2211d835f85a49031c630c5b8ae3381df668bb82337db810761763af9f7bf79e1d99d9bf4885a0058e722ca1946648544020068cbaab4703b093ddda031cc0a7f1fe196ee75a2981c5834aa11ada71ac170e1dc455bef23aa26b7ffe6b419ffc1142e8942e0e89981c2ba3beab1edc17af30676359", 0xd8, 0xfffffffffffffffd}, {&(0x7f0000000200)="7cdb053580ceb89dc1c54e5705e587751c3bae4e03efeaa35a6bb5d540a743d16b06cb728771fd98a208afdfb9561a436e8a9f4398d7bf6d1f0e8ae27608c84c36cfed1e558fc97d9892a64fd1db9f759ddfe12b6081a3b3c076f612b8a84c7c434182fa877a572502c7a783b504972666d02783b1eab86fe77ba39fea589480ca8eaa4edb57b160bd1c99d3915a2cab4f6b487ddf20117c45f9a4825a0f6f963ce56d1ae2c5420fe3cd7c9326b30142", 0xb0, 0x7fffffff}, {&(0x7f00000002c0)="fbe1fe0c51369f8d4f5eafc6079c425434aa48f9f409f8e7baeaf03ac5f64b5c2f21e6dbe9256cd26f6f7261cdddab54f183b1d7a0994650c88f7e5a9328f82f006c34a12e033a9d8fa7c9ef85f8eeef0e2863627ae24833270fab76549f967971fbc19afa91e63205d06c42b642f5b70e938b6e1ae606b763c8ac15f7939d77885890e41b4bf94686c1768f6352b1ef219ab8f3bfc4a0988f2f6963a4224e0bded8dde9def309017f41df138c3101c432a27afa83fbbcb0996910341c999eeb65c6397ac3dcdc89b158b903195bf307140edd9eed492741f036fcf9f6452befd96f0b3d", 0xe4, 0x5}], 0x1000000, &(0x7f0000000580)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r0, @ANYBLOB=',discard=0xffffffffffffffff,discard=0x0000000000000\\1c,grpqpota,gid=', @ANYRESHEX=r1, @ANYBLOB=',quota,errors=remount-ro,iocharset=cp949,dont_hash,seclabel,dont_measure,func=KEXEC_INITRAMFS_CHECK,\x00']) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000002380)='/dev/autofs\x00', 0x400, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000023c0)={@rand_addr="45cefd308b6c7a07e3213e5566c37c0b", 0x6, 0x2, 0x2, 0x9, 0x10000, 0xbeb0}, &(0x7f0000002400)=0x20) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x48000000]}) [ 1026.389660][T10219] device nr0 entered promiscuous mode [ 1026.451641][T10304] FAULT_INJECTION: forcing a failure. [ 1026.451641][T10304] name failslab, interval 1, probability 0, space 0, times 0 [ 1026.464824][T10304] CPU: 1 PID: 10304 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1026.473324][T10304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1026.483374][T10304] Call Trace: [ 1026.486688][T10304] dump_stack+0x172/0x1f0 [ 1026.491040][T10304] should_fail.cold+0xa/0x15 [ 1026.493603][T10311] binder: BINDER_SET_CONTEXT_MGR already set 15:30:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000009400000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1026.495642][T10304] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1026.507494][T10304] ? __es_tree_search.isra.0+0x1bf/0x230 [ 1026.508363][T10311] binder: 10184:10311 ioctl 40046207 0 returned -16 [ 1026.513161][T10304] __should_failslab+0x121/0x190 [ 1026.513181][T10304] should_failslab+0x9/0x14 [ 1026.513197][T10304] kmem_cache_alloc+0x47/0x6f0 [ 1026.513211][T10304] ? ext4_es_scan+0x6f0/0x6f0 [ 1026.513227][T10304] ? do_raw_write_lock+0x124/0x290 [ 1026.513259][T10304] __es_insert_extent+0x2cc/0xf20 [ 1026.520118][T10187] binder_alloc: 10184: binder_alloc_buf, no vma [ 1026.524766][T10304] ext4_es_insert_extent+0x2b7/0xa40 [ 1026.524787][T10304] ? ext4_es_scan_clu+0x50/0x50 [ 1026.524811][T10304] ? rcu_read_lock_sched_held+0x110/0x130 [ 1026.524826][T10304] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1026.524840][T10304] ? ext4_es_find_extent_range+0xff/0x600 [ 1026.524864][T10304] ext4_ext_put_gap_in_cache+0xfe/0x150 [ 1026.555120][T10304] ? ext4_rereserve_cluster+0x240/0x240 [ 1026.555155][T10304] ? ext4_find_extent+0x76e/0x9d0 [ 1026.555185][T10304] ? ext4_find_extent+0x6a6/0x9d0 [ 1026.555209][T10304] ext4_ext_map_blocks+0x2146/0x5300 [ 1026.565385][T10304] ? ext4_ext_release+0x10/0x10 [ 1026.565440][T10304] ? lock_acquire+0x16f/0x3f0 [ 1026.565455][T10304] ? ext4_map_blocks+0x3fd/0x18e0 [ 1026.565480][T10304] ext4_map_blocks+0xec7/0x18e0 [ 1026.628906][T10304] ? ext4_issue_zeroout+0x190/0x190 [ 1026.634108][T10304] ? kasan_check_write+0x14/0x20 [ 1026.639043][T10304] ? __brelse+0x95/0xb0 [ 1026.643197][T10304] ext4_getblk+0xc4/0x510 [ 1026.647532][T10304] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1026.652574][T10304] ? ext4_free_inode+0x1450/0x1450 [ 1026.657680][T10304] ext4_bread+0x8f/0x230 [ 1026.661916][T10304] ? ext4_getblk+0x510/0x510 [ 1026.666523][T10304] ext4_append+0x155/0x370 [ 1026.670941][T10304] ext4_mkdir+0x61b/0xdf0 [ 1026.675301][T10304] ? ext4_init_dot_dotdot+0x520/0x520 [ 1026.680682][T10304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1026.686909][T10304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1026.693247][T10304] ? security_inode_permission+0xd5/0x110 [ 1026.698964][T10304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1026.705198][T10304] ? security_inode_mkdir+0xee/0x120 [ 1026.710518][T10304] vfs_mkdir+0x433/0x690 [ 1026.714758][T10304] do_mkdirat+0x234/0x2a0 [ 1026.719085][T10304] ? __ia32_sys_mknod+0xb0/0xb0 [ 1026.723928][T10304] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1026.729383][T10304] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1026.735469][T10304] ? do_syscall_64+0x26/0x610 [ 1026.740169][T10304] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1026.745474][T10304] __x64_sys_mkdir+0x5c/0x80 [ 1026.750066][T10304] do_syscall_64+0x103/0x610 [ 1026.754654][T10304] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1026.760535][T10304] RIP: 0033:0x457627 [ 1026.764455][T10304] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1026.784048][T10304] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1026.792452][T10304] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 [ 1026.800416][T10304] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1026.808377][T10304] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1026.816341][T10304] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1026.824308][T10304] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1026.834259][T10320] binder: 10315:10320 got transaction with invalid data ptr 15:30:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x3f, 0x10000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'rose0\x00', 0x8000}) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:30 executing program 3 (fault-call:0 fault-nth:29): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1026.922030][T10320] binder: BINDER_SET_CONTEXT_MGR already set [ 1026.948437][T10320] binder: 10315:10320 ioctl 40046207 0 returned -16 15:30:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x4c000000]}) [ 1026.975406][T10317] binder_alloc: 10315: binder_alloc_buf, no vma [ 1026.994744][ T12] binder_release_work: 9 callbacks suppressed [ 1026.994752][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1027.054926][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 1027.101575][T10436] FAULT_INJECTION: forcing a failure. [ 1027.101575][T10436] name failslab, interval 1, probability 0, space 0, times 0 [ 1027.137152][T10436] CPU: 0 PID: 10436 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 15:30:30 executing program 5: close(0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000840)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r2, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, 0xffffffffffffffff, 0x0, 0xfffffd8b}]) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x2080, 0x0) write$P9_RREMOVE(r3, &(0x7f00000000c0)={0x7, 0x7b, 0x2}, 0x7) 15:30:30 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x20080, 0x1f) accept4$ax25(r1, 0x0, &(0x7f00000000c0), 0x800) 15:30:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x2, 0x2000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2004020}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x168, r2, 0x20, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}]}, @TIPC_NLA_NODE={0x3c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80000000}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x795}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x418eb4c1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x956}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x16}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xdc7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80000000}]}, @TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_NET={0x1c, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x87b}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x40}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}]}]}, 0x168}, 0x1, 0x0, 0x0, 0x40}, 0x8010) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1027.145159][T10436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.155386][T10436] Call Trace: [ 1027.158686][T10436] dump_stack+0x172/0x1f0 [ 1027.163038][T10436] should_fail.cold+0xa/0x15 [ 1027.167639][T10436] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1027.173455][T10436] ? ___might_sleep+0x163/0x280 [ 1027.178325][T10436] __should_failslab+0x121/0x190 [ 1027.183298][T10436] should_failslab+0x9/0x14 [ 1027.187810][T10436] __kmalloc+0x2dc/0x740 [ 1027.192075][T10436] ? ext4_find_extent+0x76e/0x9d0 [ 1027.197111][T10436] ext4_find_extent+0x76e/0x9d0 [ 1027.201987][T10436] ext4_ext_map_blocks+0x1cc/0x5300 [ 1027.207205][T10436] ? ext4_ext_release+0x10/0x10 [ 1027.212082][T10436] ? lock_acquire+0x16f/0x3f0 [ 1027.216770][T10436] ? ext4_map_blocks+0x3fd/0x18e0 [ 1027.221935][T10436] ext4_map_blocks+0xec7/0x18e0 [ 1027.226816][T10436] ? ext4_issue_zeroout+0x190/0x190 [ 1027.232047][T10436] ? kasan_check_write+0x14/0x20 [ 1027.236987][T10436] ? __brelse+0x95/0xb0 [ 1027.241206][T10436] ext4_getblk+0xc4/0x510 [ 1027.245587][T10436] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1027.250684][T10436] ? ext4_free_inode+0x1450/0x1450 [ 1027.255846][T10436] ext4_bread+0x8f/0x230 [ 1027.260098][T10436] ? ext4_getblk+0x510/0x510 [ 1027.264707][T10436] ext4_append+0x155/0x370 [ 1027.269132][T10436] ext4_mkdir+0x61b/0xdf0 [ 1027.273508][T10436] ? ext4_init_dot_dotdot+0x520/0x520 [ 1027.278914][T10436] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1027.285166][T10436] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1027.285185][T10436] ? security_inode_permission+0xd5/0x110 [ 1027.285222][T10436] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1027.303760][T10436] ? security_inode_mkdir+0xee/0x120 [ 1027.309054][T10436] vfs_mkdir+0x433/0x690 [ 1027.313303][T10436] do_mkdirat+0x234/0x2a0 [ 1027.317647][T10436] ? __ia32_sys_mknod+0xb0/0xb0 [ 1027.322516][T10436] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1027.327997][T10436] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1027.334069][T10436] ? do_syscall_64+0x26/0x610 [ 1027.338749][T10436] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1027.344035][T10436] __x64_sys_mkdir+0x5c/0x80 [ 1027.348622][T10436] do_syscall_64+0x103/0x610 [ 1027.353213][T10436] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1027.359094][T10436] RIP: 0033:0x457627 [ 1027.362985][T10436] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1027.383086][T10436] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1027.391492][T10436] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 15:30:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x68000000]}) 15:30:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x111000, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x1}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000000c0)={r2, 0x100, 0x1, 0xffffffffffffff81}, 0x10) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1027.399467][T10436] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1027.407438][T10436] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1027.415402][T10436] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1027.423367][T10436] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:31 executing program 0: syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) 15:30:31 executing program 3 (fault-call:0 fault-nth:30): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1027.557198][T10556] binder: 10555:10556 got transaction with invalid data ptr [ 1027.584929][T10563] binder: BINDER_SET_CONTEXT_MGR already set [ 1027.597582][T10563] binder: 10555:10563 ioctl 40046207 0 returned -16 15:30:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x6c000000]}) [ 1027.617012][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 15:30:31 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00q0\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000580)=@filter={'filter\x00', 0xe, 0x2, 0x1d0, [0x0, 0x20000100, 0x20000130, 0x20000200], 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000040000006b7400000000ffffffff010000000300000000000000000069703667726530000000000000001b60df271ff5363b8998ee2c57cf00007465616d30000000000000000000000076657468305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa00000000000000ffffffffffff00000000000000007000000070000000a00000004155444954000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000bdc93ccf5b14bcf1860000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0100000011000000000000000000766c616e3000000000000000000000006c6f000000000000000000000000000000000000000062726964676530000000000000000000ffffffff0a1b000000000000aaaaaaaaaa0000000000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000205e00000800000000000000000000000000000000"]}, 0x256) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000180)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000019feb7d58db6a47346852080f1eefa5958a87b7e20c0d1c0318a1b0f39a475c1aa06052169f59af63d0610704a668beae06e3b7299faabd5f2f414f843bfe76ce17b590593dd88d2d7b16892d350884b5c5205"], 0x98) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'irlan0\x00'}, 0x18) prctl$PR_MCE_KILL_GET(0x22) r3 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x98c0, 0x0) write$tun(r3, &(0x7f0000000080)={@void, @val={0x1, 0x7, 0xa0, 0x23, 0x1, 0xfffffffffffff000}, @x25={0x0, 0x9, 0xff, "5ad155ee0ecd7db7de4409623fb8577d263fd9fe0fa8e7922f3fe2bc477ae652d65f24b70b166ad4936a390179c340e995bfacdc0b42eaf35dcc97da8429124c5d96751fcd007669725744e6235f4d01e43fbb0d517f4e970a6d86765f44e24ab38fc09ed64c67fc86b2c67f5a97e2e5dbe80a4efaa589d3bfdda2daf82eb981633d13fc362ecde9f8adb0303f98dd47603d3030aa0f2d962be7dc87fd4d1bda3ab707da77188484a7ea3a7b6a93158587a1cd67bfebffb64c768c86b2f26524"}}, 0xcd) [ 1027.795800][T10580] binder_transaction: 9 callbacks suppressed [ 1027.795818][T10580] binder: 10577:10580 transaction failed 29201/-14, size 8192-0 line 3179 [ 1027.823846][T10582] FAULT_INJECTION: forcing a failure. [ 1027.823846][T10582] name failslab, interval 1, probability 0, space 0, times 0 [ 1027.836719][T10582] CPU: 0 PID: 10582 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1027.844702][T10582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.854762][T10582] Call Trace: [ 1027.858063][T10582] dump_stack+0x172/0x1f0 [ 1027.862405][T10582] should_fail.cold+0xa/0x15 [ 1027.867000][T10582] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1027.872811][T10582] ? __es_tree_search.isra.0+0x1bf/0x230 [ 1027.872833][T10582] __should_failslab+0x121/0x190 [ 1027.872851][T10582] should_failslab+0x9/0x14 [ 1027.872867][T10582] kmem_cache_alloc+0x47/0x6f0 15:30:31 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'nr0\x01\x00', 0x4002}) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') r4 = socket(0x1e, 0x805, 0x0) r5 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000100)=@req3={0x80000000, 0x1}, 0x159) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x2, 0x3ff}, 0x94) sendmsg(r4, &(0x7f0000000000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0) flock(r1, 0x4) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r6, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x800000000000, r1, 0x0}]) 15:30:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x74000000]}) 15:30:31 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vfio/vfio\x00', 0x20000, 0x0) bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x1, 0x0, 0x4, 0xfffffffffffffffc, 0x0, "ce939ada2d0823594b1824ebba8d707ad9f2b2a2aca360bf4f1ec3865ff60c9444073278f6da9424bb945c40ad00000000000000000000001700", 0x2b}, 0x60) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x3, 0x80) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000280)={0x0, 0x1}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000300)={r3, 0x5, 0x20, 0xfffffffffffffeff, 0x7ff}, &(0x7f0000000340)=0x18) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000401e}, 0xc, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYRES64, @ANYRES16=r4, @ANYBLOB="04022abd7000000000000d0000000800040001000000"], 0x3}, 0x1, 0x0, 0x0, 0x8800}, 0x40) ioctl$VHOST_GET_VRING_ENDIAN(r2, 0x4008af14, &(0x7f0000000040)={0x2, 0x9}) [ 1027.872882][T10582] ? ext4_es_scan+0x6f0/0x6f0 [ 1027.872898][T10582] ? do_raw_write_lock+0x124/0x290 [ 1027.872917][T10582] __es_insert_extent+0x2cc/0xf20 [ 1027.907606][T10582] ext4_es_insert_extent+0x2b7/0xa40 [ 1027.912907][T10582] ? ext4_es_scan_clu+0x50/0x50 [ 1027.917774][T10582] ? rcu_read_lock_sched_held+0x110/0x130 [ 1027.917790][T10582] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1027.917810][T10582] ? ext4_es_find_extent_range+0xff/0x600 [ 1027.935481][T10582] ext4_ext_put_gap_in_cache+0xfe/0x150 [ 1027.941050][T10582] ? ext4_rereserve_cluster+0x240/0x240 [ 1027.946606][T10582] ? ext4_find_extent+0x76e/0x9d0 [ 1027.951641][T10582] ? ext4_find_extent+0x6a6/0x9d0 [ 1027.956684][T10582] ext4_ext_map_blocks+0x2146/0x5300 [ 1027.961983][T10582] ? ext4_ext_release+0x10/0x10 [ 1027.966873][T10582] ? lock_acquire+0x16f/0x3f0 [ 1027.971566][T10582] ? ext4_map_blocks+0x3fd/0x18e0 [ 1027.973939][T10589] binder: BINDER_SET_CONTEXT_MGR already set [ 1027.976604][T10582] ext4_map_blocks+0xec7/0x18e0 [ 1027.976628][T10582] ? ext4_issue_zeroout+0x190/0x190 [ 1027.976652][T10582] ? kasan_check_write+0x14/0x20 [ 1027.997575][T10582] ? __brelse+0x95/0xb0 [ 1028.001747][T10582] ext4_getblk+0xc4/0x510 [ 1028.006091][T10582] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1028.011130][T10582] ? ext4_free_inode+0x1450/0x1450 [ 1028.016247][T10582] ext4_bread+0x8f/0x230 [ 1028.016263][T10582] ? ext4_getblk+0x510/0x510 [ 1028.016283][T10582] ext4_append+0x155/0x370 [ 1028.029557][T10582] ext4_mkdir+0x61b/0xdf0 [ 1028.033907][T10582] ? ext4_init_dot_dotdot+0x520/0x520 [ 1028.039298][T10582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1028.045563][T10582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1028.051816][T10582] ? security_inode_permission+0xd5/0x110 [ 1028.057552][T10582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1028.062910][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1028.063797][T10582] ? security_inode_mkdir+0xee/0x120 [ 1028.063818][T10582] vfs_mkdir+0x433/0x690 [ 1028.063837][T10582] do_mkdirat+0x234/0x2a0 [ 1028.063857][T10582] ? __ia32_sys_mknod+0xb0/0xb0 [ 1028.075305][T10582] ? trace_hardirqs_on_thunk+0x1a/0x1c 15:30:31 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000240)='/dev/bus/usb/00#/00#\x00', 0x1, 0x100) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000280)) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) fcntl$setlease(r0, 0x400, 0x2) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000300)='ip6_vti0\x00') connect$nfc_llcp(r2, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r3 = accept(r2, &(0x7f00000003c0)=@nfc, &(0x7f00000002c0)=0xffffffffffffff36) setsockopt$inet6_MRT6_DEL_MFC(r3, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e24, 0x8, @empty, 0x6}, {0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x8}, 0x81, [0x7, 0xe9, 0xadd, 0x0, 0x1ff, 0x4, 0xffffffff80000000, 0x5]}, 0x5c) ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f00000004c0)) r4 = dup3(r0, r0, 0x80000) symlinkat(&(0x7f0000000080)='./file0\x00', r4, &(0x7f00000000c0)='./file0\x00') openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x2000, 0x0) getpeername$unix(r4, &(0x7f0000000440)=@abs, &(0x7f0000000040)=0x6e) syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$inet_mreq(r3, 0x0, 0x20, &(0x7f0000000180)={@broadcast, @broadcast}, &(0x7f00000001c0)=0x8) connect$vsock_dgram(r4, &(0x7f0000000000)={0x28, 0x0, 0x0, @my=0x1}, 0x10) [ 1028.075324][T10582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1028.075338][T10582] ? do_syscall_64+0x26/0x610 [ 1028.075359][T10582] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1028.081130][T10589] binder: 10577:10589 ioctl 40046207 0 returned -16 [ 1028.083914][T10582] __x64_sys_mkdir+0x5c/0x80 [ 1028.083932][T10582] do_syscall_64+0x103/0x610 [ 1028.083951][T10582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1028.083969][T10582] RIP: 0033:0x457627 [ 1028.135795][T10582] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1028.155388][T10582] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1028.163814][T10582] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 [ 1028.171791][T10582] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1028.179751][T10582] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1028.187718][T10582] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1028.195682][T10582] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x7a000000]}) 15:30:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:31 executing program 3 (fault-call:0 fault-nth:31): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:31 executing program 0: llistxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=""/4096, 0x1000) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1028.398121][T10706] binder: 10704:10706 transaction failed 29201/-14, size 8192-0 line 3179 15:30:31 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$vivid(&(0x7f0000006100)='/dev/video#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005f00)=[{{&(0x7f00000058c0)=@l2, 0x80, &(0x7f00000000c0)=[{&(0x7f0000005940)=""/102, 0x66}, {&(0x7f00000059c0)=""/153, 0x99}], 0x2, &(0x7f0000005a80)=""/132, 0x84}, 0xbae}, {{&(0x7f0000005b40)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000005c00)=[{&(0x7f0000005bc0)=""/62, 0x3e}], 0x1, &(0x7f0000005c40)=""/66, 0x42}, 0x5}, {{&(0x7f0000005cc0)=@nfc, 0x80, &(0x7f0000005e00)=[{&(0x7f0000005d40)=""/34, 0x22}, {&(0x7f0000005d80)=""/98, 0x62}], 0x2, &(0x7f0000005e40)=""/150, 0x96}, 0x5}], 0x3, 0x10000, &(0x7f0000005fc0)) getsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000006000), &(0x7f0000006040)=0x4) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000040)={0x9, 0x0, 0x2, 0x7ff}) ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0106438, &(0x7f0000000080)={0x1fffffffe000, r3}) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) fsetxattr$security_smack_entry(r1, &(0x7f0000006080)='security.SMACK64\x00', &(0x7f00000060c0)='ccm_base(ecb(cast5),hmac(sha384))\x00', 0x22, 0x0) [ 1028.452909][T10715] FAULT_INJECTION: forcing a failure. [ 1028.452909][T10715] name failslab, interval 1, probability 0, space 0, times 0 [ 1028.466984][T10718] binder: BINDER_SET_CONTEXT_MGR already set 15:30:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xbf000000]}) [ 1028.523470][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1028.543791][T10706] binder_alloc: 10704: binder_alloc_buf, no vma [ 1028.583920][T10718] binder: 10704:10718 ioctl 40046207 0 returned -16 [ 1028.588758][T10715] CPU: 1 PID: 10715 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1028.598639][T10715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1028.603903][T10706] binder: 10704:10706 transaction failed 29189/-3, size 8192-0 line 3147 [ 1028.608693][T10715] Call Trace: [ 1028.608718][T10715] dump_stack+0x172/0x1f0 [ 1028.608740][T10715] should_fail.cold+0xa/0x15 [ 1028.608761][T10715] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1028.635130][T10715] ? ___might_sleep+0x163/0x280 [ 1028.640018][T10715] __should_failslab+0x121/0x190 [ 1028.644984][T10715] should_failslab+0x9/0x14 [ 1028.647271][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 1028.649524][T10715] __kmalloc+0x2dc/0x740 [ 1028.649543][T10715] ? mark_held_locks+0xa4/0xf0 [ 1028.649558][T10715] ? kfree+0x173/0x230 [ 1028.649592][T10715] ? ext4_find_extent+0x76e/0x9d0 [ 1028.673799][T10715] ext4_find_extent+0x76e/0x9d0 [ 1028.678665][T10715] ext4_ext_map_blocks+0x1cc/0x5300 [ 1028.683879][T10715] ? ext4_ext_release+0x10/0x10 [ 1028.688730][T10715] ? find_held_lock+0x35/0x130 [ 1028.693531][T10715] ? lock_acquire+0x16f/0x3f0 [ 1028.698213][T10715] ? ext4_map_blocks+0x85d/0x18e0 [ 1028.703259][T10715] ext4_map_blocks+0x8c5/0x18e0 [ 1028.703290][T10715] ? ext4_issue_zeroout+0x190/0x190 [ 1028.713329][T10715] ? kasan_check_write+0x14/0x20 [ 1028.718271][T10715] ? __brelse+0x95/0xb0 [ 1028.722441][T10715] ext4_getblk+0xc4/0x510 [ 1028.726785][T10715] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1028.731837][T10715] ? ext4_free_inode+0x1450/0x1450 [ 1028.736961][T10715] ext4_bread+0x8f/0x230 [ 1028.741201][T10715] ? ext4_getblk+0x510/0x510 [ 1028.745792][T10715] ext4_append+0x155/0x370 [ 1028.750204][T10715] ext4_mkdir+0x61b/0xdf0 [ 1028.754542][T10715] ? ext4_init_dot_dotdot+0x520/0x520 [ 1028.759909][T10715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1028.766141][T10715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1028.772400][T10715] ? security_inode_permission+0xd5/0x110 [ 1028.778115][T10715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1028.784356][T10715] ? security_inode_mkdir+0xee/0x120 [ 1028.789638][T10715] vfs_mkdir+0x433/0x690 [ 1028.793881][T10715] do_mkdirat+0x234/0x2a0 [ 1028.798208][T10715] ? __ia32_sys_mknod+0xb0/0xb0 [ 1028.803055][T10715] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1028.808515][T10715] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1028.814586][T10715] ? do_syscall_64+0x26/0x610 [ 1028.819258][T10715] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1028.824538][T10715] __x64_sys_mkdir+0x5c/0x80 [ 1028.829160][T10715] do_syscall_64+0x103/0x610 [ 1028.833757][T10715] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1028.839648][T10715] RIP: 0033:0x457627 [ 1028.843535][T10715] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1028.863711][T10715] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1028.872534][T10715] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 15:30:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xfd000000]}) 15:30:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000b050000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:32 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0xa0001, 0x0) sendmmsg$nfc_llcp(r0, &(0x7f00000071c0)=[{&(0x7f0000000180)={0x27, 0x1, 0x1, 0x4, 0x100000000, 0x2, "823ed49479d2bc8c1d1d61e23bc3b4f0ead6672b36083947df07cde348cb7070068e334c79343de4b90e840a06eebc01bfdfb2510c70b19458fed91bfc3617", 0x2d}, 0x60, &(0x7f0000001440)=[{&(0x7f0000000200)="54cdd8269762eb364e62ea3912b5bdcda33b6cc55b41f85f13635e4c52f8d900c4350366b2a94ad56bca52d9f954979ff65ab4d39c77b7b19e0fca6705477bd1a0b7965a201ff40d35796c64598980b13795a9c73ee3d42b93545abce7fb6759255bfe57550db811daa83f2ee734f6c24d8adaf90040328be86ac78d906cdee7982f044e3070c509f4a146150ad57dcc9a0d9e50291ff92f70470b17c95f86951843630b6c5ab275f162672057a37bfd8340e3972983d580d9d5ba96344515815197812cb49d4918c8820174eb9dbfdcdd4751e4a515aa3d45e9c9e5fa30b9c2e425085b653bb6c679", 0xe9}, {&(0x7f0000000300)="a7dd8ea4d956645de8371070f2a0ea350c5393d3b590085c52aa6a2278d0530af29503d1f841e594bbc24127cbf6001eb0e46b73930f42cf6070430a190e68f7ef7b3ed8e475046ab34799df99fcd717d16ebb6be9d39603a9dd1636144ad2e02d604e33e08071871ef77d7ff6aee3a7ef8afc253aad36091e0828cbcb4bce735b2f1052272554b4d5d7a5c7331b79b1e574c11ecf3a4b895e3333d9a3ef7da366da6cf0cb1b5fee106f0782d403583c", 0xb0}, {&(0x7f00000003c0)="db99fd5304fc303a77a781a6afd59303e8e5cc30e57a4230840263f48cfb4a18b181f72b0eaca46f2e547fcb256ea5e03e4193fe66c99da9d58fb0c8d7c78f9cf2ecdf9f473d50310ed5e5168b22a504521e1d823d7568fc6a", 0x59}, {&(0x7f0000000440)="8fb89242f5a10bd340a9929a7a2c2c6b78440bb82b32c0688b9b263ee4f4345d702754773f95ac31d06a23ee7730053de0257dc7b43e037f485e94bcbc3f57f32106748545c6a076c3496699a6504b902f16aa8ab7a20061c164896552276adcbcd8ed49a300b8a609e90a2dcce1e0e8f65dad589f61a773914b17683b2f2a98216c352fd4872a8b065e1fac119185f473057c13b878830de70015e5d1e96e5782ebe2ab0ca761767f0e047c3cfb4068b1c6d226907042c592e7d05ccecc023e8dab3ced2943e42385f333530a2c4192dbc0f10d653b5bf02b4ede2f57981b0d5b914d8d786e45e22ed78fa79e77d5c5d2ac445c37ff8b2fc866377fa156e1fde0eba93b1c958228ef9728ddedcc833b2a323390c63585a2fdc37f137350e6c3a0be5a8d0ac3b4ec1d28e43f0667f6a8480de7315487e791d7e615603360f9ea3810df40abd9475ee484155b36f3c2079aff94195e9b2bfd5efb59d78b463a809d83a97d4048aa5cb36bcfacdd237b75ce52dbbe41e4e54c62cb2b31f9c3e2fe98dac820ebafa376d3018f21824a9722889cab0d144a8c943f4ef7ff460e699dc5e2c0e8fc8b0e86b7c5174cfa1cbb4e85e239158c8d19e994768c8473ebdfe8573cc2f8613ea64ce49a109c28199b7599bdbb8f144e9798f85c99fb8626a6f37750820fdc9f86e54f5f81b8d34715be7436fe3d5894cd34f29ddf117ba1d0121747061ff53553902cf8a1af2622fc91d273ef9121e8c568a331c7ace050c01036744ae411bd61944ea133ad67f31c0b32469f98ce9ec21ab6bbd2baceb72fcd6fd8aad91e34262ecf271724361977840dde14315fc95c84d44c807f7750c551c02c418abb6a6f6ca7f196d403b8b2b3c5a93cd5b000b036f8daaab4a01280eb9d23c91a54ee15b6b785b9a361fe01c22416a27c5eef2eecd568be4c61d93db928fc22f0d4b4c050dea5e79d4f919f99b3706c788bfcecd0eb412a6a7465f87827722cdc16443422d29fa4596653d4d5450494625908b13898fb024bcc52b2bce1cfed90173fda9ef71809ab8d0c1a19f8f3633b885fad6ee6654553a2419e98a956e20be4ba0a4d43f71a1c0dbc0982d8e96e979038fbe578fc546f7b28608a3c0f6019d4050c4b5bd784d2d921e29cd12781b0206dae8ce22dd08b468200789d7fd317061481f0f245627032a47c027ab435e2d9aa63ee9506a6b97a17165770b61931c6e1f24b1cfd2a6d4bfb8bef83f4bd08bf400c6c3026040924e97b53721f36479965edce5edd1ab11b96bbc9f985551da13b80ec9ccde6ec045ae83ad204574e56a54e1270eac3f53f23e1d7b9bd16818b00b21f4c377d73e48a123c1d5deeacc03559a03cbaed088defdac7ca02316ec1fc9197edfed19d1c48526cb00e248011fd7f8539271d859664743a598cdc01daa3d41aecef184fb9f6a9e0fbb9dc5fc797e66533fdb23f705d90247be36c6e99fda39fc4d07b8d07eca460be9be1cfd53784df7f88997c89169efa48f89e74686c9d04a7f4d20bf87f145aec53375d50a752fdec64e5a4d25c4174ae9cbc2cabd449748ed157dd1102b6934a80d42a182d3a8fe736b6ccdc77a8e9cb60473a198c49967de4a90abe0c0bc164ced9cfc520d45b0d63d36cfc40f4ad9911b704e65b7fa4893097e8684b642ba1a45f7351c76a4f13b4f11c067bdff518e635b617b32a225ff0693b450574a204fb47d1ebfa6c5910e20c802b973ed7e559339fad716c527be66e8e1b0ddb78eb941c855dd6b2491ca7a1339b1d0a7783528b826f3fe954edf8737e5ed31d9c377b7db1b69bf4b2c0d48d68e0588f5d506731675cb367d2a65e6726a569d6b796a8c082b3ce20763e6829e1e1dbc2ea6553fd3ad8876f1cdb82d465cf3bd380c93688b5b3420b951db09f5f1713990d4e4f8ebfbdfe16386332b887e571f5eacb90a7a1e7b5218d6ba9ed659a1b858f7db81865631312b38c3ca531f53d01e5f92b791c3f25d7a56d02b6832ca0a8dce9e57ff93c74adb788deef1aeefdb8922c6d28be19684c72eaeba0ca8ce54ddedfd787391eb5b6ff56ba6d6b341cd350ab3217fc980aff461f895eb536d1f5f896c1030711f7669c8015ec3069a7eab0f61ba1cc049a40ca2f95988a25d6d6d4fd40b1bec1ddc34e160294a58e8457dc7bdaa0e128be515a3fb1edb3a140abd65a4dfd08b169ba40e93d4872f2f394acbb3e14f29db654a38d9467f4168030a1b9c816817e45650d741006452a344872f889d40f37570ca944f9076ac943762c0da6386359875cf88436ff5956c1f494c72aaf5556a4634a36157128e5759570ce38ff419f8a55e55de737f5523e7c432b5f88ed9ce8f3923b25b92e4894374add97a0e188dd2a7e9a3f0daf0241fb95302043cfa18e729a1c6e82c2762f72662fe99ad49262dcdb4342c9b2cd4379985fb4029f6659459d350c8649e3dc069eb0f36d3188e2a07c2ac9941cc1429359c66f90c928e65274005481e8715e5484c2ae208728843fc9fbc77d00d5890278795cb403862b2dd602071f9a206e7970c3b191b89553e0b14ba8ec33b816e2afd1a11ee8031ec3cb22f6bd730931ca7906eeddc1640908cf8afc228201f1f81b35d64d7457308e81b51543a16334accbc4840c444f21abfaa2b778663ee7e0ada88a58eefe4d3a1ccc129ee0b1e51e45fcf9920c09be7609a89d3c1791bc2c2c188ebab20fbf01934e87c918d11429e197289a60750c05cf140f8b886a1c140180664d54239373482f3a9f25c39c4f49e4bfe000cdb7c7d5ccd5f668336c1a3df7d68b818ab4f0488430a763ce52d3f650771965b3780cd2dadb3e7c87e5c2ffca290fad5760870d7ee14cc1bd6a1e7c3f4569cc3dd69ddb53f06e70e52af181f1eb6d39f075f629b59c910ae62368e24f0195d2b93c2a8391707353b7f4be25a2dbad29c39499003aa95e2304ae0e7871d5a830e06abb43e10e26261bf4e2c195a7bbe25ca4d4376522864759d8c6f65ce7950f511b7fa58449bbd126ba1127a665653402a17cebac906a19a6e9be3afba5920958b88d2459148491d44692d98410eb30c25e61039d10925297c25de6f42f0f39f774cd75a354cdf34d1987216a6b38d2b781b549c81c7a55cce04821a8b8c9a7db808bf87e2f93f5e6b8301673941437a43001fdeb3efddbddc9dce875f6172a0cdf994e30bb25faa24a96fe55d865b64da60a47f7930a8710bf2f9f976a0a988b82df214d8b914f03b8ff4f9d82150a5baf70ba49d5b2e5a05891206b8bbfff9ccc50396b7f4e5f4e5fbcc79651a0fc2bfeda608f17ba5730bd926e190f0d360b6310c4c9cfc620659807d5e8019ed11633debb9762f798857078a470b52fe4669b6ed0fee3235cd15b503f5210eb1b3a7ef281ada3e4dc3fa02ad5d9371efa87e252c89399c32330889890dc198e96281b84b01a17888dc29ec099c762d24f3aca2eecffc09393448fde93bd42a3676986f5828be7f63128f9e54ca577af87f4637c57014082b83cac8ef1ab00a7c7f4159c580a1d1045db04fd2d0f06a01ef51b3aaa9a28558f980af6f47730a927ea0d73e8d6f9d4f60fcb2c2d27ef39dac252751f57831b74a324c0b006e5be2e2cfeca0e5cecb155eb5201e40e7d82e3c123853c8f3f3de651bb9588f6f60d49b48d15d56913e21cb121550c3fb0b6537438d0b43bce94413cf2bd5c9829bd649693718ea61691838a8414461b52cedca7b40e31ac05d3ddc276f1698fddef1f595cc5236c90ed0980393d9f40e8e3a458650283f220f79bd0fdc6cdb08760e18e21e38c72f2bcc8d13e010965854a6e00e35e65be403da481a460554183442ef40e02930e8607ec6c0a863a7a5351f482e92c7acc47b81ceb39218bb20bacb128704e28e86c5a28a1fbe789973e0aff808239f66d8eaee48b6dde813efb36627c571ed8ba2c7aec52f5f1ea248669a09bb783173ca3ed211096ed96985fc2f05c779c3e3bd1d8e755ec466969d08c9aaeb8f6493eefe2970d1c69757823b42714c320717b8d1b1bb02da40b7e0e2019294ddb45918f0d8567471fabe5a46604fa7e7fc8474555a4006c9255c7a2c148e676b5bf1a3766943b8ad3b1c8305c2a8c176e58075eeb733553965cf54edd8ceca99531a2bbef3c683c01d4f0e1e40fa333c6929bac772759636cdfddbdbd6c449fe6ac5c38122160d914ea0b035660a2df9ff6c8b6d9c214f948d10b7167aac962de017631e2d948bc4ad94b656e8c73746bd91eb123f8bd160efac2d00633947a39e2c1ab8f8bb13a8bc4a326d5321b0432540df61c71834b07a6e4104b702daa431e984dc0bf7c3089af2cc7edd327913a0ffe33d4151bf5e3930e48e6b653d8cf9d7fbd8a1594e3def269109781b04b1000664e34bd9c0b4a787b1941a9424e6dbb99d01cb325a6221b3b27350a279c36b13f65861c509375469b1e7f2856709dd74c63baf8c9c11c983a85d0ee47b18511accb8c51e73c6ee12f4b131e4d1154fe9745453c2fcadb8d5302989219027fff4485d8a05dbe494084a735594774e701602fedb41a17bf04099a2254ffb62d8cc3edbb9da675202f3cdadffd14b0114bfb9b939b380563d8affa91c0068e854b91643b6212865c8bc22f0ac7f276f85df9154cf4f683e4bf8223b195557707abd57d7461cab344f049ed94d5157969f1944b9a9d15e4a14829283e3f7f303e51a4a03a2cc9036b03027ebc70bc530b0656b74fc04f3d81959fbaf90f26a200b709dae62b107c6d753174101803ea427e8f1432c02b7a8d8873b27bbe01612727e814bd6ea9179046a1a4c8d1c2aab372552c8796b33e2a0ea55d0fdba0f3aed8a8244b0fe4102a8569c71f7fa63dfac3008e639a6e50b2e704e37228e16d82d08bb360f56ad3d65a9b731cc2e0f447108e520a3fe87c6a2fe4eaab30d8c73c2f47b5d4ee20ac6c86a7cae309cbb47548c32981f7277927e85f98046b15830818aae70fc8eecf6259278d867d6a9cbf280680a0a39f135b4c6da63fadfab8089309713da6576262c17d3f8ff6343b2463e3e79fd53ade9e50f4a04d36b4b46f31a76d0eae975eb5acb990d308a15e31b583877983e913dcb769710b30e5272d29b77aaf0cd75d374365a6ee8e895f84c163996598669b40109b06a62b1c363e4f74ab85b50b32207199be22a969447fbf75a9d33a9f32c6bd0e8f78f062fcbab1a62941a28c96d138568c1363b370902e96323adff3c20294960048d0cab73e6111354cffa5b8c92d00468db5764e291ca1a866869b8dee1282d17e435e16a68675156f5bd35ec2054e641302a0769e889301ae9eaf3d45a60c78b92abb50c62214507b6834965b563473b7517d6a81a05def243e93ca5cb65cc01f9f7fea9b04adde21fd62e854dff4a2008721e2ba69c2f72657bd16676c5c9f948fac62c7e8509f85454b5a0dda2ad49d62e7c6006bcd3a0947b4fb3764a64b51da9727a9c219bee98c0a459f9ee67338fea6dd84263f046ea590bb1cb967173b4305910b593fd8fa2f4baa8b8afd30dbbca58627d39b0e499b9aac7b499ad8fea2d9a7962460b0d59d3d0a36c93cca0034446d031168f5ea90df0d2b71f2509b3a05b4289a087c5e4b5c60383309a6194cba0d35ce7544f5777932413cdf7c048e169e7611315e170f9e2cd490b74ba241ee1288fbb2fdab2299fd6c68635d3fb3f64f4f47adde1193aedac2af6e2cf75f68b513c7b077ebe9b9e67e603aa69b98bf003a0d53bee48e116925f82a7882ff94c7fa2a56b81e0a7acc1739", 0x1000}], 0x4, 0x0, 0x0, 0x4}, {&(0x7f0000001480)={0x27, 0x1, 0x1, 0x0, 0x1, 0x0, "2e40b2e6f0deaa52dc03f81617545ef12dc9bc77574faf43ba6289a065920c45252132b6ae708e987cabc508f37d99f9f70d707f2af4ee41dfad350deafa80", 0x6}, 0x60, &(0x7f0000002680)=[{&(0x7f0000001500)="5835da6de19f000b5c1aabd933bfb01ac1a03a48fae55c7197bb8b1802c1ee17519117e0de259a8a768b336d14c4e69d71d43aafd23682f85daa79fbfa01a999a4dbfb02266dd3965debba0499b642", 0x4f}, {&(0x7f0000001580)="202f3b053da8c42f24f4a037b96b36c2f477c0f323867de579e8be0556b16f59afb6fcc217a71624fcfc7690a282147ea7c75c12e6e81ddbb5b944801c007ca7c9a8bce1153a4d703fc613f1683cd2659ddda3734eede7a403cd3595834ad1a987f06a64af0a44bfdc8d3bcb441bc977e02a80bd1d68903c99771a97c272cdb01e10cc49a6135bfd8e64b7c571f44586ae45ac421471173385bed469dc705fd9398e86bad34612458ec724f88f1bc52554c8ae4f57718185094af171db31b4ff802c4878c6a9ce76d995663d044fb8a8147346a0c3e098d6c0fabe937d0bd1b8a853", 0xe2}, {&(0x7f0000001680)="a5e4b5642d9d606f72276f04166c77bda9ccf8b9c29794ad25e33eb4faa4001569bbbe9c90a1d7c1782e27ad2063807240b92d240f857f45e5dd291290b1c6a74b208662d8331a658fe478ffc902b6d04d758c69f273f0c3e4bef4faac5672b05cf94e3accc9e3adf19033f36ce9aaf39e35006debe8adefd4a536c3dc9199c29d3495831561e36f46f93fd57f50d219c3d1f536c776f4b1c27c031e7cc23fbe5775e3fb7e052c01e86af729a1106110a13db2b5ad6f3292892d0f27811dfba1267336ca6a05d8937a7f9619e2eecbdc7ed224182574e46bd3883953947b953f361bd4620d4207892f90a52c49e8bfcf165911303b1e06a3965cfdce35a5fd4f336f31536bc0c686faa5cbb0b6c3a30eab9426951262ab4b6af252ba6ca6dd8d75780da276a392e3065abdac9599a50b72846697cf4f52f18319686fa706bff20afc454527d074979677f40af1b64c511dd753f3779d1ab7d6631f28d2ff84af2df7ef8863f31d8a67bfbaf6211a29090e48b452d3820c4797d3b1622f712753b7cd5af50d23a21925979aad84cfb41f4083ae7d411ab794df9fa9f6d242677930e7cef1ad581976c64023cb7b8fa927db322a9d40ff222c7d8f34a0e582259b5e117d78c99ed76e64eecaedcaf46ce888cb770400ff89236424068683469ed6203eaeb153f1b9ff344b6963d35198fdcf72b54b7da4057956e0aeb6f9928fd22b13e776e80190fae81d0a427b78ba6e6767f4f027d49c37e5d4de59367097ea21f122edba0af2c6108f461a69bbfe4e0efb825793e87ec39706daeaf50e604ed9e85dfcfe0d54a2aa2b2ddcb548c9a08ae1bc3f03bb4e7f694f1f472ed56df136d33b8191d70d8ddf466835954abc2e7b25b1b120f7a1426da673b49b212f93c4cce444f4ab438576be81d1c5afe4680de4f2697b8d6887f64faa2a5f4b770040c6e586b15b804679579f73f88912b4efbd51c0659d1cfd35ba3bcf21ee3f0621296cf66723ac13bdb083a0899075c3d05f7e6961768eac149ab2a67e63b60a1d1d4e8d65e46fcf1da3f985d6566061a81675762847a27b7b386ae5261310ef72b36e3351a9a5ede34d094fc65aa23010ddc895e51a931927f7448b607719e0e29d325ff5ff6816b67beec148024c16bd450948629e76c64e49e3db95fefa346ae25e8f999a71ae533d3323d2b4dd76a8ea18991b04b0eafea7fa6281b397fc0fbb3428ffca41492434ffd50bd2e418855c694de43c2377803100d4dc72d732a688c82855b2dba79d2b53094e402ca1172b64b494469dc79edf2d28d785a1ef6452291a3aef25fefeeb599be1ab9c95d794ba5c24cc1357aa988071727d383facde45b4b4832884bcf0b05ce94bf74d4ed57b4079736b44e76e12b212b1e42c912b548c8c0390b443ae4836763383f68dcb9b8fa71c794e6fc699ccc73dd09149760722ce41bd69bc9f03e574d03aeb219d51ae3273d6227d18edefd2ecf600418e559133bd89f708f1e50f80cd60a1ab5aa2325e7e23cc3abc027208e6d86d546cf65c391c9eaa11b8adb72c2dfccaa61f2edb339f14c78f02f42cb5628709899061019aabfe980809ea75da3b22fe6403ab5bfd9c01271e038e3645a3bd0509a84a2358d7023307c74b6a8fdac1e62e29e05b10d47673ae77154817ae8f068a742762c1e8e947f2cbbbe370a0262cd021922dd5886e8e4d1e3388714e9cd36913154b343159f29d12cd15bc2facb4645d9066ac55c6952a30a44c7e19dfbb1a321970ecbdf8e1026840d861f719f1118394cf19f48b8703edd8a781ee33c4bd73524ceb2863f2a60f399255d9f2bf4f9a376dc0eb3ef323f76e25d3b4d65b148e94b8d1df8794d200b9777f47b0c660c0f7b708c26a9d92ba98647237d77dbefae70716ce4e40703442d8c869478083c9e21ea4dc971ae37b9ed4ca3d1d6e7d15537f85d98cf8159852bb87589297e65125461b2dc526904d954aedf31c049c9663a15b65b3b8a30cc5d63892b97b4b12f1adc1ce9d517ceba2e1688a0e2bc98cb87af68282cab0e19ae8fdf52537f0a30d426672d3e7efed2d3d96089d35e7044992f817d293c34cf43f5a56672230d261fa8757a8d9249ee6a9889461533d2d85e51887fd63c17d39f38daabaf6e77ee7adb7898496c03091175d03e77d443b9ecfbf3ff38a735c89ba521e830b5877d07619ff7f0d8b2681ac108d199e9d954eebf0e86ffbe3d4545871ca02243090ce0d2b3d236f02e4b2cc28637441f1b44d84bb9976ad4bdaf00f97f62e65495a8a8f248f1cbe0709010a1698fb90f78becb160614553b9e66012a405283e0ccfc385f35cfb0910038724a77d59d4263ce35904a525cd17765c15174d94c85e3ec9c1207e31ee75a57ecdbd11000ee7416f2ac96079ae0a29a2cf0f6454b54bf767ec190a4a11cca40e4f4a84feaec752a4a8ee650bdbf0d9630778b8060139935f462ef93ef09751833ae2185b71cb7bf5bad18a8bb0a06f087684497a8f7c1d8896b98efaabdad6c650a21cb0456b0ee1a995a0d177617c1401b8832fb79fd66873582ecd41a9a6e4fa08eff1ed1f6ec205a772f11c1f593c3ddbbc427efc2efbfb40b77e992b8820d27150861c574a01baca241e25d742bc14c4425585c58684677946207a9b248272fdcbbaebd99ca776b78782c3cd419c56e409584a2a2ef8ad9c9e55694b280c34c77a603dcda08795647af0ce09c97b076c5844b9951df3eb1b6e42b887b0dacf4cefca53c34646df8f6ebfa123b77e4737049184d7c9601307617a5c29a8fe6d0c2cd3d2ca9e76edc6a5025faa1f5f95a7dd1ce400ed98c0d5b38b9c28862450fb95bda3989c35bbace1b2e1fc5d28bbcc9b93a784bd28b7896edc089b425171009275431b34977e183c58ab8d75bfc346c754a1e87951481b6888c0648fb9ab0956b917bce868608b2ac2908e9de53f506f1221bf81684a5d504c15bb0603c4d13d0f7fab811413823d1b3f17647bae7d2c466d9b3ff8b8444ebbdf56685a1a17abc099c0635543a66cd194d624ded59081d71262a913c07536950ee94eedace4fda7f6df7919e9960b9a383da0807dfec99f91ce9baeb3d287e9f3b2bc95a46be09a366de2a1ae85921c8e9378bf72c57a5514ad4dd56a6fac2cc6ab24c295e03295890fc47bc0754cb434438abba272346be0a18d246949c1ae13633243071301b24221e3469d65fb81a312859b3c9d905e1ce2615e5539ddd027877b2be5cccdaa7be8f3e7f217031ce6313e1260d65447c03b8321b089624e25509bc50a4744751cf38d2140ad2744799ac79732641058f2ab1b2f975ac91a59e211d7c858ace1de9cb53b3ad5e801ec85c37c870d4ccd8b9c3318cda27de9f516deb51dca2e71b27c7ce88e5816c51c5b6b6a139d47635f7029d7ad7173ad7a3bbb1ee7c4816ef78125aebb326653b468268bc968267ba424da745aa115a5c5c05e73f1cd85e6f7dccf5678d8f1adc1366fd059e6c0665fbcf24a1af5a60cb7b315ebbd3d80662eb054c38cf1f26ffa07477aa79e397cbfb80872175fcab5005c4fbe821dd3723880282388e43a90b8dcde39b05f57ba485f14cf610ba8b30954ec54e82b68e321622841eec4f97ff3df05c362ea5e5182444906ef54915f468f30ac1e8caa27115eb271e7568cc2f944b0316de7632976098c4ef7f339c36dffbe1892c722b4f08fe0d7db790cab17b70acca464ec53659bc56cc5a8b2f09d2fd7357d1a8390e9c034b2300afa29766bd6a1fbe51fd05a2ccdc404f6e0d72aac15167469565e1f47d98a62d734043c1821fb6f57d7a32e78ea6f0c0b7e7c0ebb6cea5d0677a5272539edf798bc54bd2a3c0cf01e14f38136d4879bc793d0042a9189e805a65926c31236f087c73ae3db91ea7b3f1493c8d7c41539c387015948f5f35ea4462f5b39d1f20822fa03f3a0ddcdbd4cbc6540d42edcf510cd2d42757282a590f98d282a01c354f428374681145e1a63807c916e3893b19af1bf2b17a19ba4947fe86046bf0a7c3b09c5a3d14ad21e53f88ac89f821cbaa9059f262b88b7446e9aa64a5a4f2ab4f274ddd5f29afab522253e9652ed3610b949343392e2f099710e673c5883b883c8c59922dc41370bd16143cb6de2e43c935920791130e0e9405a3bc4e84e0e722b3b5a71f243477a84c149093b7770e42cf28de64df0e9531b38b53fe3b42445f40d6b02d237f3f8a9d403425b3e07907581b26b9be05ad61f8fc76ffe1e62e0b28daf2c6f94a4272f6806ca509bbfa8633542759efa78affdad0b14ed867f47a0163b697fd4be5c8420ea5435ad2c931dc8bfc45113ce9a4332b4410f2ba7b4e6be8e64b245cc6965f6594a1a741cb9fb00dfea5c6dd19c9ac9ae2de632c484a40aebc773914839dd113fa069b8d76a46f10922f390ccf0f1c5300bf1c20b00f539bd7c046538179c28e2065e29b1365ca67d31c24682261e0646a1bf93dcfa09393c13385644dbf8c390ac855f720c15280c28528860c4b6f873a27ddec93bc856526529439dc74d69d14550364501aceea859300ad60f9c38b1d9ea1252e9f1d80944f11a944d3f6f9d51044f79cdf8e5aa9bd908b40d7b39bdc3770d6e118a9ef71d413ddc3ff6efeaf33dc32359c089b85c4285090d7e8e874ea3dafe97dc67715a969969cf86a0db84fe5d928bc61c25f6d66a32c5d42a48108d23a5c4507285ea005d04ecaf36b4ea1696c66f47b7c2b9f53c2ed110bf1d1d5c5165a48035e4bb7b47e810b12d9186f1fb6b870ba56434bc67f0ed7f0d6c79725bc1fa6449e4a9ffc04e18ac5705043acdb81cce237c32ee870ac9112a500d07227ea55e94edff452160e6a69b97b5d9524577ebc96453b5d4fad95be023d76b90dbae15dbcbdd7225a6b3bc40c1132499997340677c7eede1870b62f3b32b947aea387689c49bf32ac0f935dbcf03c620230b33260b9c26e1b3065ca6abf6d4bcd34192910787dd1114866fbe052aa55c49026aab17094d21261c9a31b4d2414b364e951bfbaa9f89008dcec898c2c513bf2b896a4ebf4a80ed85083ce0be3823a38798321ff82ec962db99d76da34e94b31a4602de21cb5b34237c76a6b209787678fcf7e4324d99635d3916896db91cf9c8d9c3ab82b5f4f6e6bebd427f0d71430b9e470fe3087bc3750e6a61a2269eefdfc2240d36bdce5b914a61981530e1829eda5d872e78bbf170c06a756b8224db7aa63d7e496c16bdfbaf55c97de89ed7e981d790d7e5fd0dd8ea9a808c9043fa22a01efdbf6e3e159878ed4bb2d5309a8eadfde381e326f8243444f9115546b147def4ba87e27651deff7c7c8e97a21a2c446f3944f26bbdacc9ed52315547c9e8699fb95a0f3dd5ca7fe26083086f971258bd10404cebe974856b760408874de23d3d742bb576989dc680a182d417fdb10393af3fd9dfce2df5a58ee50eb2f09b6c43cef800e3d7dd15579be4b0bca63eb83e201f5ea79a2a136669e3762cd23702b45326b856a6e1ecc0642c47b7b4d5304b1d421c1fc47d869a4141dda0fc0a28c43ee54e3b4197a0567aefc6cc633f51470e0e93c1bb0ac8ff4baeabf651ca569d167c6ba68c012fdd88d1bce7c85caf8af8fa9055276f2841dcba795326e28ee60b4d3fd6eb8de55613f2e8513d5e6c85c8fd7fbc57c2ef7ef285808e4c68b12930d209eef0094f84510134d4ec0fdbccf4ffa8435cf77a973156e0dc1a06f6a9c3ee18ed44188cedc4bec131f5dec3357c2c7fb6f0920a40f5851da1e3d779d53bfe21d4f74b6838960b", 0x1000}], 0x3, &(0x7f00000026c0)={0x1010, 0x10b, 0x361bc11d, "30d70e2fd6218de62ad3a09b62a1e1f3832c74caab0a156a479c1a814040fabf11eacf486d4185c3345cc739aa2fac7a6752fd5ff3afb8e474a984832a4006e23e407e0a68c20aa5ccb967597a648028943c47bc6dafb016db6f0dfac8837ae6a9422f69d969c8e538806eb15527226f4dc23ad06415ce04c617b84a41eeb5b0a2205b0daeef873be62c6ac0ea2bbc5fc42a9eca14c9034bfaf746f93a91d731ff827abb85ccdb4da22388932267032c27c53858a88efa5eb074c4f0d326104e934c59156016663e0c4d43151af4b7c59bdd8781a9ec25c52eb30d7a5401bc5395fcc1f4ea6b954e698056f3cbb6b73090d55d561f251af92b90614aeb52303a9eb82688bbdea7546e4af5241b0abd2468a010522241de39b01726d2f1aa6bc95d23e6cfdae8dfdfe929fd9d8ab0d70c17cefa1095592bf949a0d3cc41317d8eb8a5c62914694856abf44a0658413eb7e6d1efbee34890379a72474c672c551c95d80b40bd50868e2c320af2aa852ab89ee7624fc78104f2f89fe9522881fa5a7102156088bbbcb0f0877ce592f9a28be1ee3d9d2aceb304c2806eac9e8b28c688886983184f0b9beb517136bf06f416824791884e4687e515a16f373f19b8cd83c5dcb5c34f1afb8d8dfc96acbaef6dfe1e4554a6b63ed5674d2afe8e6d1a9a5481e9d4c07fd8b3aa85c70063a63e1bbf1ac5be74a7c2573ee872dc73590320e1ba05305f0d152348b0e1637ec03e40166aac2531fe3b9fce067b4c04f825c41a1163ff6a0f86f7c69edbe594229f498d939f134e90d972ea2a1f83ba2c93af86ec0af832695077618136de4c35f141f9b97e2f808ad916ce4178b2a950656f8ff401c5df712eba0b3b0eaaee4920d9490aa3b64ad2bbce2b46b44b33a5443ba36e2fd0914c45384ec0d89482d4fc61ac6f62090f41a03159740aa62598dce1cb60f8a65f347480be2ad9e8101eb3bd03d045d632c866e60af94b3ab93aed9e58b2b06bf2162bc0658453c45f6288068fbd9540cb9253e11346d83e84626b928d592bf4432df22402d20e152a4acddfc5f24bfe9ec3cad2aaf17f01913ad73e9e39d54a8a4ff4647bc67c954476862ae51912aebe5a6cc5970ca0b5898f0ed28c70800d3c973c47ed121b9541bcbdc0a1a2930cec90d4b5aad31830e7507635464e888a7ee4de43f2411dea39725c2484e443291e4c637b07c3cc22317d6f90f91f42390d28de4860c46694bd6775cd0fa0462307beaadfd2320dff5559127efc2fd97d9f2ab1a4f728e43ffb0bb25c0a9d7fc429bd458ed8218d1ac6ff62b4077398767358974b26a47b63e86450c2b2bb1edceeef6c0ff306764115663b48950e100227b957921914ecf6c0e4f38b85bb0277edf609245f4fd67b4659bcf909a51d1dfb874244688f2b6a3727ee4c80caf656c3f731b5a5707eaca0521056682e76644da95eb6241c273f0886515a862fc2249012350a05eafebcaefd4409f0c2cfd6fdd955fa5394a24c7079fc0cf0d2c426c37b6da3951810a9035c5612428b77538cc4447f3a71d37cd7266c35500b0dfd31403b1d2b651d91443c923dde8914a3373370ab2ce9274be26fbd85faa645733749c7ad4edc106a8ce22b90df739fb1328db5707dae17a222f5a2a0119c42280d789d9cce17ab9f6b8fba39491496b22e7935a7100f00da4fb7405c6e85a218004c6f658d9f5724b34dd3dfb7b380fd4d1caa774a01b1648a353f845239c45bd4e28782d9ce601f9b051f96fab58b94c4322f58e537e3584f43bb69696baf2d5f9bb89cb8733551031308baac7871558b3777efdf7f598ecb540f1426ad05a92cb49069b06f57e179f624aa0d369bb43bbcd29a8f58af5d1e3604d4c685029a6851ba68402cd227aedb0b89651cc70754b59f6f75a32d3af3d13b1b048e8915175797ef71ba7365b6ae640a6f2655984c26a5b7e3a8fa6207ca677857f138d3fda4f908b8cc9fb1daf0424af67bb3820a7491b5c0697251264aa3cd3272808b4207425f4496defef3982ae8ef9927c10cecbc90ddec02e511c8b33e1d8c3eb4ff92f53d6adc323158be473a7cb0bfb040df94cf2af333158c291be27ffed787bcf7fc7da9580006be9db43bb32cb6648586877fabbe0d5c2a4e612a337a7ab4510ac107797251a958b2f8c2dd01e22286f6e7de4134d61db554d6bb75ca545f45f7476af655c06ff5069ca52236af2c638447a97e9c6517c56c82aa650fae88ab45e031e966d3f6b6db300d79e4a3fd21ab9523f76c970a4e9d288b545b728bfe866b45e0f34fcd8d0427a3497bf3d7bf760dbb0c98f97ceb0709ea39314be6ab8131aba2e164a85f4cd4573a26c735ad539e4d9c5b180f2ad6fd321dbaa277fd781726cdd01276ad7d5de658a9c60c5086877dd11712b6255fcd7af4fc9658024809e8f5fb7d4622a40592c8323075e86f3d2126922714a1154442e0c224f7fa088de2ac3b5ec0f8b7b9fb561faf0a147168792bc1fb22fb603dc5d7f654c4dc23235696565e79ebe587aa3eca2ca92e86b1d1177a4da061980e6748801ae36ef55c747e98598a6b88348d6ff6c8a17cf06e916ca7ba4ba5348aefdee792840feb062077debb011ce5027c60f0a372bada9dc669ccbf233a7144997928110299da474e962dbd9a1e5757d403c5b1fdc376764ac439821a219d184d514f241f8b4fdfbd2a637a72720fb21621d5e687a37e1cc104523e83df63209bdd3cc0308767bbdf796f82c7eb355f624ee5c2f62d9de78dcafb0b0647e9986175e1bfde63e775f837447cc86489693da14a95e37fa7ffed90ef5e8511891c5d8300052e19e178f6edc6430205e3603abd93442f6b8cbe4d4b1e8c850b9c84eb6ed7abf21257d1ac0f0abfeebb26492d5ffeb760b099b30142983c70419f23a5377c7e2b3b24c31cae49aca55fa8d28b1807315bc302c48668b1aee5b3866bb48b467d8499786d18ea6cad78e859703e1b954b180b976ab1df843ae6507e0f36f6daa4f57d7ce11738ba7617d53334229b5c4b97f880b988826d4a73eff412cc9f5824f7f40ae16c9f84a97721be423b84017c87a4d2f85d5a907b3fdff4b91725d05d91cc83b00627d848f55e0f71997f803ae2dc1d8bb34b1079d06413c1b3bec170c17c98e2c8811ac9990b6f8de2dc68b87e5471a2819130c068d06d74a36fec304065b152a1cef498bed1e5e157844b36b281b82f155106d56dd802167ef55f0b41a783b38c1e5e943a026883dc9434e3fb7899d4a2c422c0e54d88a03e29f557b9a9ba81a8fcc0df5e144731ecd768f2669b7946eaaed65e4dbba4ebb24d3cff2b6450e570c1c771a79c6c82c2d33b5192f601f299d9e58fa8d9261e47357059283b2eed01083dfe26cbd7294e002384d37c2f4df991865bd7afe49a7ca2b53fb98c55f53721dbf8b6fb238281c268faa1e8639c4d135acf4eacabae212316858b72abf3703c16919825e1701a07c943186b694919d3e6fb8367a3a9ebc29083d4bd236b21e009ab9728bce8c47970bf3338f2e2a6020434eb3624bcde31018844cd342fcde50ba33277828496785573d3be817257f40d787722f180be94457cbd1a3d97a884d3cec1a338656563b75638de8f117d872a65dc249bcaf8be531347e2ee920be641eb256fb6c64288bfd9d761a8a711985b45f0e831a4b4ecdd960c48136f34b0f1d864311cdfa846916b6bb8229e318f4e4c7d432058f0997f2e63e9c7ae01a499d34bce22537d46edd00ac1ee30309a45ad3fc5ef7c61cb7e4ebff8404cfc433e2cba80826fb384d31102bc51db5de9d0c1ab3d67d70ec840ed9319567b86bac1d2b8a71ceacab66e2e9122dc5cd2f576fce216351867f4acbfc0944d8182d449fed1b69bc544480d287c5476acee8f2b7c9a8c3a88871d9e68b33d195f822bab7c56aa796041dfad882c17c692895d604b8226319aa966d6e740576e889a2f3c03d687938b003fcf2758daa5f0e3b9fea432d564eb2426d379d3d0c157939751c3714bb17ea76177d268b9856f243ca7a9bc93e35a352eb9ff3e89b44a7606311916d6c98928ff238f17c47828c13a865fb066489ad40851d313ef6baebc9023894fe5c6fded257c7aa6fdbe697224647e21d36f607d739ea67ac442972cf07aa4c186f6db54c9bde5e9393e2afbd2a18be75f6b35bcef84ff7553a1c29d245a775d18bf29ab4a19d3e3950bf0546c4a6aabdfc6641f3b0f976ac010de650ff39cc8b94083188a79803befe24713092f20adb5511768fa88c7b5d149adcdca87e178be0fbc4bf0173f5017d96672dcfbf92802599a83576539fad70a36cfa0eff87064974ba173a9ef53aaa1885b802bc06a7a307f4d91c2a3e47b46c7d1ed6496ccefbd296594e507b1c6b2675997cc3cfa950790afa8eabb9f9ce852552fdfd9213e177ad38aa28cbec0fb0b3e847ea83b0757881d6d7ce0aa545c20ad95094802e8ccadfe8c5f89b2a201e936e7f5ffadeaafbfbc4138c45d958fc94fb40f8aedd89ab2e93c4c7608226c542f88356b8cf32aabc83160ca2efda972dbedaa05bd033e147b4e5befb898f1d251eb71d7ba7e71afc22b787cbcab440d94ee409538ce3343aa0c0c1a5858f04079aabc3262b836a14e97d939787b3bde8a5135eaa03024049c3b0b8b8307ada7969d8b331fdf961d848cddab59a792602134afb3a144ec2350f186f75cd734dc2b459cd10fa57cff404e326984a02b245ca47efc77053f74c75bb93ef75a283456fd69ff230777454603fc9944ca253593051422e673f549705d3017d2652f72afb57b620053d9c1e0a972e3e42d49953a7b87552fcf9357c7ec95d4bb50453fdaac393c1d66d4f0d3d205325a73fa948187ab664a5f6956213313a07de205b306f65ecb1dd132cfe1a23c8bffbc6de25a60a14c41567c53abebc1778ea6266aad624c5b6c059e121ccd216ede2347ae627575c0bd817c5ed43fa51f797a14b631f86c6169a82fb0b749b386de9bef1d30f34f7eb858948a6b0c7cc372b6a636b02bdd1d490c65e0f4203b81de24c94accf114e94bde0942689d5fc1416497e7cd6b9e5a9367a80c5e6088f0b76db69aec1ee2658b4f29958ab9cf6e5966e73e2d8cc52cb1c91da76f50226f104108f5ffdddfe2bd32c3c3355e424db01e3198118eff3c253f0d78a1d6972aefdd9cfe129eaeecc7989f7a348a99c58d86b6a416663cf2cf604ee0e9899079500217172c3f42062bdb8f3985b9d9b6f80ddb542c4dc3a5fc52ef18fe0befb33d66345ae3e5d07f0a354b055a832ffb4cfbc8ac67d809dc5399df99c127cc6bccebc7d400b6aa4e4338b29d9f7c57d410df0d7d96587522ab6c41389f0d0402b40944646b4183593a035b18ed04bfbba94aef1fa5665edc71e3045dbbcbd6abc01c2982245b309a218820e02f4f0ff31ad0f71b363dc9cf67bd8dcb6de01a1b6c85722bd50d01d728c6ab53196a7ae149a8ad2f44a851441ec2f1772c63f247ea954572906376665cd5cdb9e37adba576bde99f938a10fec25350474f130a9cf5437e52ccc042a08111635d6a27cdf40224b9c844af70be924498dfc967f41d66b8aa12489562b3f70ed4163ca2c887d478376e14963e650da320d63d82531e801e426e594070aa18f19c60762e23c2186dd9e3105e48d1d3e3f62cafcc66132895900327ef2e39abe7f1a68656fb88bc122aa18039f3c8b51829866fa4aeb1470b748e0541bec08114c2626cb3ad82e4b9bd4a5bc90ca02b6cd23cba2a90be78162d498046b2a032ee37af48"}, 0x1010, 0x801}, {&(0x7f0000003700)={0x27, 0x0, 0x0, 0x7, 0x18000, 0x1, "803ca424426f6a7f5777629cccf0587c39c6de2293270a9db24d5c83a82665fd90ccf59d6d80c072c1b6c2d91ffcb9ca4008b591a8735cdccb96b8e4aed44b", 0x2b}, 0x60, &(0x7f0000003980)=[{&(0x7f0000003780)="c2bef2188561b8bea6e62715fb0ebbd9229998d64d844ef7d89f0ec1137c", 0x1e}, {&(0x7f00000037c0)="665e11d8c9dd6e364cf479fc98d066563480d0043cb2b654fc587c96ea256a3d360e59129fb56beb82bf4a1069725e2bb74891f499df39a76964e1fd99fac8da3016d0", 0x43}, {&(0x7f0000003840)="2957e0c33f1ea34452ae40485aa7bf225fa0dcc9e6bb13712dc06e5b66eae81913a1302c4817d577722cc0e925dcb940c294228922063a1287f8d715e80f5019bb878d8ebffad5525c3ab90524cece25df15b206ceaaf3921dbb6f0f15b49ddbe5a7e6a79ca96dda7064665b8899a36b586b44817099eea10f09275a54e7812712f051ce08a14892a2e511e913178ac25b3ef35b78db1a6a970399feca40d173b80159bf41449cb27d372d38d4612e0fe7034e386b33bdff3305858ce0c0e3c9c0883b16741ee94ace9abe41048896b27d01c0", 0xd3}, {&(0x7f0000003940)="50e817b66a3f1cc548bb0583153ff9fea84d83d46504035b36597db09bf37ddd5402522892ab66f8ad44f1823ccb17d80c6e10047df99ea4c4c142", 0x3b}], 0x4, &(0x7f00000039c0)={0x18, 0x18d, 0x10001, "91"}, 0x18, 0x50}, {&(0x7f0000003a00)={0x27, 0x1, 0x0, 0x3, 0x66, 0x6, "0e4ed29da4217bbb3bc081577412ffd9cbde67b66cd942b3e45771c750bfb5f5896f1d91fa6d5b254071f348c71640172a8ef61a00b0d1b5d8b2f721a38725", 0x33}, 0x60, &(0x7f0000003c00)=[{&(0x7f0000003a80)="076ba860e3cf5036cfd82b78091cedeaf2e2c9c035cda216989260c10d18dc43c92ac19c13151a031e91509af4ed0a97764309e60a5bb6aeacf2dd51afbf5df5bbd6e6e09f0ca8babbfbcfc89e680eaa34b9cf06e6a0fc643f8a1d517307c4ee", 0x60}, {&(0x7f0000003b00)='(', 0x1}, {&(0x7f0000003b40)="c77d8a6413f4ff64d7b0ee8b982d24ecc069f9ea46a41c9190fedf94eec3b277638fd2688232f78e32671bc11d281b500f0197a38e7c568e125de35e2517ec08b348", 0x42}, {&(0x7f0000003bc0)="c3ad7fe24b89678e59f75b6a8b1b962dacf1ac4e654e5cc8b506e9251e1e27784bd29cfe009ffab965ae1914390f758f39e390ae", 0x34}], 0x4, 0x0, 0x0, 0x5}, {&(0x7f0000003c40)={0x27, 0x1, 0x0, 0x6, 0x9, 0x6, "b50f1e286d6e790fbf89908c861f0241fbbd1d88555b9ea650581fcef3b89dd55bddf13db22b4d303ba7b5fe84e072979c0c777c768cb734bcf35f328b070f", 0x13}, 0x60, &(0x7f0000004d40)=[{&(0x7f0000003cc0)="2bfd5c1f7983851e92cdd2859124dc5c", 0x10}, {&(0x7f0000003d00)="d33a9de939fb2f805c90097561843075b0b4a6fd3d7a9bdfb874fbf74e9c43e4ac8acb32aa78a029dcb4062d57a7051cc8debc5d71b96817681bff34b8eb25a26ba935de858f2bc6df5e93006bcd0b5c8baca8ec510db6a3da17b27348736028dd69e0818a07d183c8db1f2f2e78663d5acad9ba84e3c3c3e2e8bb89c1bb274d60bed4f4dfac7b15d47720f2c3dd213cd989939266f50355603b11a4fccf6ad605eae2aa66fe1102461e855ee92925a3eb886e1d6cfb0a139a8a7bc4500ddd941540d489fcef0cc777e9043d763fba085d8b5066615a4326ba8b61e826f1cca789d8b3370672918d680672cb122aadaa9657fc4e99ecd0a9617c035b001897a6bd0348d3bbed6af84b8fad11c74f4cecd009073fffd28d8f4169a9e6b92aaef211c4c9c1015b0bec7aad62058ec5e04ccab7e682e1566a7e7a8c736322137eecfd68eb65172cb437e006830edeeca5f5a9514a3143c41a4918536657ee9ce20c8451bcebb3cf971bb7cf17164bf961ebc00b8ecc41f301bbc96df7b0bf2c57fa2c1d7d501d13b52b4614e049bc29d7e86b89da2504e0441ea351cdaf0421c18062f0769c45ae99c18923e991874758d2645ee23e15f119a82ff21031ad4f77816ba08e58428b19328ce65d17c351acd74e7aeeee9e36fe8257b1cc94ebb46c95ca4a02b44b3662bd393b88b755e0fceae611458a4bba4665cedc6c4a2de728095fa57525bb0866df68ea0c8fe1201ad8a17b21d029178b1149a3af7b0580ec2148adfb45f12a1fbecbe91fa76a999d468e1e3b45378d1340a86d0d959195d411f8c0cb6893e4e9de83de2b848f20709e6580ed09f7e5ff3ac804e3e07801fc792f463a832c724476d922c8c8db1e1193c02b4ff9654fae508fb2c766b38edd0e768c3e3845e21ddd6fcf9a4f58c5491fd8e87bee09852b1d4645499835e2cb4292a0675fb430a7237d3751397c107d4d2c0bdcc8a9fc5274d93b973204e76f363c45df6d45e675e1834f213eaa138cd24c445b123b064ffc1a476f1ed3ea9f0d96236fce9b194cd3fa78a390720df1451e5edd68a94f8cc2f94bdf8486c0b701d5c9bcab885cbc8c83533a5673538a1391cdc3e220c61b0169e4ae5d9dbeb42f1976041ec036df03fa4de026bbc08849ac98145c9f3551da492dd146993641261e425541b8c81a7b461a391fbf3e3f6b68f50e6555638d4b5b873a2c9c27c62da1ad54a9f762de4bca7615aa2fc4eecc8337863a56ba0286e0820981f28a1123578aec5054713b28fdf2b7552b93dba8c65c0f1f8eb061986ae333bc62d6b14687c44e931bbebd0b23ca542784dbd77594dcd1aa24ce79c076e48f40d65f1d029ee8f6909741180a43f152e22b65d33041ca11216146a13f4e7a00e16b010eb9f0c9947826f0319511fa902c48aad30a96704874aedf38ef25c827a8b1338d533695fa2217431115e6e3dc67cbdf921b5fb808d19da204ec7e9485e7a5ebd4f5b42025066e3af8a7e7c7fb72af499603a90764a354bfb936b4c7e2cbdb28555394af4d5f9302f38b15d1e426279521273863cda0fcfe2de857b2656706e7489f11de1aca6ebb43f63567171b4cb6ff67a8c37e7ec0837327ee79f21b2a1be6367a7e7c78657678cd6fff2a731b90d0a04193d023de67b2e4960b8748ebffa5d36891c5a203788ee5769667c3dcd27516c775ce46791af9860f07aacc29815407bbcf60fe1c694553e23fac6b5fe7f2de2deee15bdf4691a8bc0b570571097449bc7f0256037e24110ee8ca58a6b421e7a16bb89efe510d78db5a92c60e14ed65abfed0fca45602b6277601a4b92e81b95e125da31f6ab8eb517e15e04e3b15cf603f254db71383883ca0d22ffb32bd21390f33600cbd3713ef57e6cf5d4e572c2619d5ffbca093b3ae585754d9cc6d74b17117f7af1fc5edd6f5566be6de97f6f1f50f56fdb98ab13c9209d9ba90fada6cd4c03b9089bdaddae4c5b4da01e618ddade13fb49f866e74cfa0aedbb36592cf8edb1cadb650c2fb4046c4aa5cb7eee296d588ecf8e3f8ffcf2a46872b6b0dc977f71a0690c3e96cb1c203eaa20016c41b1fc5a85766c3fc25b1da91184ed73e4209b7b81eef25d6ebc19ff5700b4a68193f36cc1b6f8f9a746182994cb13aa5cb9f910765168ef542a42c2f58fba9abf0ffd35dbb5d31432f8217a1e68981427ca9f5cb1e16799ab7b7d703d63120a154a3f4e43774fcdca4614046216c5799726086945952d1023c813d3109ebadebce8759513e53480d7f832e793059ee9d6e8d84def490b87bd50108886620a409ac942e3ac135acd0b25c224a79f9f6aff9c6adf802a60945c179aec48e85aefa92da2e768931a474d65674fe71049020425036ff6ed63b35579b7bd63007f9421cee6f1ea1416694df676d59cb84f052b037d1861ae13aab6436302ed0cb7cece34265d64986f95184cd0ebae90aa9da4399df481c7e553dee40dbf5774ec856bbba6e2d30ec5f25015fdc2fc6104cdd383d1d9d7fff059a21bd4d823e2019cc6a6ea209954a8d255c0581ffa46fc21e793678ee56416c38eefcac99f5ed4550a27bc55e1071f9b8462216bff6b45e0e83b0833b76df310734aad24aba6b28d79cc96405b96b61b9cd9428f252f08c19a36d86ab5fb62fa3a0469242679604ec6e6a32dbe1abb82f7d79ba37091f7fb76650b399f3ac872ae692ab5d60485a36d4477ec17b8ae2a918f175e082b0bfbe2ef3e7ecad9c20fb5aa5b3c2569d2aa9f6420dd6932184948cab744844a4b86b59149d8fe48e175bea4b4d4bf0c275e56207348a11cc1eccb43df0c129aa3751ac1fd3ef93f660dd1639a70fa102e756bb824e7fcf8af324dd9c1c8f5b0a1d5732d768247ef2e7a06bc50939e7b4f3e3b3c02a168077ffd5c5684578ee4ce991c3857433cd7eb73ee760f02400bb33de3e3edecf54193e92eac88dc4e7cd2b87595933e44e3548e57ae61887ca411d784db97d9eaa067aa568b7431ffbf511f4762dd0c91b4860a45ef9c380eefb9b7d1876ca410890fa5f25b8e778cbe8d98196633550f25b456fe6547d906829c1d45a5b35eb0def892b8c27d8cdc9b8e2cc965adbd7134d8d1e2b56227ecb2f9b8e4587452540f6aaa07f891fe41c443b98377a2102674b9d5a969534db68e8ad65ff884f5fc5905fc9b70c95c745e7716fac10ff36301a11df4663027f47d8a5ca2cdb955c20386b37348a37181431232aa7f182bc550bc04ac059734c96544c3a45a2f50965e487c707d81ed5bdd707a31a844744f7bb23630bf59615436a38cdd3285bbebac6d03b0bf61ada2ea99577781d87fb4ea9572cd3c6be0413b024e641c88764d1ae5a49455716de97171f56b66a56fc9eb0a19b63b53a814015c17b6319366514a96dbca9e0f968f0b11a15b39165218374c9e85bd251dd6510387bfc5bc245c2eb148c91fd147445c7384484dd96abca3ef6bed55f719238f28f7e95fb60944275075ab25349746f58493efccb32a4db6f994be711cb867b2131a903695502ad1f7b1ad450cc3efae89f14b5b221420b4cbb455b636af6109f1e46b62ad17bc012c42ad0bb43842f0696d3be13c842f94134c5dce74d8eb63edb196cb4c815dedaa04cf635a1b7f14fc0a54ee331d9987c3f711255240f9833bd69aa4e0f59101688d8a1fcb6bfc07bbbe4eca617efb51ba3e674b306bcdc16ff51fac69d578542ce35c9ef55190e310856bdaaec0557b94ec60e4e90fd938afad216e081d7749d856604a82e28cd2aa68501d84d04e4cbe7541c9a05f923238f58549261b93bc107b3b0e99639ab919792d53040107b0ad18e72a984deb5624085fe027b41b245e45f75197f6c8749e706ab65c47bdca219665476d437700bd562b5c70d3a35d6cfbf03cf8a976e55a2c70d39b9475df28f626f52e13567bcbcf96fea9e2f319578476c343034aef26cb4a19101e4c94d31ef80f33a0fb4cb95dc5b03380838a3e2b34ffccc69d2f2d712938db630617b3436e22a10099f9fb4bf2e9d42f66af846f77ea81c6af70aa26979aa84407322f5ce3ba47cfd976546e8c0820338282052d770accc1aedff40a7427c83f363458d8f8e3d3ceb6e5a6b4df8b3b452e9de80569e2d244ed59a2e14565e2579939801915b9abe729306f77aad5c9607cab407f34a377433a2b89a0876db8db06392eedb7a6eeeaae9cf78d95a5c9411bed65416e588881cf5d4b8f6f055fe1af153e04814b09abf8149c54b1fe2cbd924495fc3474ddec4e88b2089f31ae890affebe2b9155acefa8a7d19f23cf7e7c33727e216083c626fc9f0141d60695696e27534ea6dec668273e7001b001264459d0a7e443ca67aa67fd0992a88ea71478d2eec9c51a82488a049cda7be990634fdc960987af680bf23eb369724fe04e43253da25ae89f2d0a155059934b264553374dc68a7f28ac042e3904fb88c5fc7a5ce62fbfbe3a8358c919ad5b0b9162ce039283c42ff42e3b2e00ba312a8d4ccf294f93abc33dbc829204d96266b7368f1b70a38d125a7eed4eebe421c54c4b226d9a7ca750f3504aa20994cf143312f231c7b7cacf87fcdbf12636844662ebca0d9c626576861ba7efa6cfd7712c73b776b9e5f142d868e928cec6236ce6afa40c9e7c5d4c4702e878e4741b55d32351b7b26f14288e58814039a6cf64dffa860500f1cbe4627b893d25ff43524748ae5286c967254a4eb20f441c67757c03e77336fc5a1701d8b53d5fbe59b5c8dcea4791f1984fb2f19d2dcca9133531ee56df3f065b68e4d0c8ae382353107e11e3bb6caad68a1d4d1f76caf1eb952fef928427ceb9c58edd779a0a94083391fe9f5d10352b8c270d752fdbac3a123bf2de033a74aed53993cdefed2e587420f8441520cd3bc82d35c725fc7e83e7a62b5984eaac470a10f2e43436ab6724fe746c74450b28736ae1508b4a4c115207965880c055f507bbf657473f1ee938994cc94b633a9089c45bb5d504fd2efdeabf0bb9071580b0b46b6ee1a37c23ba74b164ab00e8b3d17feaba83805b50a80536b63f922cdd02d27827f919940363769ed0db1be5795301584f42331554426c399b8e9b9b7901e4cc98785a63ff324ea14d46367d4939dce963d6c653d8424678dba9722346453f5a986ecdf07892b26560d5009f89218fe170c9ef0e2ae979ec39360913889cf3448b90787af311da89bf3a686a98216ff6da812cb222b0470ad08d26d550add5b212110a5796cb768acf740cc12417e12bd28159607e38c2641d82b77bb6dbf5374b177e90c9aa2cf963a64b742b70b615211e3932342c2178d052a405c963f7c3aa6938a657a2b5d599eb038585e935f624580271497785687518de0ffecd4647eebaaf6663e53379db7c5d9528da2fa2ba59c6c4416f06961eff28a739a722ca8dc4184f6f83bbf8687ef75dfc65ffae6a4d2f9ddb654e41ab6c3d805cff6ea848f5110b8781b524b054748dde516acef5663e7dd0e6e2f2aeecc293ca913bc462484be1a8ac6598308e18874bd59dc09ad2159c54588c396a60c6cb83ec9c181e95c932617132273fc0ff7038d3eba653d0addfef7015c2fcf636c38199f925333a3f8668eb8c3252627fbf25029e73e0deba1d8dc8b9cc690e7a672908e8aad90aa5ad70fc4aa61f8a2d8d06d42915ad15096926f999bf7e8a74053aba4d2daf2bb24165c52bc0d5e188cf92f1716cf3861673b8929593d8d360b25bbe7d03e612875be5696fca7d96e61ad72c020d6ceb39324d09118dfec528a49f38cd13d6f105", 0x1000}, {&(0x7f0000004d00)="e4720b640b501ba4887355d71129a2771a147829d4ec65b75b57f5a96c19d674b1188c0fa7ce0a205b247d4cf240087141c0deb86af43d93bdd8b098e36138", 0x3f}], 0x3, &(0x7f0000004d80)={0xf8, 0x107, 0x40, "a39b8aaee31cd8c2bbf6891e4dc5b9b4661800caf65d148646401e8544ec5a52ab1d74ceaacdb6db5b79721d9f841eae33ac123e116208337480fd5e835dfbf98e18c8ae6468dbc585c605655c37e1adce33af3f2d19a26aad0489b9ea5873c919cf97eae983dd299db62af918b4a52690fd7b008359f9e7f40c26a9b028aedcded5f1add0fb4efcb7d87c67a4837efddead3e2e1d6508e59484ca3de94f8540720594a7ce8d4c35129df5cd634d25eb7b02dc79037433493a5415564dee311023395a0ab8b5c5af6ad5b4126833dc8e7d68cc574db3ff7caf59d69aae80aff71bb5"}, 0xf8, 0x10}, {&(0x7f0000004e80)={0x27, 0x1, 0x2, 0x1, 0x81, 0x8, "dbb646c6560e1d861409bb6032121f45a64b9acf20b75c89cdb713e952427e4f0ba2c95206a2408c2d8ce16c5d329f2af35a222a683acaddec94ea5c2c0492", 0x18}, 0x60, &(0x7f0000007080)=[{&(0x7f0000004f00)="db37c52e4794f7f34cd19ba325f609f74a238b3c79987a683531f026d209ee3dfb7b41c9122944dc9ad589169f6c855205806d90c2805030aa76a620cfe463ee6346c17ee0225dcebcddda1bda8462391b6c75f7fb8773824dbe8db2e7c35a2aede202de4eee177ac218711ee211632f54a1fc763881ffa84f740e6383fd1ae45189ff85cb8d964d7ffcc6257f5bbaf30236fb62ea2687602e0b17539e94923652001f00255abe1786f5d29e5ed435185f005f37cae9e165e0edcb9c7f0c6937a44664b5b0e71a521771b2a6f96ae1cc8ad48a39591e756ebc856fb8e0c2617f0228b6306798b2712011c39bb1abd8d4ac66a4e0ead1128c1ea5cd88b59c2ccdbe6449293dcf6e23422b898d2f6bc849e265e5a84b1f56b2e9d6f0e868dfab70104bed82998d1ec0a853b634122d5b9a5b7049eb96c9049f560df3299abd1bb8ff18be7ff3cbb3c5b0a8d4297ecaddf2072bf525e7bbe7e294c1423752bc32316ccbaca3119df12187d777770b5b8c74fa84cdeb622b17b430ed118ad38737f42cd0a27fcf3268f3b5761ebf8c32daf8ba4337cf81198a4d25fb636ba9fd5998a1416519c7f20b1ce4f84801a323d4043be6a8ed8e718fd0b57cc336ec83bfb01a3c7a62abfd331bb9f643198bb11c8c70ff501c6a75978427cc841ad9d6f95e35562cd8ed599a24c793201e3890ba7c35938393589903d017bb612be690d88a2ad2a38ffc270d601fed1102ffe81389f28fa224e08495c4325fb19d97eacbfa5c02ab8bf4e5ef766a4560bda07bc8fdb28e9bf82563df2563e9e0e4c1f499b9ccfa9b3d46b9f36cd920eadfbd851a47bd910eef3f42977904c2e1f70f2411b92acc5a3cb9deaf34b43064682e5cb37c54f807253b8b06265277fd4a81f99888ef3b4edf14a608b28aba03b1f759da3d74996065ff1f63136a5b96eda3f0213d3f7bc117f2dee8462a00173def0b367405173861a03a7559db71aa30c5fe4ec2e73ec5f6dba5ec52e8269ba5474fb2145216b3b3e4aaa6828fc859c716a5966e1670851baa01c21681eef1037693cafb9530b917fe75b9c830dfe6beb3cac60d7c5494a8ed16b189c6e95abf001ba8388b8a096d78dd8cee4dea8a910f691fb8d05645520cfbd6ad35e506ab0878b656cfe63c05aa6954acfcdafd407f01facb2568bf0390d7d4ff362685918f99c8461f70da850f59461212a7a9a07cea52d9ab06bb4bbead66d9a48d501063d76ef41f0f74a55c1091990ba419cc47d9ccc3c8417aa1b2594caf7a09ac0f77dc93f3f93927e5a819465ebf7de39e6f1211d95633195430b2e513bb3f8515b781e3286935a1a8d3dac17d076d3769f9213da23fb1ba4afe925bfd3053e9b58b51724847b5292721f3591c40fab16f2d7f43dfe4f59683e54c9e5cf8ad87e6faf19e51b14d400635344ee812e4599b00cf2c6b3cfa49800a0a929ec178e18ae288cf02f32542221a7de76606891f4643c0ccc27505ecb56bacf946e4910315432cf590b82073b0c8a380fd79b900e08201d7ecacfbbf2a5e448e1c3f1cf836d03a7e305ea8fb179c94a8ebbb97526b216724f319c200d6ad1cb9650023a9a8888f7445694d2b9ccf54729839562ae7fb2ed2caf6cb9b688b4b87fcdf6b61b94810d67e52633aa005917eaf985aed6d04109560ed94766d9e9c851f7faa5ca1238a59cf6b64225896c82ce9d69c37943ac93a0df5c4715b86820e76ad6cd565c5ad9e919a47d6f6d505b9ae742d9d6aaf23da618495943ecd29a5e3d744aca8c807bdb879455a96a3485f09b88f9a2bd71b2eddcc726532e51e7a79e8292249a736443183755beabb80636d106ca8a688314ab741b91b1ec706cfd08da12f6796f6d51fd928b8d160112e880e3e581abbda9a0c013d3c1db18bba01eb6bbd76744dfd6c1c6613bd9f180dbefc26daab019747fb84f350e92e4d1e6fd515575286ca9faf7d232f78b4390a07508bb5b912a848449caea03897a502a87e3f023360b184a1b132d045d2dff783d6ddace1ba43dcfbe71166cb77d991b5d61dec7c07cd57b5d1c81a85c7e4af97c6284ad88c766304d527b0e105fda2d17627ac9a6ca8bd5a1c6969cd6b181c1a1ac6391d3e927066d315e9895022b433b8213d14474317d39aab7a3d5713876560bae21bbadae114ec929a8b49885c1a483da452acba4498126e1b380ca79b82e620921b6be4d984e33dc05a7c177d94c1f92234f8fa7a916c6ae03c12212310cb3e105ce7dad5ba1470ab9e1dff6d27369624520b5a2b4b59414372510073cce54506bd46a0b93a6766e61dc832b6ce37ddb0bd34d19a3b20c7166b6616b324f9f55b9b13538c15b46ad89b24ad7fef9953a1f9e5073900650f5f69dc17a37b617e208434379d319d705d2f8a61fc369fcf137d1c39733aa4e329025f20c54c4d29880ee42bc07078d19fc7a2814ab0bb70d1d36800bbcc5201c37f367896db28a10fa7c93e73b325b8d2f519f314fb857c7f812d1511c3c90eb5ee1bcfd24d8ea58f4125dda30467111918dadd33060fbd5b05a514a94d790fea3053757133b780d2df1be7c7395c84c9a2bb1b1d49efbb8558c9097574ccba34965f35c5f2c25e64d257d25cfe2701a9ae66b805fa5477e7d864a5934eff6e064ee67d0825b6d1c1fb6e3a37f8bebe732990cc7a5cf6078eadf48bd23cb0c250a29d2ca0c63be08439ee7e88dbf43be6de7236e641c5285cf191e872663d6d3b39ac53368e2df16e5cd37f143b3da22d10f496188fe71ff594d232a4ba97b02efd47971ff85c7a7b15156334f82ef5cc574f7d8f9b61a47b0fd884db3d93a84a5301ad899a3b712ae37cb045577af2395a253820141b2ad46f594ddf25e6f5fda5d51076ebd8315e3ac50910f8d430d92dc8ac84a86a7b22960e7c9375cc8197e0fd8975fa2e5a96e87b08187f7429f1f02ef547e75b631a3e87d941e4a3c65234bad735380f28d8c4ea39704989b54384b814697e13ff73ac156ea5f7a9a13f01c1ed1d66b53692a1b245b97fe099f94fd6439851635b246eb5b3d34a66d9f780d02c4f607c8923f991cd0fb579701cccb91bc061c05e147c346910f546d478f8ff9546b27fd68443cc67a286d7e90b59381a7a6d2552447ab7fecb6e7c81147f116863fed5eddc3b348b6c0b207ecef62ffe6657d50d38afe6af9e54c04460336d03a28890bd408f63659990a86c436e01819d22eedc6a0febb5b1ab67d95b1572c9b482923baf09a7f77f7d9543258706d14716bbecaf7a733844b4dcfd32394d8ef9d1d1f38906c2cfec0b466b493a61473a316bff2dfee937d46b8038a92768c4d16f886a0be47dfb8d679c76bc6b27cfd2bbb48faa06d9fbfc3a573fa35f548a61f723a3419889b9730d08c2ba19dff5f42d23113b38b65c93328ecbca4dc548774fd1363b40557dec30cf2f7bb29ced753e1c02e1ed030741db70ae067c027f0d82c024306c4e906737f7f082deb005909a2966aee8e95fb6a2f5dd37f2d64140313ee64db3b4eff6892cf0aaa54b8bc45906639bd0c607c71ccd71216c22cfc4a2375946272e6f8b9290a622d269544467b0ecafd277d5ccd7fde3a5f0c2380fca135c393d8ffff0ee4d94ea50ac8a599ba187cf813b4bb2172dc4406d1f26c9a4913602c4dda83073a9a95582b6dd295b764d03618a9d0d80b490bf4ae7eae175a295e3a9af2e8e4f5db993cf6088d8ec995dda65325d20735d9a1b917c9ebaabed13ca6f10eaf4d16a306c6c0cd833cb72453950151c2e408fa0a3b7a255ef2387b9f9b741cfdb085b7fbbf9430c2fd2b3ec75c319976190f622643689d2258466f5c7cc277450cb91b433be906cfd218234d145dbf48811d836f144ccce6b46d0bc08612ea2de973bee2d0e356e92a48d6355036688395c6224707ad19aeb41e22a5d2d9ed6bd418dea3eda87e33185004bd67a903e65d267089e2268b007c43d35307b3a195ca3c0083cde0a3ca5341c58d6f03b5a6d6d706213fbb80f892e897dc3040ca856d296fbba706b857d9eb2cae6e8737cfcf0b70adcc3855966b919b6dc66c7242db5ecf7ffc1cb850ccf520da5ce5f60daf629b9cf0599140a6b284866815cb1dab6b782222262c4b575989c8d3ea7549fd1cf9d69bafa05aa05bffc4cfb1f022874acd8da04fedd865a23b5b8e2ee163a5b4005a723bd147bb83cbfd1f2bea6fffd06b28e8c055c8dda1410fca1c724afa80b35138749f16321c4c4cc5afe4f0191d4934fd039c1fb8f570cf4bebdc2d46d62063cf357acbe64dac8a3aa8053b8098cded60c6847d80843c4176134e0b22def9366405a9466f2aa30b8240bf8755cc2eae74f27f84a302aec1e19daf0bb5181f8fb131f4b6ee41b6a0b8be032e49a5d1a075f867d698f92244e8a0bd4c52444b767dd403027b4f8f8f11457ff0f8c97dadc4618c9c017a6c889533c93fb2b9992e8c1f9db4f202c8c4a34cd504f278b14097b90f2afabf2f7caa2cc0fc9087af8ef41482b6946ac9a606be6d8c7497a241f209823612152c25ed7982c82dc056c22c2eee05229f0065f67117c659815d4d407ac950115161624034fde1a5c9722440b2bc0087beddf800c8bbcf51ad877a11f607cbdd666fe14e2772d8f9031774af22529e4834950c3358d98ca30ed1dff7fff877e71514f8bbd42e1e3af2bf11460df8dcc3ffe0b903ed685ac43e12252f7ac58b6e8267b769319930a4e93b32eb41d933e1bed334d4dbcb987f740ae073081b1effb47706e72131a8f46bece95d9f972be4cb9f051ec61c915520e8292efc171b52800ce738252bdd1769535fc44f61f8dfe4cd644c36d9836bb34d570f3fe9f106c78037d868f3abec0899e0fc28a1a213929b6fcd74b23e25f0335695bc7c5ca1b109283d4e7e2c97f5357e7a479fedc7ad82f2825fbc6e16fd4042ded47fbb0a53695d4bec8eb738f51e4da6d1bb701295e7d9781b52a95d2dfb944a6cfe035a1187b1d28612b8dc4b742329b250a817cd3b2fa34e49fa13b680b7b49cfac8408380133b14cc7f40b369441bd937b40bb302241496342dfea61b97d19bd6d68e050faac5862852db778f5aa9be910797bacf3d575e21a25dee1e284687519229628e2f10b0f9126eafe7ca15edd4016cac4eb1beec5cb231b2495dafd20d27b0210d15286cd13f705e675c2ec8327645f58b9f37f7ac81993617c85233d414fb8ea6af01fb329e9b7b32fe98f3e6c832bd6848e5db873d51bdb91fe963ff4a9b35d774008ab114726176b13a98bef7ac21402a6dbd4f76f6059309dff6e3a158343618364b8f6f17a01bcc627c9961bdc3281caa10f1812fea35b606b60cb62f320282064907e3210cbcffb8cd13927e23c79e60300297507e8d663cabe862bd43e31899360667ca7a88bcd6a2922d6740e9769442eb15f09df0a9cee53949156d1542591287e9e760ca6c4a8d9c6e856bfd006381557a0062f1a140a17a7e7df79c1d54ca272ab56562cd5aa915a9d6be6ec187fa4dac11308fefba1e55cb168194fa85ed0a97a4f0c39f6ba8bec11790da10f280c7957d827386d6f453a108adace4c0c138417ac478f31a3b67c5d3deb38b8acd83b202a66ba5f6b412e68cb9c45f6a27748ba93e9706bf708fe4063a3af64a1d1c06456a8aa5ad41a40177b918884f998a56d04965575941efc3861598724f0fcefb2255071b0c4c6d90394dfaf085adccdd89c9db31eeb8581058ca91d006b8772de3645342ac3529c543774bf4dcee6caa8c95fd07bdcc89b0004036756855942d551", 0x1000}, {&(0x7f0000005f00)="1565d9c80c0ae256322fa241b1eeba78b7a554beefd369d6dabcbd507e30514c94890f6701d1dcf86863a21c574861b539159923ba9273f5b9ec43ae1461d275a4561562d56d1a9d644798e5f7a84abb8f1d2517e28a5b990ca0af93dc088a52b427f4cd6173bafa71ae3a30cfcdd2d35680beb5bd7db044", 0x78}, {&(0x7f0000005f80)="63f98fcbf8a6bcd912851fdd44c73dff251fa608193dab57f82cb7b733bb6e9b63df29c46e8bca83015034f53631b4c8c54acc6b97defb7fa070348507fec2b239ce811b79b2d56eb523cc4aa7d81ae6a765543900ee314a04da186e0dc0cdb1e9b32e9b495edf2f346303ea25ab7dcf98f6a259ddb5b2cc5f693a1b9a21c5562a02f9fccfea17dd1e436586cb0e7b4bbdd70e72fc41ac80b6fa8ed484664b42a0e50d4f25d8830847df18f4ce6659eece1c4d2cdd1ecdb0f1a37ab8e0f991d8aa052eac2c74c0416d62eb1c06562068ea569f2f3c9ec72d8a706dd75ecc16a7a2c50244380e24ae7be937b0edc28a3f26a083cd332c7a0f4a8c327af20fc94e405fe9e2dcebfe689e2f7e53fde6a2d38eb925647689015a45f971375de8a1ff132e1da2aafe995dbf117c5f160465e9ea7018207efa78dcfd0ff2441e42aa0ba1ed8239dbdc190c097a3f81921b83da5f805eb2bf302f33aba15c85f780143b100d20b4a4421d9a16a01f0f1185098845d2249993525c1f93d812688bf76ce12540a0fd2ef8f6ca47f0f1be1532c7335ac1586f90eee7503f78cb8a77c8fd2d700e48be37c31baf1596aa962e613323df3d982b3aab5a8894f1fc186055d83725135077ef2fba22e86663c887c7c339a109d5aa88f510c04571c942a16099f6b9962b1844a1788f3a9453c40a8e6e5758917f7bfcdd62e29d4f520d8ba97fdbbd57f1cf62bc3be2101b692be255b1e5a589c19f1cf284212330a2740ce92a50e7f08b9b09cd9f642fb3130f9ba48187f7bb78d832c723b03f4a6d156bb7b4f8c6f3fb6bd4a5ee453e71c9ecb5cc7cdbdb6fbf56905b9acec9872b83b0b953e6d3ee4c56597b0a41b8ca7fa14c347f3a5ab71639f1509915c6cd5853cb7f206c686f9792255dd65e70c8ce499940bf322cf1ac37db2a77963a7c76f9bdd8e50002dcddd121665d9d740cc3736292afa493c54849ad680d1f892d05b757fc121dd70ed9e1891ada8fec97db21c4dd25712dc76d2d2ca1fc198c2282fdea4d1dee3c9b06a595a0d32f04abf895501dab56cdc709285af1222f89c868d72a55d00f3c66e0a55480e5aac1b6432173e4984df70a83cfed2f6c2d868bd44a24732e5cebd435ee13dc33f2840f4da9ca2d5215a68620c739d0fa29d49d8b71dbb14b234cfa00b0e756769f9976fb5ad7f6f6da9949c02f974fb538d270ebbbfb7e1bbd3ac5529c418ec438fd47da2869538ce29ff953c2e05ad54f3a2a02dc89ee349368775ac1388aad5927432c6f5730690add808f168d9e3ad36d620cec8c444c611faf2b8713f536811179fd081440b24480618e9c025199083ed191baf377cdc0b2b47aed8bca0323c0a83d163c608458f0fba76c34e6396e67ff00671830bf4ab2cec49b25226c440a7ee09830b18178af940a97937cf012a7d0356f5d4e4b1c65168640eb75a037c5335e97395e78b04cd5911b50ae08799cbecea4764c1cbd61478172fea8525594e9535b12e7add066c07ebee3249d79634e51ef0963230cabd29f6569b25f34bd286195004a08a4b5cc75fc8e493913efec84860457d1b3318b1822ebd331c6543c9bce11ad64c146fc656e8fc5b0e769a0bce71293a374d32b945c907fbf05034e399d810a752c4fe0508c885c3beca4955998260b292ffdd9ec63bc7be47844374fc1b9091f28d1df05bbe3adc3ff083cfdaec268278632cdb7e8180c9252d3be72deef73b12777c9ee6b3d25e0c9f119fb08965ccdecc7878ecdca0a44aa36364899a8d862eb3c5e05a0c59db8a6c080779e7115b183548c652cfef01a641f6a4498010df3dfe1ad5f33a8f9952a65caeab6934c7b50be26b71a352b3ef51178df92819cbe4a84cf75ae14fbc1df7716e73da92fd5e96c6c66135eb653a2245be3a20cb5baf1d4b4fbf9568ce1e9fc26008bead159450b9672ca7c73f4fbc9330df86a9ca5c9beb45a06525800b8512987c042400a4f957cea794bc3b735f6b64a861564a94afbf4f2ce2c8aa993a38ec0154ecd2ec2264f9137e3fffbd4639fef308e1ce6c278be0883b272b4b6e930f34b40d4c65aee237c464aa7e6c147e36566014e4ac78085909842ee5ccd7cd59afbcc2307199fd28a26f6ea7f080d1d885338ff67ab6d579e1b6b04ddb20d4223d5def43a829b67e61995fc1eca20bd898bdf235a32e4e228687d97f95936b025380fcfcda5935b9aeafdab1c55d2a3e1271618a46b4c6692eb006f9aa5f411e0f8c341e67018486a9bd1803fcc5d58af18ee2aa7857d7703f9904fc9fa7359cb41f058d11f075af5e66ef7c4a71c5bbd39ea6381a61a9cb1c37985ed91b998d7844487590710402759aea5ad94a2a58499a7ef107010143ace9de83c1b8347a654ea3970541d9a595c818cbf67bc0523c05f5772e38f9c4c1f811d12ebc1e726f3885fd0174d91e0f456e43809f384fe04f8a5950d5753910b0cfa8f4f6203ca77faa4c31ef215e2201801f35f1cb6721b06424f56faef5f138231d7239d66b5af5f612e648459ba5a974f7d22e95c04dcdefd1d0b61a022c9c659fb26061d6b4bf406aa8c009cca407510eacd17a88f14abc0f6456e81c7d810de750d6fceab7784e4056cf3da335df54519d0dc3cab88d1252d23cf1de830388a26ff4dd4f6202ea0adfb11e3a301eaabb4e865b7f1cd4fe337b3cc678d9edf03212a710712508565b33fccd1b7e7efb77aff09992b592003d1ddd686ee3b54708425ab89e22dc97dd97cdd76289984f08b607667e9b309a42a44091893b0e96375bc8dbc910e91b99d7d790166c8937618dc1ecfdf91902e288fcca797334c579c8a327b44404403f42b8941ccddcec42f8505ac89e0dba3efbe12e5e40fabc19597eedccbc1e8340576a58b2743127e063ac38d9743cb4524a6238ddd6dcc4b066652dca745b1a5580b2edee76d71ac1a420a6b846d9a3ecd2b1290350d2ed1de66a2b1a35c37b3da9617f9a8bdc38fe6832bf822e476eb8f72c391f69f62d2f72613ff11897d0ba8c88ab6367e2c565446bdd660d54488d392de3a4c2199e404ea998aef019c1c89ca0f67528b4afc59f3cd522f28682ad0ffa65fbdb756895c6e11e991ee9a0774e9264121bfbb943de17d5aa2d158700257f4e070b8e84debfeba41a9da0bdac4329ffeff02a7ad0a92184af57b71125fb8192bc4df4e8007d275f6532418e93539cff30146d8faeb3e2fb714ec305573053fc41069c60be0b3cdab0074194cf80c586b41659b6a28529c119d2b195a189412f2aba860256ac722e9811fa39c5d7238038134510554faea50e1a0ea47b2af5ec0eaf46700fc7d45d5e37f115d5cbf40f4b14d0f2231fa1c15cdaa9f8709d585760c2bef9ab384e9e1a78146a45013cc7eeb8defdff4e18317dcf0879a170a68ad7ffdd7287d5a64292154dcef15d32fa97bc13283b11b92289f9bc29361f74cd6406269bf0ac9c279cab30d6e96c4dad9bcb2fd705a39abbc726314c72a43070f725a49e2948ab5747bd171056c143b97e25b639d3650b6ac0ff8bd428d91992c9cdf05c8d87c992a9b7be025522b89d012b396c980106ba04f7427e9c70cbfbe2f55b75c1f97c812e4dd6a0ad2507b675d945a516c561ab75f091943910225eb1c2ac81126b60e2d202ee4b6d7919678bb3e1e79028896027a114dcc2b291ad037cd8bee8f86752f9125a3df723cf12b9eb8b997850229cfb5bf22011b6ea424035c0fa5ba20d6e8d7b6dfa4fdaf61adba1faaf5d57611802573c66b4b73a1a9ecb8d9f64547be2a5c8e95e0a646e8501af0aaf26a87c6e896bb93a91a276465b7aa9310ea54cd3684d74e9c2979f1f59403f1504336c1e45d409f9ce05a55d0791f85f4966d38bd46ef6ebc8fb5f93d8d9fb09d295160164abf5945984b4f87b97c3f6788d0dba6adab14460d9cf9ecb7e6dc5fbca5cfc85304a5b125f88b4788693cf33891fafd8fea7b9bd2ee4ee17deae9f43d9cf16be33c4e6c61c631eb2046e245502698c3916ae4dd76300124eec3d8d3a33f0004a89141446ef1bd5a5809bf254c777fea2793fb8306fb1d1b160fc7772dbf3e8a1cc17b17e4b200019564c3994a53ae2a43ce0b1b0d74dae68a9fc738f756317414f010f7390fa10c551b4414bdf86092a0c90f23dd837722dd3ebd2df130979fca47d5478f0407d24482f1a66fb05ca967a819f0695b1c15b3c7cdc40a07699ae1235e5872aff0fd20849da5d42c176966a4e4f0b0add9415e69fe7ad6198515adce8a86c6f862793b65c72ef88d7b816b26ae6f18c8f5cb49eb00f1831af87a426f3e763e5a73394e21a6e6297e1f997c60723c75ffd248f985d9972ce34d6c60a4b2a6dfdafdc13bc7cd7e7ef3116d3c5442bb819c5d144784e4199606d2a7bb4fad726f105d9e04f48bb04f3d699b8089b79470f8c2cf0eeed33f36b718cf5e4e7cc290c6b94c70ce6ce70ef5d1226886cb4d6760195e96efb52fef640a0d345c129d1e3360f61153b0eeee068352a2f8a6e889cf885c4a7494469d54fadba4ed953b4df753afef682c4db4676029c56e2648838130a58bfd1977a8997f11698aa9345f0e802071c26d87e4e1ef4150c0c85c07d35caa1cca7a731ce6ad3cdc2d0f2f645156c5f9375f44c19544e2a342ae30ccaf487d6ae55732b6bf76113dfed0c9977d2eac76dcfbea4550517d51900c68ef2f4f083c4072ea1cea637dd91bfc5297cbd04c677e7a700465a1945ccf60425bd9178b60ec65f6cfde0a5b2c9699db07d124179086ec6ce972ad8052d096ba0f68fc1585e05347561e06bda0253adc8dfb3f4a394ae20bd031b4a8b9daea4fb1dea737375ac2a9830061b45fb7f32d13994b3aa47935065688289c77193a88ce20584ebae926542def0b2ce3e43d15d9462ae066099ae0be1c3e216e9f719b366a126abeb7e0590cf2f17ceb40850bfa8383c5094f9664ca56c4c3e074a6b7a939f40bbf39fb65de1655043161b7016ca9dfb2c561df376b7c784d05ec51ecb3db733403b764517459340f2978893e35d3828dff5b8cc6e21369ddba56ee3a24b492e17443a106f1afeb32a0b0e97e17df2d708cdae546173454ca21be0badff700d2eb565f8518a897b4e62e655273abe5353f0281b5e844b607582db05b2a4fc9c6d0290776f87e2edeff09146d51583a14a372cc77cc675b7821d1262b0dc5f4339d012e10eef1e9e144c6c81ca29af9fe3ff04d9419d956d9d09a27374ca71ad92be8992cc0d292fe3ec248ba9982cbe5c4245997591968b8bb59b79ad0d9b1638cf3949d198d6eb9d70eb620161f0b783382a9eee4fdd155a02b68eed6b13e219b5bf7f86c8d563f81ff212c4ea0930055e7027e96b6169f8fdd84940d1f5062a265aa77c8c66581c3b9b289ee3068a639d300419b8d482fa7d50c10dc065780d8a19d335606225d268638b4d48a5d404a3e1cb86e7e1f03bf2690cf052738a4a3b064d012cc47030f730ed6ffe5636076515a9b9e6ce6c1e91111721d7833bbd38485ad11efb5d9d7452a49d2fd2a9124afe7bbdbfd85f3f80fcf93605658bde8ba916e3672af2909e1a65f97badacaab74b83e67490b2fae3adaedca4413b00cf64fba820a8f09a33a37e7a46ee883e19aaf57b3ebaaa82b383df9a129441443d968def9497542bb1f07806a84de64f83b14519024d7ea5785b3b13e00927eedefbd422efb0927511f5e4a186b74e8692eac5d50ef072db125a7ae1e44257eaee84c454d8778e4ddd3aed2387fbd56c34c03b6698cb87c7bbac365e09f6", 0x1000}, {&(0x7f0000006f80)="7d8a110caa516d3b035bbb91432b825c217d9d8b242505470e1a34", 0x1b}, {&(0x7f0000006fc0)="933d9e46a99d3de5219caa6b799a312550ab1a3eb87ea511761d481da14b718a3abeca661e121bde95971b504cf559103a19c50f3de487d917f4638cc851c1b31e56eb046c6cab0b00ef697b111532d518b870ef2d17bbf4134ea9c7656a89dc6110b09c0e70efdf15e139d5e99bf7942c28eac380f4801d727539552377e25c8bce91197c5e2ba99a14fa58f51db4df7870041353654b19713d13a05566eb86b76265c03438a062cb11f92665c27fec", 0xb0}], 0x5, &(0x7f0000007100)={0x98, 0x103, 0x4, "6aae13344a0c0f25b6d2ff3ed45e009d04130da39f993088fa55eb640243e856e7fbbf9d33a5a67d91d33d8469f8b31eae984fc079a974ba6cdaef22045324c9f0c6cf735de041dba84573ef1d45f75ad3053db8420e046488b20b0636e2fae6eb3c6ea05c4caa5396ca1ed7c24d1145e601a8d6d5276bc3e41ff295165be5582810b26d"}, 0x98, 0x4000000}], 0x6, 0x24044095) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f00000077c0)={0x4}) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x8000, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f00000000c0)={'batadv0\x00', {0x2, 0x4e20, @rand_addr=0x5}}) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000100)={0x6, @broadcast}) accept$packet(r0, &(0x7f0000007340), &(0x7f0000007380)=0x14) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r3 = semget(0x2, 0x3, 0x10) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000073c0)={{{@in6=@ipv4={[], [], @multicast2}, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@initdev}}, &(0x7f00000074c0)=0xe8) getresgid(&(0x7f0000007500)=0x0, &(0x7f0000007540), &(0x7f0000007580)) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000075c0)={{{@in=@loopback, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@loopback}}, &(0x7f00000076c0)=0xe8) getgroups(0x1, &(0x7f0000007700)=[0x0]) semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000007740)={{0x8, r4, r5, r6, r7, 0x40, 0x2b8a}, 0x2, 0x8001, 0x1}) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) [ 1028.881162][T10715] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1028.889464][T10715] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1028.898018][T10715] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1028.906761][T10715] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:32 executing program 3 (fault-call:0 fault-nth:32): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0xfffffffffffffe0a, 0x0, 0x0, 0x10, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0x800000000000, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x2, 0x100) ioctl$VIDIOC_CROPCAP(r1, 0xc02c563a, &(0x7f0000000040)={0xf, {0x4, 0x88, 0x80000001, 0x5}, {0xf3, 0x1000, 0x1, 0x3}, {0x6, 0x2}}) connect$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0xfffffffffffffffc, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f0000000100)=""/4096) [ 1029.013275][T10848] binder_transaction: 2 callbacks suppressed [ 1029.013297][T10848] binder: 10838:10848 got transaction with invalid data ptr [ 1029.043465][T10848] binder: 10838:10848 transaction failed 29201/-14, size 8192-0 line 3179 15:30:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff]}) 15:30:32 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') r3 = request_key(&(0x7f0000000080)='pkcs7_test\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000340)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g', 0xfffffffffffffff8) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000100)={r3, 0x8001, 0xaa}, &(0x7f0000000180)={'enc=', 'oaep', ' hash=', {'ghash-ce\x00'}}, &(0x7f0000000200)="109306fa63e5f524fc8f3c0bb4799aa7a038bf08cf589b6dd6b59a1201ecea4469af2643f58a694274f5a756f53722ca2c8b440ffe4fd84880d8cb64ab75", &(0x7f0000000280)=""/120) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:32 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x14002, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x7, @dev={0xfe, 0x80, [], 0x20}, 0x8}}, [0x7, 0x8, 0x7, 0xfffffffffffff9b6, 0xfffffffffffffff9, 0x3, 0xfffffffffffffffb, 0x8, 0x400, 0x6, 0xfffffffe, 0xfff, 0x7, 0x20, 0x217]}, &(0x7f00000001c0)=0x100) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000200)={0x0, 0x204, 0x6, 0x3, r2}, &(0x7f0000000240)=0x10) [ 1029.121436][T10953] binder: BINDER_SET_CONTEXT_MGR already set 15:30:32 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) utime(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0xff, 0x5}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x545180, 0x81) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, 0x0, 0x0) dup3(r0, r0, 0x80000) connect$nfc_llcp(0xffffffffffffffff, &(0x7f0000000340)={0x27, 0x0, 0x1, 0x4, 0x0, 0x2000400000002, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x21}, 0x60) [ 1029.171958][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1029.178337][T10848] binder_alloc: 10838: binder_alloc_buf, no vma [ 1029.210080][T10953] binder: 10838:10953 ioctl 40046207 0 returned -16 15:30:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xfffffdfd]}) [ 1029.235793][T10848] binder: 10838:10848 transaction failed 29189/-3, size 8192-0 line 3147 [ 1029.252232][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000a070000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1029.281298][T10981] device nr0 entered promiscuous mode 15:30:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$cec(&(0x7f00000001c0)='/dev/cec#\x00', 0x3, 0x2) write$UHID_CREATE2(r1, &(0x7f00000003c0)={0xb, 'syz1\x00', 'syz0\x00', 'syz1\x00', 0xb8, 0xabd, 0x5, 0x5, 0x7, 0x8, "dc65b7394318872a7fc9a840c32ea6be7720d868891fba36a4bc381ed9e7f0a6f27bb59e1e556ca07b48c353bbfc1f9e0b25c863c6cf30a8f4f7bfba0dc3e0c963592058125c99b941167f469fe6a46ab54439703d0b5eca9d1db0210a635e048b586d6d9233948c3f291425ffaa814ad0f57190a7d882d849ad72a5ec9354d9de7e33b4f7b82f039ca677dbe718ae3e593491a305a06bb17dae4a7c24c1930835e74597cb995143c64936a757bc8c03ba31112e94e93ffb"}, 0x1d0) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x6, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x34}, 0x60) mount(&(0x7f0000000240)=@filename='./file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='jffs2\x00', 0x280004, 0x0) r2 = getuid() open(&(0x7f0000000200)='./file0\x00', 0x40200, 0x8) r3 = geteuid() mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x400, &(0x7f00000000c0)={'trans=unix,', {[{@version_u='version=9p2000.u'}, {@access_user='access=user'}, {@aname={'aname', 0x3d, '\'@!'}}, {@nodevmap='nodevmap'}, {@nodevmap='nodevmap'}, {@cache_mmap='cache=mmap'}], [{@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@pcr={'pcr', 0x3d, 0x2b}}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@fowner_gt={'fowner>', r2}}, {@obj_user={'obj_user', 0x3d, 'ppp0-'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'selinuxP'}}, {@fowner_lt={'fowner<', r3}}, {@obj_role={'obj_role', 0x3d, '/!'}}]}}) 15:30:32 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x101000, 0x0) ioctl$IMCTRLREQ(r0, 0x80044945, &(0x7f0000000100)={0x4008, 0x4, 0x9, 0x5}) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f0000000080)={'gre0\x00', 0x80000000}) setsockopt$packet_buf(r0, 0x107, 0xd, &(0x7f0000000140)="1db09bb4b77eabc7290a1582dab0f60b44cbcca485495be62ed3b98d1ea4c52ddd3c6a04e3c9106be9b20e9fbaf6b3ff9e519ca8e1f3b170c394aa11d0c313ce97261b4f07e32db0be329f6617fd76b00a06fc239af1f1542cbd687ef9d515611779699411e4945bf79b7bc228dcc78351104f1b63863c0d6e4612f1fdcb12b41657ffb487f7bd6d1965ba8cf25fabc496e292a628504c0d013f6d047b05186b602756ecdea3e60d41e04f4e2ea788235faf687b19c4183621ea615923d19733152775d9f9164776089e2b6330eca5fdc9e1859019b09889a0", 0xd9) 15:30:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x100000000000000]}) [ 1029.472649][T11082] binder: 11080:11082 got transaction with invalid data ptr [ 1029.492498][T11087] FAULT_INJECTION: forcing a failure. [ 1029.492498][T11087] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.505847][T11087] CPU: 1 PID: 11087 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1029.513836][T11087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1029.523894][T11087] Call Trace: [ 1029.527191][T11087] dump_stack+0x172/0x1f0 [ 1029.531526][T11087] should_fail.cold+0xa/0x15 [ 1029.536172][T11087] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1029.542015][T11087] ? ___might_sleep+0x163/0x280 [ 1029.545294][T11082] binder: 11080:11082 transaction failed 29201/-14, size 8192-0 line 3179 [ 1029.546890][T11087] __should_failslab+0x121/0x190 [ 1029.546912][T11087] should_failslab+0x9/0x14 [ 1029.546928][T11087] kmem_cache_alloc+0x2b2/0x6f0 [ 1029.546951][T11087] ? rcu_read_lock_sched_held+0x110/0x130 [ 1029.575427][T11087] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1029.581672][T11087] ? __mark_inode_dirty+0x241/0x1290 [ 1029.586974][T11087] ext4_mb_new_blocks+0x5a8/0x3c70 [ 1029.592098][T11087] ? mark_held_locks+0xa4/0xf0 [ 1029.596897][T11087] ? ext4_find_extent+0x76e/0x9d0 [ 1029.601961][T11087] ext4_ext_map_blocks+0x2c28/0x5300 [ 1029.605246][T11140] binder: BINDER_SET_CONTEXT_MGR already set [ 1029.613224][T11087] ? ext4_ext_release+0x10/0x10 [ 1029.613239][T11087] ? find_held_lock+0x35/0x130 [ 1029.613280][T11087] ext4_map_blocks+0x8c5/0x18e0 [ 1029.613301][T11087] ? ext4_issue_zeroout+0x190/0x190 [ 1029.622911][T11087] ? kasan_check_write+0x14/0x20 [ 1029.622925][T11087] ? __brelse+0x95/0xb0 [ 1029.622946][T11087] ext4_getblk+0xc4/0x510 [ 1029.622965][T11087] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1029.622986][T11087] ? ext4_free_inode+0x1450/0x1450 [ 1029.636439][T11140] binder: 11080:11140 ioctl 40046207 0 returned -16 [ 1029.638075][T11087] ext4_bread+0x8f/0x230 [ 1029.638092][T11087] ? ext4_getblk+0x510/0x510 [ 1029.638116][T11087] ext4_append+0x155/0x370 [ 1029.646587][T11087] ext4_mkdir+0x61b/0xdf0 [ 1029.646636][T11087] ? ext4_init_dot_dotdot+0x520/0x520 [ 1029.646659][T11087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1029.652303][T11082] binder_alloc: 11080: binder_alloc_buf, no vma [ 1029.656774][T11087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1029.656795][T11087] ? security_inode_permission+0xd5/0x110 [ 1029.656812][T11087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1029.656835][T11087] ? security_inode_mkdir+0xee/0x120 [ 1029.722138][T11087] vfs_mkdir+0x433/0x690 [ 1029.726377][T11087] do_mkdirat+0x234/0x2a0 [ 1029.730702][T11087] ? __ia32_sys_mknod+0xb0/0xb0 [ 1029.735546][T11087] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1029.741001][T11087] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1029.747086][T11087] ? do_syscall_64+0x26/0x610 [ 1029.751757][T11087] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1029.757046][T11087] __x64_sys_mkdir+0x5c/0x80 [ 1029.761636][T11087] do_syscall_64+0x103/0x610 [ 1029.766223][T11087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1029.772142][T11087] RIP: 0033:0x457627 [ 1029.776057][T11087] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1029.795652][T11087] RSP: 002b:00007f70dfadda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1029.804070][T11087] RAX: ffffffffffffffda RBX: 00000000200001e8 RCX: 0000000000457627 [ 1029.812054][T11087] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1029.820036][T11087] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1029.827998][T11087] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1029.836005][T11087] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1029.844261][ C1] net_ratelimit: 16 callbacks suppressed [ 1029.844269][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1029.845054][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1029.849965][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1029.855857][ C0] protocol 88fb is buggy, dev hsr_slave_0 15:30:33 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$ax25(0x3, 0x7, 0xce) close(r2) r3 = accept(r0, 0x0, &(0x7f0000000080)) setsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, &(0x7f00000000c0)=0x1, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) r5 = geteuid() setfsuid(r5) [ 1029.861974][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1029.867623][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1029.873387][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1029.879285][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1029.896445][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1029.902289][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1029.908074][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1029.929706][T11082] binder: 11080:11082 transaction failed 29189/-3, size 8192-0 line 3147 [ 1029.954123][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 15:30:33 executing program 3 (fault-call:0 fault-nth:33): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x5, 0x100000000, 0x0, 0xfff, 0x0, 0x3ff, 0x1000, 0x1, 0x8, 0x401, 0xe2e, 0x101, 0x8, 0x5, 0x0, 0xfc, 0xfaf, 0x5, 0x2, 0xfffffffffffff3d5, 0x800, 0x100000000, 0xff, 0xab, 0x2, 0x380000, 0x200001f, 0x9, 0x52fa, 0x9, 0xffffffff, 0x19d451f3, 0x0, 0x80, 0x7, 0x8, 0x0, 0x507, 0x1, @perf_bp={&(0x7f0000000000), 0x8}, 0x80, 0x20, 0x7, 0x6, 0x10000, 0x7ff, 0x5}, r2, 0xa, r0, 0xb) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:33 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000080)="f0b8d4120d6136674be6bbd0c9fffcb044faf28d4b28936e40d53daf5a5c479a64541a1e2be00fb677675ab79326ab05ba2d9842c25e91311c0be454e1119cc6942c6ffd223f9ea633dbb2dde0f23fcd36836a60c868dc876d5b45abe4e12f87c6850028a08a39511d4de341e0a97838dbe1869485bf8621df236f6974346073074928a0ec048135f1be8366014b58f40b5a9f5cfe133ce6e2c60f15067598136edbd5ae31d73644138624ba66e67846df3a6e0511f7863813a53997ee09fccce1de4ed7366d3d0d3ff0ab872d931146e1510af3842ec839d6c18c09d9a19fbb29009459449b21eb059a410d10be3467b8615ad8d5333f42ff2f397be5f4eb02") bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) socket$inet_smc(0x2b, 0x1, 0x0) 15:30:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x200000000000000]}) 15:30:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000q\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1030.035119][T11138] device nr0 entered promiscuous mode [ 1030.135696][T11218] FAULT_INJECTION: forcing a failure. [ 1030.135696][T11218] name failslab, interval 1, probability 0, space 0, times 0 [ 1030.147811][T11222] binder: 11215:11222 got transaction with invalid data ptr 15:30:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x300000000000000]}) 15:30:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x1) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1030.180429][T11222] binder: 11215:11222 transaction failed 29201/-14, size 8192-0 line 3179 [ 1030.226904][T11218] CPU: 0 PID: 11218 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1030.234910][T11218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1030.244966][T11218] Call Trace: [ 1030.248280][T11218] dump_stack+0x172/0x1f0 [ 1030.252633][T11218] should_fail.cold+0xa/0x15 [ 1030.257242][T11218] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1030.263066][T11218] ? ___might_sleep+0x163/0x280 [ 1030.267940][T11218] __should_failslab+0x121/0x190 [ 1030.272892][T11218] should_failslab+0x9/0x14 15:30:33 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1030.277437][T11218] __kmalloc_track_caller+0x2d8/0x740 [ 1030.282880][T11218] ? setup_sigcontext+0x7d0/0x7d0 [ 1030.287939][T11218] ? __bad_area_nosemaphore+0xb3/0x420 [ 1030.293401][T11218] ? strndup_user+0x77/0xd0 [ 1030.297921][T11218] memdup_user+0x26/0xb0 [ 1030.302177][T11218] strndup_user+0x77/0xd0 [ 1030.306529][T11218] ksys_mount+0x3c/0x150 [ 1030.310781][T11218] __x64_sys_mount+0xbe/0x150 [ 1030.315469][T11218] do_syscall_64+0x103/0x610 [ 1030.320080][T11218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1030.325977][T11218] RIP: 0033:0x45ac7a [ 1030.328022][T11328] binder_alloc: binder_alloc_mmap_handler: 11215 20000000-20002000 already mapped failed -16 [ 1030.329909][T11218] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1030.359638][T11218] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1030.359654][T11218] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1030.359662][T11218] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1030.359671][T11218] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1030.359679][T11218] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1030.359687][T11218] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x400000000000000]}) 15:30:33 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) ioctl$sock_TIOCOUTQ(r1, 0x5411, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000340)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1030.427865][T11329] binder: BINDER_SET_CONTEXT_MGR already set [ 1030.456140][T11329] binder: 11215:11329 ioctl 40046207 0 returned -16 15:30:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() pipe2(&(0x7f0000000000), 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x101400, 0x0) r0 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)=0x1c, 0x80000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x100000000002, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) 15:30:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:34 executing program 3 (fault-call:0 fault-nth:34): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:34 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x0, 0x2) ioctl$DRM_IOCTL_CONTROL(r1, 0x40086414, &(0x7f00000000c0)={0x1, 0x2}) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:34 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000080)=""/55, 0x37, 0x1, &(0x7f00000000c0)=@ax25={{0x3, @default, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f0000000180)={0x5, 0x70, 0x2, 0x146a, 0xb59, 0x7, 0x0, 0x9, 0x1000, 0xf, 0x4167d550, 0x6, 0x8001, 0x80, 0x6, 0x40, 0x9, 0x3, 0x401, 0x6, 0x6, 0x7, 0xfffffffffffffffb, 0xca2d, 0x5, 0x25, 0x19df, 0x1, 0x8, 0xffff, 0x9, 0x80000000, 0xffffffffffff8001, 0x5, 0x101, 0x1ff, 0x6, 0xab32, 0x0, 0x5, 0x1, @perf_config_ext={0x8001, 0x6}, 0x2000, 0x3, 0x3, 0x3, 0xd61, 0x80000000, 0x4}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1030.707547][T11352] binder: 11348:11352 got transaction with invalid data ptr [ 1030.730084][T11352] binder: 11348:11352 transaction failed 29201/-14, size 8192-0 line 3179 [ 1030.772259][T11356] binder: BINDER_SET_CONTEXT_MGR already set [ 1030.805713][T11356] binder: 11348:11356 ioctl 40046207 0 returned -16 15:30:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x500000000000000]}) 15:30:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @loopback, @multicast2}, &(0x7f00000004c0)=0xc) bind(r0, &(0x7f0000000500)=@ll={0x11, 0x17, r1, 0x1, 0x3, 0x6, @dev={[], 0x13}}, 0x80) r2 = syz_open_dev$media(&(0x7f0000000300)='/dev/media#\x00', 0x2, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000440)={0x9, 0x1}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r4, 0x800448d3, &(0x7f00000001c0)={{0xa14, 0x4, 0x1, 0xacb, 0x800, 0x8}, 0x4, 0xd13, 0x0, 0x1, 0x3, "f2997f71deff35a2a65fb4bd527c9b212fdeb672cc8738530d4996d7a2e8a43bd0405e54642ccfa1151e71b322ca48e180d7cc6419c61a2fea6475119edfd2b684135959c4b09c3d127a5d5d17dc53c7e706c2b9934a1592531b75664186dcf73099415b0062d425e2dd1feb8acf6350ccc080cf6b0f6180221b0920f1701951"}) fstat(r3, &(0x7f00000003c0)) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x100) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r5, 0x800448d3, &(0x7f00000000c0)={{0x100000001, 0x0, 0x74, 0x9, 0x8000, 0x8}, 0x3f, 0xffffffff, 0x9, 0xff, 0x7, "4c62bf82d66893f052eae5d80a2482f1b63d512bc65a1c8e446040bde80ff886331be46a58075bdd218713004249c3f2a15d3e0038fa3c13b57d768789d3ff3da165a6f00c2961439535f2527bde8b0c7992e5536eb6d2fe40f99b3800ecf0c37a2bf6c38217680f9f56406afd8abf511d701095a70679ecc3d59a86a1604514"}) openat$audio(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/audio\x00', 0x400, 0x0) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x0, 0x0) sendfile(r5, r0, &(0x7f0000000580)=0xf, 0x1ff) write$UHID_SET_REPORT_REPLY(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="0e0000001f0000000003010149"], 0xd) pipe2(&(0x7f0000000280), 0x800) ioctl$VIDIOC_G_CROP(r6, 0xc014563b, &(0x7f0000000040)={0xa, {0x2, 0xfffffffffffffffd, 0x1f, 0x255c0914}}) [ 1030.834602][T11352] binder_alloc: 11348: binder_alloc_buf, no vma [ 1030.861776][T11352] binder: 11348:11352 transaction failed 29189/-3, size 8192-0 line 3147 [ 1030.892084][T11403] device nr0 entered promiscuous mode 15:30:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000094000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:34 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x10003, 0x1) fcntl$getown(r0, 0x9) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000000c0)) r1 = getpgid(0xffffffffffffffff) r2 = getpgid(r1) fcntl$setownex(r0, 0xf, &(0x7f0000000080)={0x1, r2}) r3 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x2, 0x2) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10400008}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r4, 0x1, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1031.008259][T11476] binder: 11474:11476 got transaction with invalid data ptr [ 1031.030819][T11477] FAULT_INJECTION: forcing a failure. [ 1031.030819][T11477] name failslab, interval 1, probability 0, space 0, times 0 [ 1031.044065][T11477] CPU: 0 PID: 11477 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 15:30:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x600000000000000]}) [ 1031.052046][T11477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.062098][T11477] Call Trace: [ 1031.065412][T11477] dump_stack+0x172/0x1f0 [ 1031.069751][T11477] should_fail.cold+0xa/0x15 [ 1031.074394][T11477] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1031.080546][T11477] ? __sigqueue_alloc+0x173/0x4d0 [ 1031.085612][T11477] ? find_held_lock+0x35/0x130 [ 1031.090417][T11477] __should_failslab+0x121/0x190 [ 1031.095364][T11477] should_failslab+0x9/0x14 [ 1031.099876][T11477] kmem_cache_alloc+0x47/0x6f0 [ 1031.104645][T11477] ? kasan_check_read+0x11/0x20 [ 1031.109591][T11477] __sigqueue_alloc+0x268/0x4d0 [ 1031.114454][T11477] __send_signal+0xda3/0x1590 [ 1031.119149][T11477] send_signal+0x49/0xd0 [ 1031.123430][T11477] force_sig_info+0x251/0x310 [ 1031.128120][T11477] force_sig_fault+0xbb/0xf0 [ 1031.132722][T11477] ? force_sigsegv+0x120/0x120 [ 1031.137506][T11477] ? trace_hardirqs_on+0x67/0x230 [ 1031.142560][T11477] __bad_area_nosemaphore+0x332/0x420 [ 1031.147949][T11477] bad_area+0x69/0x80 [ 1031.152290][T11477] __do_page_fault+0x996/0xda0 [ 1031.157072][T11477] do_page_fault+0x71/0x581 [ 1031.161588][T11477] ? page_fault+0x8/0x30 [ 1031.165837][T11477] page_fault+0x1e/0x30 [ 1031.170025][T11477] RIP: 0033:0x451ebf [ 1031.173926][T11477] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 95 0b 00 00 66 0f ef c0 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f [ 1031.193567][T11477] RSP: 002b:00007f70dfadda88 EFLAGS: 00010283 [ 1031.199638][T11477] RAX: 00007f70dfaddb40 RBX: 00000000200001e8 RCX: 0000000000000000 [ 1031.207617][T11477] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f70dfaddb40 [ 1031.215592][T11477] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a [ 1031.223571][T11477] R10: 0000000000000075 R11: 00000000004e1420 R12: 0000000000000004 [ 1031.231551][T11477] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1031.257424][T11525] binder: BINDER_SET_CONTEXT_MGR already set 15:30:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x1, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x574) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00') r3 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x2, 0x2) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x20000, 0x0) r5 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x180000, 0x400200) r6 = fcntl$dupfd(r1, 0x406, r1) r7 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x2, 0x101000) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x80, r2, 0x0, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7}, @NBD_ATTR_SOCKETS={0x34, 0x7, [{0x8, 0x1, r3}, {0x8, 0x1, r1}, {0x8, 0x1, r4}, {0x8, 0x1, r5}, {0x8, 0x1, r6}, {0x8, 0x1, r7}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x800}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xc2d}, @NBD_ATTR_TIMEOUT={0xc}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x90) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f00000002c0)={0x5, 0x31435750, 0x3, 0xffffffffffffffff, 0x3, @discrete={0x8001, 0x59b}}) write$eventfd(r7, &(0x7f0000000300)=0xfff, 0x8) 15:30:34 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) r3 = open(&(0x7f0000000080)='./file0\x00', 0x101040, 0x40) r4 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x0, 0x2) r5 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x1, 0x24800) r6 = openat$full(0xffffffffffffff9c, 0xfffffffffffffffd, 0x600, 0x0) r7 = memfd_create(&(0x7f0000000340)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g', 0x7) ioctl$UDMABUF_CREATE_LIST(r3, 0x40087543, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000004000000", @ANYRES32=r4, @ANYBLOB="00000000004000f0ffffffff0040000001000000", @ANYRES32=r5, @ANYBLOB="0000000000f0ffffffffffff00f0ffffffffffff", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r7, @ANYBLOB="000000000000000000000060fb34137ff60000f0"]) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000540)={0x0, @in={{0x2, 0x4e23, @multicast2}}}, &(0x7f0000000280)=0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000001180)=ANY=[@ANYRES32=r8, @ANYBLOB="82000000b4c3e69d57568f9fe48df2b0952896b2e12ff1d866c7de76fe3df67966733f8af07d3636d8427fcf7b1f7325ef6e4fe6bc74a0a901bd79a29f0fed65fc41a0e39d028d65952c4c903964d86d7938d9e3ed5273f30343e3d5ee60d79524851990e42340d9d3c375505eecb93e776b36bc1cab47fc100f1faf61933afb8ba75e2a419deeb1cefe5f3584678b6838567954033c048e79f7383d5f75e348cc9ebad69f487353ae449316e48a8f8acc8a23c5979dcbfab5b266fc72a48169e13bac4769d3baed52a711cd31d645c5908aa8005f4a043bb96d4f7a3dc124d488106e5a842339539a786f5418ff590729aae0801d13b79461ea56d9d18386a8ed6d36d83ee5c9408da8661eeeacf0bbb4d423687c13dc09a0f0a8766992471cb96c"], &(0x7f00000002c0)=0x8a) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r9 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r9) fstat(r2, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0}) r11 = getuid() fstat(r4, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000a40)={{{@in6=@initdev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000000b40)=0xe8) fstat(r4, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000c00)={{{@in=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@local}}, &(0x7f0000000d00)=0xe8) getresuid(&(0x7f0000000d40), &(0x7f0000000d80)=0x0, &(0x7f0000000840)) fstat(r1, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000e80)='./file0\x00', &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r19 = getgid() r20 = getgid() lstat(&(0x7f0000000f40)='./file0\x00', &(0x7f0000000f80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r22 = getgid() stat(&(0x7f0000001000)='./file0\x00', &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r24 = getgid() r25 = getgid() setxattr$system_posix_acl(&(0x7f0000000600)='./file0\x00', &(0x7f0000000900)='system.posix_acl_default\x00', &(0x7f00000010c0)={{}, {0x1, 0x1}, [{0x2, 0x2, r10}, {0x2, 0x2, r11}, {0x2, 0x2, r12}, {0x2, 0x4, r13}, {0x2, 0x1, r14}, {0x2, 0x1, r15}, {0x2, 0x2, r16}, {0x2, 0x0, r17}], {0x4, 0x5}, [{0x8, 0x1, r18}, {0x8, 0x4, r19}, {0x8, 0x2, r20}, {0x8, 0x6, r21}, {0x8, 0x3, r22}, {0x8, 0x5, r23}, {0x8, 0x1, r24}, {0x8, 0x5, r25}], {0x10, 0x2}, {0x20, 0x2}}, 0xa4, 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r26, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r1, 0x0}]) [ 1031.284389][T11525] binder: 11474:11525 ioctl 40046207 0 returned -16 15:30:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x700000000000000]}) 15:30:34 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x400, 0x20) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f0000000140)=0xb1b1, 0x4) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x6, 0x8, "ce939ada2d0823594b1024e3ba8d707a5df28fa59bd70000670ac32c7e6498ce44ca70a4ddbfe8f748060028dda5dae2980315286b53f6da9424bb947340ad", 0x2b}, 0x108) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)=0x0) fsetxattr$security_capability(r0, &(0x7f0000000100)='security.capability\x00', &(0x7f0000000240)=@v3={0x3000000, [{0x0, 0xffffffff}, {0x2, 0xabf1}], r2}, 0x18, 0x3) ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000080)={0x80fd, 0x2}) [ 1031.432226][T11592] device nr0 entered promiscuous mode 15:30:35 executing program 3 (fault-call:0 fault-nth:35): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000070a0000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x800000000000000]}) 15:30:35 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0xfffffffffffffffe, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) fstat(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x1, &(0x7f0000000100)=[r1]) 15:30:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$mice(&(0x7f0000000540)='/dev/input/mice\x00', 0x0, 0x40) write$P9_RREADLINK(r1, &(0x7f0000000580)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/dlm-monitor\x00', 0x408000, 0x0) inotify_add_watch(r2, &(0x7f0000000500)='./file0\x00', 0x30000800) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x6, 0x10000) ioctl$EVIOCGPROP(r3, 0x80404509, &(0x7f0000000400)=""/150) r4 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3f, 0x10000) r5 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r5, &(0x7f0000000080)={0x2, 0x1400000000004e20, @loopback}, 0x10) sendmsg(r5, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000000)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x7c, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r6 = semget(0x3, 0x4, 0x0) semctl$GETNCNT(r6, 0x0, 0xe, &(0x7f00000001c0)=""/207) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r4, &(0x7f00000000c0)="e714bce15b9ffd0091df6183bbab81e1f393fedd64ea35693635a7a0490f9d024f08f060d5eba75b29d1adce85ac11fd5ed9d47362b0e51a033b634f4c000e7ca2783c9fc59192f205e13e8690ecd10cc76b17f0f0e55a2b509ffebd3b4362cee91d484933c7a6b75c030a34000bf4753923b6e06c6137de4289c9ab6f0691f8c06da865fb118fd3f4644be1160dc14d2464d8d47b0edd27947ab92fbc24bc84956687b2a989a6563f293b373483da9a14e0adf271cb6e0c8e2e729579d0b2eede12bfb206db1c5f5fb76c74a876a2fe896493d5a4cdc5455d36e0c07a02aa02f52c652108b8e9963e", &(0x7f00000002c0)=""/73}, 0x18) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x1, r4}) 15:30:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xa00000000000000]}) 15:30:35 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x202, 0x0) write$P9_RFLUSH(r2, &(0x7f0000000100)={0x7, 0x6d, 0x2}, 0x7) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000080)='\x00\xb2\x9c') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1031.633177][T11710] binder: 11709:11710 got transaction with invalid data ptr [ 1031.648847][T11730] binder: BINDER_SET_CONTEXT_MGR already set [ 1031.741366][T11747] FAULT_INJECTION: forcing a failure. [ 1031.741366][T11747] name failslab, interval 1, probability 0, space 0, times 0 [ 1031.747139][T11710] binder_alloc: 11709: binder_alloc_buf, no vma [ 1031.753989][T11747] CPU: 1 PID: 11747 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1031.754001][T11747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.754007][T11747] Call Trace: [ 1031.754045][T11747] dump_stack+0x172/0x1f0 [ 1031.754070][T11747] should_fail.cold+0xa/0x15 [ 1031.776765][T11730] binder: 11709:11730 ioctl 40046207 0 returned -16 [ 1031.778333][T11747] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1031.778349][T11747] ? __sigqueue_alloc+0x173/0x4d0 [ 1031.778366][T11747] ? find_held_lock+0x35/0x130 [ 1031.778388][T11747] __should_failslab+0x121/0x190 [ 1031.817611][T11747] should_failslab+0x9/0x14 [ 1031.822196][T11747] kmem_cache_alloc+0x47/0x6f0 [ 1031.826980][T11747] ? kasan_check_read+0x11/0x20 [ 1031.831845][T11747] __sigqueue_alloc+0x268/0x4d0 [ 1031.836710][T11747] __send_signal+0xda3/0x1590 [ 1031.836734][T11747] send_signal+0x49/0xd0 [ 1031.836751][T11747] force_sig_info+0x251/0x310 [ 1031.836773][T11747] force_sig_fault+0xbb/0xf0 [ 1031.845676][T11747] ? force_sigsegv+0x120/0x120 [ 1031.845704][T11747] ? trace_hardirqs_on+0x67/0x230 [ 1031.845725][T11747] __bad_area_nosemaphore+0x332/0x420 [ 1031.845748][T11747] bad_area+0x69/0x80 [ 1031.854986][T11747] __do_page_fault+0x996/0xda0 [ 1031.855013][T11747] do_page_fault+0x71/0x581 [ 1031.855036][T11747] ? page_fault+0x8/0x30 [ 1031.855068][T11747] page_fault+0x1e/0x30 [ 1031.864841][T11747] RIP: 0033:0x451ebf [ 1031.864857][T11747] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 95 0b 00 00 66 0f ef c0 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f [ 1031.864865][T11747] RSP: 002b:00007f70dfadda88 EFLAGS: 00010283 [ 1031.864877][T11747] RAX: 00007f70dfaddb40 RBX: 00000000200001e8 RCX: 0000000000000000 [ 1031.864886][T11747] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f70dfaddb40 15:30:35 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80800001}, 0xc, &(0x7f0000000300)={&(0x7f0000000100)={0x1dc, r2, 0x0, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3c}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x60f0}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}]}, @TIPC_NLA_MEDIA={0xd8, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_LINK={0x78, 0x4, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x740}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6f46}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xee}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8db}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5a90}]}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}]}, 0x1dc}, 0x1, 0x0, 0x0, 0x40}, 0x10) recvfrom$inet(r1, &(0x7f0000000380)=""/72, 0x48, 0x40000103, &(0x7f0000000400)={0x2, 0x4e24, @empty}, 0x10) 15:30:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000050b0000000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1031.864895][T11747] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a [ 1031.864904][T11747] R10: 0000000000000075 R11: 00000000004e1420 R12: 0000000000000004 [ 1031.864912][T11747] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x4800000000000000]}) [ 1032.017848][T11836] binder: 11832:11836 got transaction with invalid data ptr [ 1032.037660][T11856] binder: BINDER_SET_CONTEXT_MGR already set [ 1032.044340][T11856] binder: 11832:11856 ioctl 40046207 0 returned -16 [ 1032.053297][T11836] binder_alloc: 11832: binder_alloc_buf, no vma 15:30:35 executing program 3 (fault-call:0 fault-nth:36): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$mice(&(0x7f0000000540)='/dev/input/mice\x00', 0x0, 0x40) write$P9_RREADLINK(r1, &(0x7f0000000580)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/dlm-monitor\x00', 0x408000, 0x0) inotify_add_watch(r2, &(0x7f0000000500)='./file0\x00', 0x30000800) connect$nfc_llcp(r0, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x6, 0x10000) ioctl$EVIOCGPROP(r3, 0x80404509, &(0x7f0000000400)=""/150) r4 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3f, 0x10000) r5 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r5, &(0x7f0000000080)={0x2, 0x1400000000004e20, @loopback}, 0x10) sendmsg(r5, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000000000)=[{&(0x7f00000001c0)='*', 0x1}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x7c, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r6 = semget(0x3, 0x4, 0x0) semctl$GETNCNT(r6, 0x0, 0xe, &(0x7f00000001c0)=""/207) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r4, &(0x7f00000000c0)="e714bce15b9ffd0091df6183bbab81e1f393fedd64ea35693635a7a0490f9d024f08f060d5eba75b29d1adce85ac11fd5ed9d47362b0e51a033b634f4c000e7ca2783c9fc59192f205e13e8690ecd10cc76b17f0f0e55a2b509ffebd3b4362cee91d484933c7a6b75c030a34000bf4753923b6e06c6137de4289c9ab6f0691f8c06da865fb118fd3f4644be1160dc14d2464d8d47b0edd27947ab92fbc24bc84956687b2a989a6563f293b373483da9a14e0adf271cb6e0c8e2e729579d0b2eede12bfb206db1c5f5fb76c74a876a2fe896493d5a4cdc5455d36e0c07a02aa02f52c652108b8e9963e", &(0x7f00000002c0)=""/73}, 0x18) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x1, r4}) [ 1032.067493][ T8371] binder_release_work: 6 callbacks suppressed [ 1032.067512][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1032.099756][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 15:30:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000010000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:35 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0xffffffffffff8af4, 0x1) ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f00000000c0)={0x7, 0x8, 0x1}) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x200000, 0x0) [ 1032.298456][T11958] FAULT_INJECTION: forcing a failure. [ 1032.298456][T11958] name failslab, interval 1, probability 0, space 0, times 0 [ 1032.322146][T11963] binder: 11956:11963 got transaction with invalid data ptr 15:30:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x4c00000000000000]}) [ 1032.361021][T11966] binder: BINDER_SET_CONTEXT_MGR already set [ 1032.367626][T11958] CPU: 0 PID: 11958 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1032.376484][T11958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1032.376506][T11958] Call Trace: [ 1032.389839][T11958] dump_stack+0x172/0x1f0 [ 1032.394181][T11958] should_fail.cold+0xa/0x15 [ 1032.398787][T11958] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1032.404613][T11958] ? ___might_sleep+0x163/0x280 [ 1032.409489][T11958] __should_failslab+0x121/0x190 [ 1032.414455][T11958] should_failslab+0x9/0x14 [ 1032.418965][T11958] __kmalloc_track_caller+0x2d8/0x740 [ 1032.424344][T11958] ? setup_sigcontext+0x7d0/0x7d0 [ 1032.424365][T11958] ? __bad_area_nosemaphore+0xb3/0x420 [ 1032.424382][T11958] ? strndup_user+0x77/0xd0 [ 1032.424405][T11958] memdup_user+0x26/0xb0 [ 1032.443585][T11958] strndup_user+0x77/0xd0 [ 1032.447932][T11958] ksys_mount+0x3c/0x150 [ 1032.452181][T11958] __x64_sys_mount+0xbe/0x150 [ 1032.456869][T11958] do_syscall_64+0x103/0x610 [ 1032.460900][T11966] binder: 11956:11966 ioctl 40046207 0 returned -16 [ 1032.461478][T11958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1032.474424][T11958] RIP: 0033:0x45ac7a [ 1032.474815][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1032.478323][T11958] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1032.478332][T11958] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1032.478347][T11958] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1032.478369][T11958] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1032.478378][T11958] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1032.478386][T11958] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1032.478395][T11958] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1032.488222][T11963] binder_alloc: 11956: binder_alloc_buf, no vma 15:30:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000020000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:36 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x10000, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x4e000, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x0f\x00', 0x4008}) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000280)={0x0, 0x2710}, 0x10) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='reno\x00', 0x5) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/attr/exec\x00', 0x2, 0x0) io_setup(0x3, &(0x7f0000000240)=0x0) ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f00000002c0)) io_submit(r7, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) ioctl$PPPIOCGL2TPSTATS(r4, 0x80487436, &(0x7f0000000340)="91d23fa8cd4e68affe62a18abb8988f625718da55c5688b967e399aedbbc0d48db5cccf6d444d6b819a250f6695567c0a0c59ae11ea4fca4db1f39c5dc220b3a5af4b23dc61452cb793a284c3135edffdcd9f7e723102fe0fd58189e3b30f5b8438e887a9f270e07146d967ce9a1ce5c773e742a33340f689bdbb492bd4ba5d6fcfc1f4a726fc65ea39f3979e5b76f085ec0013b02579a18154f04a38845727609c1dd45ec227c0c9679d28f35b2c3d9045a0811808265794d4e2cdbe91fc645b3c18c8997b5") fcntl$F_GET_RW_HINT(r6, 0x40b, &(0x7f0000000080)) 15:30:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xa, 0x6, 0x8001, 0x100000000, '\x00', 0xf3}) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r1, &(0x7f0000000340)={0x27, 0x0, 0x0, 0x4, 0x0, 0x2, "780cd0b0fcf4110c019c56b89bc9effd5768f7ae79d490b632da37e2a44df458518ef0cddc9e96ec28aea9999d4fec41834eacb9d97557a29de40b35cb70af", 0x1d}, 0x60) [ 1032.567145][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 15:30:36 executing program 3 (fault-call:0 fault-nth:37): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x6800000000000000]}) [ 1032.740539][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000030000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1032.786111][T12089] FAULT_INJECTION: forcing a failure. [ 1032.786111][T12089] name failslab, interval 1, probability 0, space 0, times 0 15:30:36 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000080)={'team0\x00', 0x400}) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000000c0)=0x800, 0x4) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1032.834452][T12089] CPU: 0 PID: 12089 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1032.842484][T12089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1032.842491][T12089] Call Trace: [ 1032.842536][T12089] dump_stack+0x172/0x1f0 [ 1032.842572][T12089] should_fail.cold+0xa/0x15 [ 1032.842613][T12089] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1032.870634][T12089] ? ___might_sleep+0x163/0x280 [ 1032.875516][T12089] __should_failslab+0x121/0x190 [ 1032.880475][T12089] should_failslab+0x9/0x14 [ 1032.885001][T12089] __kmalloc_track_caller+0x2d8/0x740 [ 1032.890380][T12089] ? setup_sigcontext+0x7d0/0x7d0 [ 1032.895406][T12089] ? __bad_area_nosemaphore+0xb3/0x420 [ 1032.895423][T12089] ? strndup_user+0x77/0xd0 [ 1032.895441][T12089] memdup_user+0x26/0xb0 [ 1032.895461][T12089] strndup_user+0x77/0xd0 [ 1032.913957][T12089] ksys_mount+0x3c/0x150 [ 1032.915341][T12097] binder: 12095:12097 got transaction with invalid data ptr [ 1032.918220][T12089] __x64_sys_mount+0xbe/0x150 [ 1032.918241][T12089] do_syscall_64+0x103/0x610 [ 1032.918260][T12089] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1032.918290][T12089] RIP: 0033:0x45ac7a [ 1032.944570][T12089] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1032.954463][T12097] binder_transaction: 8 callbacks suppressed [ 1032.954487][T12097] binder: 12095:12097 transaction failed 29201/-14, size 8192-0 line 3179 15:30:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x6c00000000000000]}) 15:30:36 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r0, 0x29, 0x10, 0x0, &(0x7f0000000140)) r1 = semget$private(0x0, 0x6, 0x18) semctl$GETZCNT(r1, 0x3, 0xf, &(0x7f0000000000)=""/199) [ 1032.964173][T12089] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1032.964188][T12089] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1032.964197][T12089] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1032.964207][T12089] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1032.964216][T12089] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1032.964225][T12089] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:36 executing program 3 (fault-call:0 fault-nth:38): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:36 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x200000, 0x0) ioctl$RTC_RD_TIME(r2, 0x80247009, &(0x7f00000000c0)) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000001c0)={'nr0\x01\x00', 0x4002}) socket$inet_smc(0x2b, 0x1, 0x0) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000180)={r3, 0x0, 0x1, 0x5, 0x76}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x250, 0x4) io_setup(0x9, &(0x7f0000000200)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:36 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000080)={r0}) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)={@rand_addr=0x10000, @broadcast, 0x0, 0x6, [@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @broadcast, @remote, @broadcast, @rand_addr=0x100]}, 0x28) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x1000, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:36 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4001fc) mknod$loop(&(0x7f0000000100)='./file0\x00', 0x400002200006008, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKBSZGET(r1, 0x4c03, &(0x7f0000000040)) 15:30:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x7400000000000000]}) [ 1033.207250][T12213] FAULT_INJECTION: forcing a failure. [ 1033.207250][T12213] name failslab, interval 1, probability 0, space 0, times 0 [ 1033.280884][T12213] CPU: 1 PID: 12213 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1033.288980][T12213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.299057][T12213] Call Trace: [ 1033.302369][T12213] dump_stack+0x172/0x1f0 [ 1033.306725][T12213] should_fail.cold+0xa/0x15 [ 1033.311326][T12213] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1033.317172][T12213] ? ___might_sleep+0x163/0x280 [ 1033.322051][T12213] __should_failslab+0x121/0x190 [ 1033.326999][T12213] should_failslab+0x9/0x14 [ 1033.331527][T12213] kmem_cache_alloc_trace+0x2d1/0x760 [ 1033.336932][T12213] alloc_fs_context+0x5a/0x640 [ 1033.341718][T12213] fs_context_for_mount+0x25/0x30 [ 1033.346747][T12213] do_mount+0x13d7/0x2c40 [ 1033.351140][T12213] ? copy_mount_string+0x40/0x40 [ 1033.355458][T12230] binder: BINDER_SET_CONTEXT_MGR already set [ 1033.356096][T12213] ? _copy_from_user+0xdd/0x150 [ 1033.356119][T12213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.356133][T12213] ? copy_mount_options+0x280/0x3a0 15:30:36 executing program 2: sysfs$3(0x3) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x16, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="85000000070000004c0000000000003f0000000000000000"], &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xd00, 0x0, 0x0, 0x0}, 0x28) 15:30:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x7a00000000000000]}) [ 1033.356150][T12213] ksys_mount+0xdb/0x150 [ 1033.356171][T12213] __x64_sys_mount+0xbe/0x150 [ 1033.362378][T12230] binder: 12095:12230 ioctl 40046207 0 returned -16 [ 1033.367507][T12213] do_syscall_64+0x103/0x610 [ 1033.367528][T12213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1033.367541][T12213] RIP: 0033:0x45ac7a [ 1033.367557][T12213] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1033.367565][T12213] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1033.367587][T12213] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1033.374864][T12097] binder_alloc: 12095: binder_alloc_buf, no vma [ 1033.378988][T12213] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1033.378998][T12213] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1033.379006][T12213] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 15:30:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xbf00000000000000]}) [ 1033.379015][T12213] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1033.416150][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 [ 1033.482543][T12097] binder: 12095:12097 transaction failed 29189/-3, size 8192-0 line 3147 [ 1033.484507][T12235] device nr0 entered promiscuous mode 15:30:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000040000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:37 executing program 2: r0 = socket$inet(0x2, 0x1, 0x1) getsockopt(r0, 0xff, 0x1, 0x0, &(0x7f0000000040)=0xfffffd4f) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)=""/188, &(0x7f0000000000)=0xbc) 15:30:37 executing program 0: syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000000c0), 0x1) ioctl$TIOCSBRK(r0, 0x5427) [ 1033.623887][T12343] binder: BINDER_SET_CONTEXT_MGR already set [ 1033.629911][T12343] binder: 12340:12343 ioctl 40046207 0 returned -16 15:30:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xfd00000000000000]}) [ 1033.669529][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 [ 1033.687661][T12351] binder_alloc: 12095: binder_alloc_buf, no vma [ 1033.716133][T12351] binder: 12340:12351 transaction failed 29189/-3, size 8192-0 line 3147 [ 1033.750071][ T8371] binder: undelivered TRANSACTION_ERROR: 29189 [ 1033.750548][T12343] binder: 12340:12343 got transaction with invalid data ptr 15:30:37 executing program 3 (fault-call:0 fault-nth:39): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:37 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x400000, 0x0) ioctl$ASHMEM_GET_PIN_STATUS(r4, 0x7709, 0x0) 15:30:37 executing program 0: r0 = socket$inet_dccp(0x2, 0x6, 0x0) recvmmsg(r0, &(0x7f0000003980)=[{{&(0x7f0000000000)=@ax25={{0x3, @rose}, [@null, @rose, @netrom, @bcast, @remote, @rose, @null, @null]}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000080)=""/28, 0x1c}, {&(0x7f00000000c0)=""/187, 0xbb}], 0x2, &(0x7f00000001c0)=""/248, 0xf8}, 0x2}, {{&(0x7f00000002c0)=@generic, 0x80, &(0x7f0000000600)=[{&(0x7f0000000340)=""/182, 0xb6}, {&(0x7f0000000400)=""/63, 0x3f}, {&(0x7f0000000440)=""/186, 0xba}, {&(0x7f0000000500)=""/127, 0x7f}, {&(0x7f0000000580)=""/113, 0x71}], 0x5}, 0x576c}, {{&(0x7f0000000680)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f00000019c0)=[{&(0x7f0000000700)=""/141, 0x8d}, {&(0x7f00000007c0)}, {&(0x7f0000000800)=""/32, 0x20}, {&(0x7f0000000840)=""/191, 0xbf}, {&(0x7f0000000900)=""/61, 0x3d}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/92, 0x5c}], 0x7, &(0x7f0000001a40)=""/144, 0x90}, 0x800}, {{&(0x7f0000001b00)=@can, 0x80, &(0x7f0000001e40)=[{&(0x7f0000001b80)=""/238, 0xee}, {&(0x7f0000001c80)=""/221, 0xdd}, {&(0x7f0000001d80)=""/184, 0xb8}], 0x3, &(0x7f0000001e80)=""/254, 0xfe}, 0x9}, {{&(0x7f0000001f80)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x80, &(0x7f0000003040)=[{&(0x7f0000002000)=""/21, 0x15}, {&(0x7f0000002040)=""/4096, 0x1000}], 0x2, &(0x7f0000003080)=""/91, 0x5b}, 0x100000000}, {{&(0x7f0000003100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x80, &(0x7f0000003380)=[{&(0x7f0000003180)=""/201, 0xc9}, {&(0x7f0000003280)=""/226, 0xe2}], 0x2, &(0x7f00000033c0)=""/2, 0x2}, 0xb000000000000000}, {{&(0x7f0000003400)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f00000038c0)=[{&(0x7f0000003480)=""/131, 0x83}, {&(0x7f0000003540)=""/209, 0xd1}, {&(0x7f0000003640)=""/116, 0x74}, {&(0x7f00000036c0)=""/1, 0x1}, {&(0x7f0000003700)=""/159, 0x9f}, {&(0x7f00000037c0)=""/219, 0xdb}], 0x6, &(0x7f0000003940)=""/16, 0x10}, 0x4}], 0x7, 0x1, &(0x7f0000003b40)={0x77359400}) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000003bc0)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000003d00)={&(0x7f0000003b80)={0x10, 0x0, 0x0, 0x20100}, 0xc, &(0x7f0000003cc0)={&(0x7f0000003c00)={0x9c, r2, 0x220, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1d35}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x60000000000000}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4d86}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffffffffffc}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA={0x34, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40}, 0x800) 15:30:37 executing program 2: r0 = socket$kcm(0x10, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="2e000000190081ace4050cecff091ffa1c6a2348200e00faf0265184cf6df4e522006db6a6a0d6576b1900000000", 0x2e}], 0x4a}, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x400, 0x0) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x88, r2, 0x401, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_ALGID={0x8, 0x6, 0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xffffffff}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5bc0}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x80000000}, @SEG6_ATTR_DST={0x14, 0x1, @rand_addr="2544b67c49fc78a8c6eba5d96d777bfe"}, @SEG6_ATTR_DST={0x14, 0x1, @ipv4={[], [], @rand_addr=0xffffffffffff1e97}}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x3}]}, 0x88}, 0x1, 0x0, 0x0, 0x400c000}, 0x48000) [ 1033.820620][T12343] binder: 12340:12343 transaction failed 29201/-14, size 8192-0 line 3179 [ 1033.829331][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 15:30:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 15:30:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000050000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1033.943399][T12474] FAULT_INJECTION: forcing a failure. [ 1033.943399][T12474] name failslab, interval 1, probability 0, space 0, times 0 [ 1034.031375][T12474] CPU: 0 PID: 12474 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1034.039399][T12474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.049455][T12474] Call Trace: [ 1034.052784][T12474] dump_stack+0x172/0x1f0 [ 1034.057131][T12474] should_fail.cold+0xa/0x15 [ 1034.061747][T12474] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1034.067569][T12474] ? ___might_sleep+0x163/0x280 [ 1034.072427][T12474] __should_failslab+0x121/0x190 [ 1034.072449][T12474] should_failslab+0x9/0x14 [ 1034.072467][T12474] kmem_cache_alloc_trace+0x2d1/0x760 [ 1034.072490][T12474] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 1034.081914][T12474] ? rcu_read_lock_sched_held+0x110/0x130 [ 1034.081929][T12474] ? kmem_cache_alloc_trace+0x354/0x760 [ 1034.081953][T12474] legacy_init_fs_context+0x48/0xe0 [ 1034.081982][T12474] ? generic_parse_monolithic+0x200/0x200 [ 1034.081999][T12474] alloc_fs_context+0x365/0x640 [ 1034.082020][T12474] fs_context_for_mount+0x25/0x30 [ 1034.082046][T12474] do_mount+0x13d7/0x2c40 [ 1034.109488][T12516] binder: 12483:12516 got transaction with invalid data ptr [ 1034.109601][T12474] ? copy_mount_string+0x40/0x40 [ 1034.118589][T12516] binder: 12483:12516 transaction failed 29201/-14, size 8192-0 line 3179 [ 1034.120140][T12474] ? _copy_from_user+0xdd/0x150 [ 1034.120162][T12474] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.120184][T12474] ? copy_mount_options+0x280/0x3a0 [ 1034.146185][T12532] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.150211][T12474] ksys_mount+0xdb/0x150 [ 1034.150229][T12474] __x64_sys_mount+0xbe/0x150 [ 1034.150262][T12474] do_syscall_64+0x103/0x610 [ 1034.150285][T12474] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1034.167161][T12532] binder: 12483:12532 ioctl 40046207 0 returned -16 [ 1034.172487][T12474] RIP: 0033:0x45ac7a [ 1034.172503][T12474] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1034.172511][T12474] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 15:30:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2]}) 15:30:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000040000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:37 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x2, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1034.172533][T12474] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1034.172543][T12474] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1034.172552][T12474] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1034.172573][T12474] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1034.172581][T12474] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1034.230698][T12592] binder: BINDER_SET_CONTEXT_MGR already set 15:30:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3]}) [ 1034.280860][T12479] device nr0 entered promiscuous mode [ 1034.293766][T12592] binder: 12549:12592 ioctl 40046207 0 returned -16 [ 1034.294133][T12599] binder_alloc: 12483: binder_alloc_buf, no vma 15:30:37 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x1, 0x0) sendmsg$key(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x17, 0x7, 0x7, 0x2e, 0x0, 0x70bd26, 0x25dfdbfb, [@sadb_ident={0x2, 0xb, 0x557}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x6e6bb5, 0x6, {0x6, 0x6c, 0x10001, 0x80, 0x0, 0x9b, 0x0, @in6=@dev={0xfe, 0x80, [], 0xd}, @in=@rand_addr=0x4}}, @sadb_x_sec_ctx={0x3, 0x18, 0x6, 0xa3f, 0xb, "f4f54089b4aa328cee5f81"}, @sadb_x_filter={0x5, 0x1a, @in=@multicast2, @in=@broadcast, 0x0, 0x14, 0x14}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e24, 0x2, @mcast1, 0x5}, @in6={0xa, 0x4e24, 0x4f366f39, @mcast2, 0x7}}, @sadb_x_filter={0x5, 0x1a, @in6=@remote, @in=@remote, 0x1f, 0x0, 0x4}, @sadb_x_filter={0x5, 0x1a, @in6=@loopback, @in6=@loopback, 0x2, 0x14, 0x10}, @sadb_key={0x3, 0x9, 0x80, 0x0, "8694c51b40b2c43c64552c3adb9ea868"}, @sadb_x_kmaddress={0x5, 0x19, 0x0, @in={0x2, 0x4e23, @rand_addr=0x8000}, @in={0x2, 0x4e23, @broadcast}}]}, 0x170}}, 0x0) [ 1034.371701][T12599] binder: 12549:12599 transaction failed 29189/-3, size 8192-0 line 3147 15:30:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}) [ 1034.428185][ T8371] binder: undelivered TRANSACTION_ERROR: 29201 15:30:38 executing program 3 (fault-call:0 fault-nth:40): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000060000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:38 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)={@rand_addr, @local, 0x0}, &(0x7f0000000200)=0xc) sendmsg$xdp(r3, &(0x7f00000019c0)={&(0x7f0000000280)={0x2c, 0x5, r4, 0x23}, 0x10, &(0x7f0000001a40)=[{&(0x7f0000000340)="b6044a733877a214e68ac816316ea97bad945f3a19a2f00eaac7ab057481705df7bff821b39e0a4e6aa13c25e8e57f6fe31bc7df79f1474cda874b8d81f56241c2b3ea44e995920244ebfe392fff699e2cd6a6d5b20348f0e30e1604643fcf47a603a2fad41bdb2249a6b81fd4c9d7f37d26a071ccf25d6576d63bbe6a062a2c5651dda0d53d12c2675879054b004ac5d49fd84dbcc2009534beb1f76a9fb94c8f1d9deabd67da", 0xa7}, {&(0x7f00000002c0)="de648e299f7dee23caf29984902d9ab80b354a24c8", 0x15}, {&(0x7f0000000400)="6062cdee16a3fb07bfb71f518c5c02c8b2a323159de817d444ee34bbb7e2058c3d2fc191262713d6263146e09a07b200cbb3ab36a4512faac5b02c02ba9fdc84b841d3f3c125ca71271a3e4892434cc8d669cc0754", 0x55}, {&(0x7f0000000480)="c2dc5aa4f11e6d45952c432ec5a660e1680e5b39d12c19964734691f69538058b550436645909a8f3dabd6f0a9c3f99045907c9407f0f20157d98c26453acf1703f19765f67d4e7293bb7259ce480a1643efa873cfdf416515b64999fd8539fd01f842ed2439537906e4dd5dbe9cd4a78b3a4c67f124fdf7e97bc9821a3d20dbed975046307d908a1816b98a", 0x8c}, {&(0x7f0000000840)="4470b3019df3f1754fc96c93aac381c86af1c0197177e42007d81e14cd05ae24cb9a97bf4f6b115f6e94218cee8712a6c2de95cfb116c39974d0e2e66ca5859d131f9a35118477db4f112a24f64633a7b76313ce6c34a5bc5495acbb925ee553a317a48ca1c2046ac67f1822c42beee02789682619e6e1a9a1bf101d9558e3289034f4fc869be715312378a901e98e9668cde8599857a3cb9cd1c9ad8c181bf3d8fb1e5559cf6375a1aac6df085995d83eaab692d13bbdf43d7590512f3a2bc5972e346040e1a411aeadad5d62677910b51cb77019d0c79f3987c85453e867267522eaddc25c07541a597fd625a9992420340c2faea8b4d8e83cd3105c845e281f141d97b9e45d54365fcb19017b7ce26749d4f3d1e499f418499d876ecd0d288189c689f065f40bc078a41072327b856089049ee97bc1633c0e695e9eb1ee6b1fc82a961a77eb6271c28ca5e701da434f0a8a3aee5d13947839cf91ffe26a48851cf23d6de923c986472e314bbff89e5fd862c85539fd5acb294d07396826f69fdea9bab376e8a95b45e225bb7e70b86d7f69b0b468a0745261e40acf29fc64bc9913c9f39f09a496507c0052de48c5b98828210ff9ace72ee27dbaa02d2307ff58e9ff24158886caa64198a5c69eb7887388d9515f4ee9a6dbf0db2209c75a78c477f14145ea5de76df0e7bea768c0dcc565502353f69792c5306f7fe8a32a69b0b1a1379e9bb52fc1c8f9559653762c10ab828e3733d0e8f1d124e74985932656f147c2b125ff09ce933684f4060a2a7accb3ae29b86e11a55601cf0f0722119ad66b8f0e79b94cb8d8eb78dcd1ca58b71970c79707757b877b173fbc521eb3020c272de0d3635de5cd7a5581abd43a463563b452092aa1a55cfc37fae4c338f797b13367996beeecb53b8e4c0ee8d535ae5ad0760f5d793e2b4ecb401b84d707b47a342b44f0857d85da5002d0b4c8d0677ffd995b5e39430b0f5e3732ebdc5d15cae314637267460442e58f0d4b90677f03e505be2a45dac3d6f188ef2eec7c700f7539747f0c1f84f2c4b09f2f27601d1049e510862fb11b7d00d99b41bbfb1abf2086c8974159a538c914c0e1d5204383dcf593d82ac012f733815ceba56071ec633249e27d954f348c61593bb0dec60a1889505e86d223e71fec1a7c2c14588f0fb67ed3c7917b7bab693327571eca851444e762f520c83470d705f0df764ed35525ec3ed447a07c93bc9fb96788f6dd0bc7d4ebadfa6c3c4762aa2d5e00d026c8a95dcaa346b6ce2fb380454d3c95812df5cad67a574a53ec7db72eb1ffccc8d1bcd9802005e41350a5846b8e6242a2d848c0bd2a540f85bdba4b56d1ba0dd4682162e2a5687557cf57d691c33f256a03e16e2e9bb44d3daa0b86ad2a39223279ceae1a6f28007e5461405cad552d247816adc6e0f129541bc1155bc93a2911b05389a7d7acb16d5b499e54c9e31c2ab8cc6ef67abf134665ed1cc03abf1f6798657b5e7e6b58b8bed139e45f2e3ac34bb11cf0be6d70723e54bbd1ff28cf084f03e738cc77bae18e88acf74292657be2064d1199f801fa644e939dd808bf0223aff91624bd191ecbc44d31018bf8dc0a88f5d42fa66c88c6184fc50f59cfb98e31c6deba4031f1304e6cd5a72bb47e4f81186f6ff94886de37d591e023a82590a7ae178e5242c32fbe4710e5ca6f9360d93155089c1d23cfa2c3376e9a897082abab1da2f7ce6407688f869c071ec227714c04880165ac52b31a0e895bf059d29d4d5c1b51f0dc89b9f45be3d894f3a9882c27599b76ccbf70e5186461d06150bc06334366cb7a57ec76dd2c30ba27ab0cb1c3eae2bb10a58d347bb1dfad003f1c3fd53d7e01f8d67338ac28b9c2046c578fc13941424940ad002561cf3daffcbf31290f42603423dd84e3321c3919ed608916e9e8f5bbbb29c967f25d528502ab9e8e6a3e30ca0f253068bd1b8b9cf7b78724d737b54da027aff29272775c0f546b726a7fdbf8e9205300a3d663e842df904db1de2751dd4aca99e900bac334ce54e000ea75f3ef125f2db0aaa8bd697709a3375786b39a35ae2786349dc4b84d17069ca919b0df6e5c2bbf64779437579758180e3416c7b196ee876d2de76c853cef4a3fd0945fd2f9684b1edc1e4f9c73c7b465a4dc5a41e7a55aafa165af83094c2d3daec77143dc747aa704a8aa107a318753ec8835a24247983a0522480eef572c603a8a677b1ff8bad74ab1e1ad4bdb8a8bbcac045c2162e54aec3bd21b72ffe93ac096ab800aae7b8ff4b6c5aa86121a39977bf638394d1e5b2ee96c770761c29b555004597d934b0e870b5271a2184d7e8596b72be66a27dd8324017316068f2fef731fd90c0e20cc35c30e2b4429e0daf1194ca5f2522873deb3eb2a175cc56cc0b6d989420d2c4f7b9dc982dfedd801e5d94283b0373670accc6d638e2d6150755177e766b0b27f11a84dae2147ad0832dfc92f346c858f1d06c6fe3651994a00646434863e193beb7d6984f4abe893c5afcc3564d98cf3436cc6fdb30219f728d49aa251cd70ca43013fe0d912e94b617e6a357b4a0f03178754552e1c2956b8f3f1c429df4eb6fc2c9494127759910c8c3e8289a853ab311c4f2e0a662c7a674666f8b7053b793e95c4ff43cc9b6006800791996f104bf04473ccddca79e6b3ee676c16657dd882d9f51e3bf2437eabfbde39d42f72f90ec7279247df974f775b0af0d70f23eae1f07c91344f48d2782f2120ff6edd5e7c32833f55536c400f14f7d089246f618ccc1375400044ba277bdfa2f1346a7ed47e4867104a2c09ccf4ff72eb6d53c20ca484f5876564169e157926daf82329db20fcb9208bc688011c001c2fd743e97860e5564ce82fc19bddaf2fce703ed4fe204bbd64f4965e86b5c22b62158335b1ade4d0a0eb59a0aac30949c9d7010d8efc4e56e676bb02fb40edc6613baf87984fdeebae472b5d6c7fa588b3b04c7c9e69b2d1845db62a266b5f38ead4c630c980b9c2f5bfccd157c2874d9e12b5dcdfed19cd4c710a4a2777c4e306131615f39a55edfd641d656ee890aab4ae9f83fbcbe7e47667527d091276fd328f07bcabef74726ed16a54fc7bb72b53bd590f25b40bef911e89096924b02bce7afdd11442dc09526f8d03bb054d301da7809e4bf9441ad6039b9a0b2cd45d353c42f18927efea805ec8b19f8420e5dc134ad6e60e179afb1794548abdef8635fbc458ede94c40e20066b8a24ec1f26f584a219c638afcb31154ef777566f13cfabfb971c8a22bab3df67b37c8387262998530021e1072fe023ccff221ab70f97b5713b5dcaa709e937fede2c56f2133e6cbcc8d5e4d153d47922bc1d1b42cc6cceb38f907eea67c6cf07cd9f2a1c31177c80a9d907e6cc50fb6f5a6f164d91b0edcf8de1ecdf3e035bc6bc891ad402d15172d9c48f0840a26bbd55960adba8903659cb09060fa5ccff95e0a489400a5853a39d9fa1e7fd99b4bd29a62746f318e3797a5eab34ebb2c7e908970b54a9adfc5ee16870eb9d4cb5541f1237263969b80027740187f0d1a824695e966a98da83551b9b1ba36ca17ad3f0daa74f7f400fd2cc663a04cea43e90d83abddeef41259408b7029a1944f4176cc991e4a16dfbad7eeb0d9cbfdf8cb7c6b57185725a6799437b930b376d846c270373b24e0b65b91d5871398d76219dae56c4885681ca53334b195cafc641c8009e2e19ff976d0432d73b59afd6d092d097001829c04a0ea5944c5539b13cb77319b1d04d994ad79b881601e581eb061b8b03b2eb11c1c6bf42d75b4699b38b8abb6580e7bdd9db07c7b339fcb35832755fee8606ad67f03066261e45713f91fca69807fd56cb604ba92bc133fa56ca29422af1281e66b1685bfb8ffc0c576a5074e54bb5eb0f5b9896c740c1ef130c42a82cd2612351f7bce5f258ee75f988b590ce698399565e0412e242807346ba9bbc4d6c8b54e1023e1d252316a734d523234d6ac68f1e46e8267797b112152fd7b19c93cf2977d05d132cbafcf9892d6a940b54e94689803bc27a4b0113e8ae646901c18382b8c42a0ed210eaf6cb7a497d4f27d812d75921c80f278cb631cbececbd551f743986ca7b86f68ab525d80a26f613e7d5cbe11b3fb707090928f02406a0d809d5ec5af98c9f45e2194eda282632035a90830d2479e9e1347e8891a7d1bd78bf547aa2a0fca9170e75d6145f9092aaf2d560e780af409de51488fd3116b2d91f79e77539438ff8223f59a1294f9fccb215dde493552b298357c303f37b58f82d175de910179f07f33d9c78925d83c572977d2cf0c2e59815ee0bea2d3ed0d8c1e73ce3eda5fadfdc35307060b2f330756ece6b60d95210d5ee904d7c3e77e718c2ee0fbf591214e4667634420ee7d5fd87299f546e9b2d8ca51df28c00fe942f6c9b952b4765d6ec8bf7e9790bb881119355753a540390c52997a3a4f75c3e690db6e0003462286c70dd9e957ed16ec31b11b861d81846d6077cec8d8bac786e5f6f0f6cbe3afe649d654ff397b8eed36f8ef9b36ab61cbc13a6ed30fcbe988524f3b6484dd699a78646993fd5fbad002c58bd79ec4648eddf08b6ab5fb8bc6b3ce4068bdd047a5f11cbfc16e2e6f0626a4182fd5f55757a0d35753c3d027ade83ec8d376ab071b336d35dcf58fc30b5f6e265a0d3418bcb4b7011c870e38a62ea97ad8316e12b09458ff880c546de2f9d57788d19773eda330f69b29bb42b5edc2036b75c595e1d2d58e0c2517a3dc2181e769676a9d403f772c8dc6ee148f95f7ee68546b78993762dc3835a7a822d85baafb80d99e65a333693a5b66833e5f29593925f772a4809febac6f26212bd87549f1687dc134a8190a5503212a0883aeb7edb9e8315305f24e78088d085bee7ef9ac1d7094c025d3bc9b905693c719c33a908858b9113878de06a701486ab6c8e258e5765535fe9522385ed2b1b1149a3232900e2c0fe03a712eda1639082272e0f3632d41d737801fff2c7caf0d64ec54b0f8c95378eb8e76dab6e305d1b61810107214bf4f04bd87b2f7cc1ab952099936259ea5ff1a16fcfb26b2bd66fd3d2185cc3b4c63f8232b11f43ae5648171290cc0d01997e23d438a9525866412cc0b39be285dca5e0314c6c1b49974520012e9e257e9d11a0701526502463e0668c6fa96adecd779f504b0264233c796a79a855b2ed662b8aa3a746a8f6dda2a46df67ce4705d08d8476af94ed98ad5ab8703f828acb089c0b5d2b438080037a1da4fdd76bc0fba5e51b0e87f2d0ff25a8d0ae237bde5c80a36a4d561967acfc7016e0d0c1650caab3b32e7c6ae7d84524c8e59f08fd1c43d77f7a2674bee26330204fb3147b8d87af0349e9a29d1fff1368abd713138aae8c80587aba6ae50554878a5b5a9515b35a6185a59f6c5820f27c95eddbaf37b36d508512b19d1d7edde037fb892c83f0a681b1f6b17970343ea5de5514e03e80b7e59a4064400c0899a0fe011727ba6a3a90065bbcd36ea2db9f82e5c544913793df095584bff8e3795a201dfb149e881b2489609ea974e78140f868a95e802f797e110593252d9c0e306b1cce1b7992ae466330ad445b9c2eb1552c6328d8a51c909cc638caba2e4122d8aa20ca0a7fc898241a581016fa6985f8694f04f85d811d50b53015a85bcfa35087c2e08290e9dec6b3d957c7d656a93cd74365e5ab965f22559d96c04e8f153162603ca6364d2c829b507c41911b1dd937e568807fd5270bd7f2fd8c9df9c0861b6bd4395d6b2711af0e8283a840", 0x1000}, {&(0x7f0000000540)="156bcd8d92610986ed0a2220024a610b4211adcdd5a6ae57c463b1b7b010714527990dbe61d45bc830ba9be31432090c96ec17bf9fb71117ef71a5f85c4999c855901349e11447e9618d8987b3eb1196a414484ebf46d6d6703e12017caf7fbec3fb2eb584174a3b1d04a7b109070d34b50d56a45b8a724bebf8a69ec51af03c3665feb7d539db89b7115727a8686f7d8a2d86dbbae251505fac1dba412b052f94f1e412801bfd276097177ec1631ca555267eee62324493e9f8ab4ff654fe7e5e24982dca5e485621b4820db6bd7783dd14f3692245f410ed4bf079becf97bb2d69d8", 0xe3}, {&(0x7f0000001840)="6f031c53f75f3518f445f8e00d669be3affea7f123346ea7e301fac754dcc8b87d2b16bb7ff4be20b6d14821158040c0dd746ec64f46e9e8ea69095f54844c4fcc2316a6c6e2d8ffc486c1b420bcc1aabdfd654fb9af4bc0091c20219aa340f831cc82d477fa80e7a4f35d6a436eab67b9e755b9ae7c0348d9", 0x79}, {&(0x7f00000018c0)="c7b69f445988748dbcefe2b4aa09eb46ebd436360efbb48e39e556e85d2214f38d0e89f5cad68cf7013f3fc41c0864f1d03848dc94985c26b433c62a4d34c11c651abbc438d610589096156248004433790036097b9cd1d47e99bfbaccc503d656f76c7337d7b81694b97f6271cd9ad8b747732e8ff59a7c50b1be0beadbacb5ba0ff9be0b2cdba77a329b9679b88638e9a14ab893c814324e60e42d824449f03d8f83ec99df134f4cf3d8bf2fa5e17d573dbb8e6c5783de92d59efbf8f9372eccabe063167b0a2f14df5c1a4a4aa6af95a2b1cfeb1da05838e1ffb2", 0xdc}], 0x8, 0x0, 0x0, 0x40000}, 0x20000081) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') r5 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x4c0200) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='securityppp1eth1md5sum\x00', r5}, 0x10) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r6, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0xfb2, 0x2800) accept4$llc(r1, &(0x7f0000000240)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000280)=0x10, 0x800) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) r2 = socket$l2tp(0x18, 0x1, 0x1) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) r3 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xffffffff, 0x940) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e21, @rand_addr=0x7}}, 0x8000, 0x0, 0x5, 0x80, 0x2}, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f00000001c0)={r4}, 0x0) connect$l2tp(r2, &(0x7f0000000200)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 15:30:38 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) write$binfmt_elf64(r0, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x101, 0x7, 0x5, 0x8, 0x2, 0x6, 0x400000000, 0x151, 0x40, 0x2c0, 0x33, 0xffffffffffffffc1, 0x38, 0x1, 0xffffffff, 0x4, 0xf4ef}, [{0x3, 0x2, 0x4fbcc852, 0xd0bd, 0x100000000, 0x6, 0x4, 0xffff}, {0x4, 0x5, 0x3f, 0x0, 0xa5, 0x2, 0x8, 0x4}], "c1a3c8b2847142467880e0c223577997ec3fc027c1ea1a869754605cdf27975dfdead1ab71221de1186e1be3d8e4e073811ff75d582edc80377acfc461f1d0e21f0cf95aa5ffa547b9f1b3d3a9e32e070775ae89182f845f250543c8af0a9dbb9bcad91d6c1d4c23027f61526da3d8c11159fd5683caa2e9f539821281039b855fcabd6b6643933401cf6a9cc8ea82b2ed0abfe6ff7e388649434f02669133bb5168d4dc4adebd42983debf1aba3b7de22defd08fd036cabf20d971977e827cb475182debfc4e8899593327d303a77ad574f37b3d868ba69572a6f4b5a963a09a7dee943e95e4084a30717e7c5da0ce414e34cd96e965ab1f27228b4383367cb5f74563e16b1ef275d1528146c955a4dda7b27cd38bcf229c8177b546331bbd57a12f019c2a2a3c710ce256348f29d2aa20041f18ad3f090eebc11c1cb7b05afb0d33b4dfc13e8272360bef0cb484549221e1830f673f05d3460eeb561286c370078a1a57dd3cebe640d0d5a113863817c6a443ff9a92749cbf49a3342aa90e848a51e1997358ede4d4a65bdee1fac03dfb104c45125878302e16281786556c3cf3005e91522e886fb542e05b57b145570d1afd0e568ffa18929e1f1d60e6a39b653198fff57e41372e8ef7edaa664e2d144193ba7e41dfe1a170b6b48c6422de5a0bc96753e2cbc3dfd02d4fe7b2027cf0c2b8424b31f21ec9b4ed6951eeaca249ab8dc67faf8d577bf052cc49e144d02fcbfbe0e208dd65ac58db524f1d806758bd1f0e0da711428c846ff24863b6b3669138ec80c7c0965cacd729b475247c564f6fbd2c1ba6ec3636b907f644f8aa56d80b63a38296205da6c92821a8307edead19ca238b969dd1523120cdbbf5876c19f628f98596513c469ed81a995606c4d16b562178b40b7e7d77218221e12083f02764773b6c5581d0fc7afbf02cb0fd90caac3f66c4074b6b40b65a76c5d397eb91e199a810e8b3e1cdd105336af1f4aef1cee328b0220ea7c4f94aed07b92b4aa9d5aa140da4df5fb7182752bc3ad8eaf807e3a181ecd84b3d356ca792f38a487bc15adc476ff8d00696531367190a3e87563e2f6b85fd88cfa7a4cfc0da921a2b5dfd3a6eae20fd97d15eb695c9f85db7e82f6aa23698c43bdf09c9e2f55ad3faa589b44c93e9713a1965f8fe34a1facfcec099020107cb1924ca72b672a123e64912c72ade0eb18a4c3e72faffefcab96672a5f86782eefd828dd675d8215b809599462828059698643c7b13a6a67da6105335f6a343828b2df1fd43861ad3fa08952a879fcc8a8a2ed1dd2cee5448dff89309ada25160ddb0ff50925ea270a021db454a1a1626b1634d1de6dd5da2436f1e858e61c99982e1673d4b31a6389e8c5157b57f6ba1ebef925971821b1cd41d2e8808e25b2b3e9912e780a74b15300a605bd1b002f052b38ac8e495f3e8e9ddefd34bfca2d92b5e47986a6434074cedd62837fe140c96209e486b361c2b1a10dc4e618d2d28eb32379ce3aa0b9c082639ff4c43a75f88b8433c983d01244b4e8855782c6416c121cb6875fef75a4d1b00c2a7cbb5f5247b137724f02e2eea55f8902ea6de618dc43d83432abbebabab7f500b94c05e413ca01e3dde9530599e4caa98a4ac7598e0c7e33e7a47df6a36e813cc53401abc3f93266999c57a9126244c06cdc685928073ca8783b66fac837b393a0b491a990f592fcf710bbc3ac3bd71d32b6c47477f2f329552f753db3cf4b4d6bab86861ad8acd440013019eb005056323ece2d36e11737a058232715b589add8ab347a63a993fa88e3815b16f7134632d1b43b6ad2a50ac7c7185ca737600cc0fee70ba3081b29a6f0325c63006965a46a5e8f5d11d95f19680b600b434d9e330ecd4310294e3c7bc94f3a3ebd7bbdc148ed484f56fd62012858ce5962acfb560fc6aad14452281702d8ea07b3a7c589544859cd94ae441b71a498cd780574e4fa46632dc8ac34d4b7863d3cb061186a468fc2d4af6830388a29fd5e342993e7215e68efee9c617d07517ae3acfea14d41e694f76b259a91acdabc3a3fd4f1a058f40d1c0f36eba674e7fd62f297390bcea46ad26d5df07f0cc8c41c409d599e8b1f4bb73fa32e94bd09d742e72fb582a4d3386539ace436ee41d1a33da9ca52fbe7701a54b3e61de4e623b1454f63d2efb9108958b3b8e4afed8379ca4bb4e7943dcb6f3cb113e0a2ec4f4e8f9046285997162117ddcf430a7a1b22797cc05c5f891c8883a9f280ca354d32f3c3dcc3e6c1b7d43fa259b12c1c50e0447a97bdf14e1981fbe546c23fb6f5ad56976cc684a27c8f4bcaf96c5877a7c86a3727a7c91eab62b11a62a5de2246a5925f1e47b788fa86a696e7d48d7709a0dba52553df3f1a470779eb014bcedee6e38bab5a298e7085a675fb51f2ac222af0d67b5dac942d452fdd749c749a801cc441bf5f8670d150f5446997652ea1b457f3508610b3b734d3503adad31161a9e7e927a465e5ae5836738ad211b4ac45c424f4e9844f973198a046818e975433e7fe15a7bb540f7757fc2b2283dfae5b65d8f018649949061c54aac8a0739abe50e87e6bac09b4bd6366064255e09f1e99ddfbf1aee0b1eecdec1dd17423651c73cfaeff2a8cc0fda0ba4a4ba4f14b03bca09c87f860256168392a3d32883347f48aad69722cb9eb2705ad0edb9c5d2d0d63586aae8f4585aa7571ea9eb4dba831cfdb9105587bbd3b1033cab13e2d89f330922c15fa9923d4e212b124c7b6c61c98666e40288e71456a7b135a1a274092dfe2ba20d45fb4d8ce8dfe29ddb3d6d1b560d0a50561c2f473f9e5410c68f8213926b9a5e99d99fc2918201ea26a52166f5d9715d387679d0489c504d17095d27ad14903ced49cf497f092238b975944657135d0184702573232f25c4ad19308d99e6e9cc8711fae43a39f098141a1f29ee3bfbccf6bb6640dd4b6916590da5baa86098bf7c0f46091fac44b2c23874e4e5fa0c5e746eb9ab2220b1245c6a3c53d22aae69aa714b086d82f31c8a390531f738c4008ea7d14211eda2bb601fe93a97241a63d9bf59c3ae64ffa2beaedbd538cb201c4b15c627ab97b64bad75424f22b3b1b21e1ff672e91fd00ff71214dcff479eecdcfd8c62e933ecd74a8fa41b45658bc5aa98a568c2dbaca50c77ed8fea6665c9d63ab7fd23ae576d1a61e0ef85c29ee516712dd5619d70887b2fb573f81dd42a0704330e3fea697274345f73bc33dd7301a8fe18805d593e2b754217dd4fbd773547a11f0e9e33e46b68730bfc31dcafd5e76e0cbcfa68ddc6796d4c73824de6d18666317db08cdab3698944325f47274043f079fe7a7c8f30e77c4834febef3950f767eb630c78f872e7ab4238e3ef5c19de8be133b0a26679aea1dbe5ddfef512ff10dba95b0ee02308694338d8268a0e06d2beeabe4dc57452e611141f4a5afbff5ba37c3b309a4983cab9453a92b3b27e48804b2d9fcad64a23d3f156c7db1f82bab17936ef4b022dc2ea57ecda132e3712f06bc6c601bc9c85ee1dc8847545d190039a0856277dd4e1306954f6a2230e21f0bdd99a5179d7edea8a62826a0ea3231120cb153611a62bea6b96d8dbc445264295236d4eee60de5ea9036566a160fa5c9c5fefba2349340338f5cf37282c499fee13c1f21c873d909068232bc052e9d9b110b3f6d488d0fa81de0e7c07158f7c38f9ab37fd4c08f2db3ac7fadca1439164eb783889e1f196cc52bac3d5458f587e87971052b64d1c7808fc365f7011bed38ffb74fa81873f4981a56f14c142b47ab3dd508216a74d02f4a892417213a6757b23dda0d0fc6d1b9f170b4f5c905668c868532298d22a590b22d89e4d306a8c5e73666d9c88457dd8f16ef0cf0992e0abfe93dc554d367698f5c490425930ca967cc8ff4f45f830c306206be20b7653953341153a286de36b18a7fe8688da6c219472a59dca1925a583646975d2b50f20ca86575f7520645a64a7b48a73ba81629716482f1435b6665d0ff0f8ec271766afb639fb48da6a959332e2a8ff848464e467102b809ab97fb98b3e9da903b0ba9766f12cc751d8c47e7ebf37f98e22d021ee7df588cb2fb26ae289bd2a4866f7ce2f8caa5fc691a4c60e3ee735783cbccd4e988276103a42065aad3f3ce065606b620bce49bf6428efbed578d91ebc475e13e91759cc417569acd14911fb4d3e6f325464544c590ad96703b747f462e1c0db3bcdda0a0d48673bb72a2e641a2fc5ec140f786d237cce036e01abb2edef8c229c4599850e9d2204cb630143ef185cf11ae66059177b1e0120c68687b283307dc4dff46ea8751fcb264706d3080beb6bbcc971bc6fed81a2e623264cebff6ccdb41a49cc0d3e6d92dfc67ade80486454b2ce1e31fe3bdba3e080fb87306e8e2d8b1a2cb22f6037b6410399bc5d1fb55d3ffe150afc3ce9c72f62aec9cec5f0a90c1d1733e8b09f43c3e6798eb1901e0f4e5b5332cf94180c42841ac7a855b2f178c1ad97bb61dbef3b8886238bfeafead6d61206795e6ec6ad9718edf1185640eadbc9ca9e73a4f6d365f51117687f5c60f1093507096f454d14da75e7c577f81346fb209f13ceafac9210c67bf9f1129188ea5212097fc6abc9e802f315a4bf6e9b4fc1eec8ebe3c5b0b52565cb3f0e3944929c79b72f6377df0977bf13f5fcc116537cf92e866d5eb01cee4f1bd7521596094d79ca4ebd1956b193327b715907440fee94605b7272efb507f7ea9248230150c0640203fed538f74575fc1064a3f8c64ef4045c4786ebf64e1c63afa368b3880f1e4707353cc9de05ddf1915bfb0a183bb080a0533d0117bdea984c4808813d7b8e4c5754cd37a0fbf149a7663f63900a982da309042fab312d580cebedc19b182c4f94bd973a0c0b886f66bf155670cc8532eaac63569ac9a7897e486db22ca18e1df2632eccf318e13856fc51e8bd38e772ebf803775c406db5f504a2720d8dc465220d97e10a4d8349488a950799249518642c05e7aa4e625f77af8eb75bb4e9de86c15b9ece726dc3de28259311d411e36300ac89da57b52e454a611563ac86d2968925a6a57ed010f6121ff0a01796e10606e847bbccc2f76885687fb1326a6264c9731da1a3f6840d2f8dbc865f5d8707ce62d77ce65dd2ed2a4a0451dec912067c0e0c73a9d24de174835c2230853d132d7c439de610c95c4d256cc6882832238677644e02bc56660062514e4ab9fbdf371a48162043559d59355d948e4574d1848900b6dba0bc8597061973ca786305d5c130f66a2b3dcda5be2b616c086ffa190e1220688f98328b6584e514522e60b549a85aa4a9ff48a557a51a8dcd007e2e7c1d3e05961fa66dc5500ac9efa0555d951d05964b32331e60a70e128303df11c31ed59b66b9a0628b5881f9278dd45a2651b0e6daec203e1a2ec818dd8028b01487ffc11c2c2759915c3602c05582421c356c2178c123879b0942b32115a7b2cfd14aafe266b6d621b841a0fb56462a7a2843066f36924673205800168ceb7ead6b4e3cf953ceaf419e804b0d5080642d2afbc3c4a99ff70a8da99bfbd4fa2c842ed6cf6282236492345b5be884a495762d6b45ed4f9e8902b211b34dbdfab470118d8b1c54b94051fcac8893a1bb5770804ed33f4f60ed4b8e2992128099419fa036d45bbc99c8b0d66611eda9c2381b26d00a01dbe03a0ca2007360aa822eece9a34bee50668708e8afb3ba7109835d284f6c5da30b932f60683718835eec98a2298d06b1f24974d07394446daf43675ee77d24e5"}, 0x10b0) r1 = openat(0xffffffffffffffff, &(0x7f0000001140)='./file0\x00', 0x1, 0x16) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0xffffffffffff8c2f) pread64(r0, &(0x7f0000001180)=""/143, 0x8f, 0x0) [ 1034.662113][T12723] FAULT_INJECTION: forcing a failure. [ 1034.662113][T12723] name failslab, interval 1, probability 0, space 0, times 0 [ 1034.689069][T12723] CPU: 1 PID: 12723 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1034.695701][T12726] binder: 12721:12726 got transaction with invalid data ptr [ 1034.697056][T12723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.697063][T12723] Call Trace: [ 1034.697090][T12723] dump_stack+0x172/0x1f0 [ 1034.697115][T12723] should_fail.cold+0xa/0x15 [ 1034.726626][T12723] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1034.732451][T12723] ? ___might_sleep+0x163/0x280 [ 1034.737315][T12723] __should_failslab+0x121/0x190 [ 1034.742264][T12723] should_failslab+0x9/0x14 [ 1034.745260][T12726] binder: 12721:12726 transaction failed 29201/-14, size 8192-0 line 3179 [ 1034.746798][T12723] __kmalloc_track_caller+0x2d8/0x740 [ 1034.746824][T12723] ? vfs_parse_fs_string+0xe8/0x170 [ 1034.746846][T12723] kmemdup_nul+0x31/0xa0 [ 1034.746864][T12723] vfs_parse_fs_string+0xe8/0x170 [ 1034.746887][T12723] ? vfs_parse_fs_param+0x510/0x510 [ 1034.780362][T12723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.786611][T12723] ? alloc_fs_context+0x3bb/0x640 [ 1034.791655][T12723] do_mount+0x6e9/0x2c40 [ 1034.795912][T12723] ? copy_mount_string+0x40/0x40 [ 1034.800886][T12723] ? copy_mount_options+0x1fb/0x3a0 [ 1034.806086][T12723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.812333][T12723] ? copy_mount_options+0x280/0x3a0 [ 1034.817556][T12723] ksys_mount+0xdb/0x150 [ 1034.821816][T12723] __x64_sys_mount+0xbe/0x150 [ 1034.826517][T12723] do_syscall_64+0x103/0x610 [ 1034.831124][T12723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1034.837018][T12723] RIP: 0033:0x45ac7a [ 1034.840928][T12723] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1034.860537][T12723] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1034.864672][T12731] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.868953][T12723] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1034.868963][T12723] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1034.868972][T12723] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1034.868981][T12723] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 15:30:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x5]}) [ 1034.868990][T12723] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1034.928785][T12720] device nr0 entered promiscuous mode [ 1034.948702][T12731] binder: 12721:12731 ioctl 40046207 0 returned -16 15:30:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x6]}) 15:30:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:38 executing program 3 (fault-call:0 fault-nth:41): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:38 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x3, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f00000000c0)={0x8, 0x4, 0xb2e, 0xfffffffffffffffe, 0x1, 0x7ff, 0x6, 0x37, 0xe00}) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1035.117576][T12839] binder: 12838:12839 got transaction with invalid data ptr [ 1035.132809][ C0] net_ratelimit: 23 callbacks suppressed [ 1035.132849][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1035.136526][T12839] binder: 12838:12839 transaction failed 29201/-14, size 8192-0 line 3179 [ 1035.139015][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1035.165529][T12841] binder: BINDER_SET_CONTEXT_MGR already set [ 1035.194697][T12841] binder: 12838:12841 ioctl 40046207 0 returned -16 15:30:38 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = socket(0xd, 0xa, 0x1) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f00000005c0)=0x963d, 0x4) r3 = syz_open_dev$sndpcmc(&(0x7f00000009c0)='/dev/snd/pcmC#D#c\x00', 0x40, 0x208080) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r0) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f00000004c0)='/dev/usbmon#\x00', 0x1d22, 0x400000) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vga_arbiter\x00', 0x4000, 0x0) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000580)='/dev/btrfs-control\x00', 0x80, 0x0) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000880)='/dev/sequencer\x00', 0x4002, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, &(0x7f0000000340)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@initdev}}, &(0x7f0000000500)=0xffffffd7) r9 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x2000, 0x0) ioctl$NBD_SET_SIZE(r9, 0xab02, 0xfffffffffffffc01) r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r9, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, r10, 0xf14, 0x70bd26, 0x25dfdbfe, {{}, 0x0, 0x4108, 0x0, {0x1c, 0x18, {0x678a, @bearer=@l2={'ib', 0x3a, 'veth0_to_team\x00'}}}}, ["", "", ""]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x4001) r11 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$get_persistent(0x16, r8, r11) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$VIDIOC_QUERYSTD(r6, 0x8008563f, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') modify_ldt$read_default(0x2, &(0x7f00000008c0)=""/135, 0x87) io_setup(0x2, &(0x7f0000000240)=0x0) ioctl$VIDIOC_G_FREQUENCY(r9, 0xc02c5638, &(0x7f0000000480)={0xb7aa}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000840)={r5, 0x28, &(0x7f0000000600)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000980)={r13, 0x7, 0x10}, 0xc) io_submit(r12, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7]}) 15:30:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070") perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) [ 1035.338122][T12879] FAULT_INJECTION: forcing a failure. [ 1035.338122][T12879] name failslab, interval 1, probability 0, space 0, times 0 15:30:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:38 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x40000000000001, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x1}, 0x60) [ 1035.476161][T12967] QAT: Invalid ioctl 15:30:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x8]}) [ 1035.527834][T12952] device nr0 entered promiscuous mode [ 1035.535459][T12970] binder: 12966:12970 got transaction with invalid data ptr [ 1035.566032][T12970] binder: 12966:12970 transaction failed 29201/-14, size 8192-0 line 3179 [ 1035.576628][T12967] QAT: Invalid ioctl [ 1035.594376][T12879] CPU: 1 PID: 12879 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1035.602386][T12879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1035.612464][T12879] Call Trace: [ 1035.615773][T12879] dump_stack+0x172/0x1f0 [ 1035.615838][T12978] binder: BINDER_SET_CONTEXT_MGR already set [ 1035.620118][T12879] should_fail.cold+0xa/0x15 [ 1035.620141][T12879] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1035.620166][T12879] ? ___might_sleep+0x163/0x280 [ 1035.620190][T12879] __should_failslab+0x121/0x190 [ 1035.636286][T12978] binder: 12966:12978 ioctl 40046207 0 returned -16 [ 1035.636564][T12879] should_failslab+0x9/0x14 [ 1035.646130][T12970] binder_alloc: 12966: binder_alloc_buf, no vma [ 1035.646326][T12879] kmem_cache_alloc+0x2b2/0x6f0 [ 1035.668438][T12879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.674695][T12879] ? should_fail+0x1de/0x852 [ 1035.679285][T12879] getname_kernel+0x53/0x370 [ 1035.683869][T12879] kern_path+0x20/0x40 [ 1035.687936][T12879] lookup_bdev.part.0+0x7b/0x1b0 [ 1035.692868][T12879] ? blkdev_open+0x290/0x290 [ 1035.697451][T12879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.703679][T12879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.709924][T12879] ? vfs_parse_fs_string+0x111/0x170 [ 1035.715222][T12879] blkdev_get_by_path+0x81/0x130 [ 1035.720153][T12879] mount_bdev+0x5d/0x3c0 [ 1035.724466][T12879] ? msdos_mount+0x40/0x40 [ 1035.728890][T12879] ? vfs_parse_fs_string+0x116/0x170 [ 1035.734175][T12879] msdos_mount+0x35/0x40 [ 1035.738409][T12879] ? setup+0xe0/0xe0 [ 1035.742298][T12879] legacy_get_tree+0xf2/0x200 [ 1035.746974][T12879] vfs_get_tree+0x123/0x450 [ 1035.751472][T12879] do_mount+0x1436/0x2c40 [ 1035.755806][T12879] ? copy_mount_string+0x40/0x40 [ 1035.760741][T12879] ? _copy_from_user+0xdd/0x150 [ 1035.765590][T12879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.771825][T12879] ? copy_mount_options+0x280/0x3a0 [ 1035.777017][T12879] ksys_mount+0xdb/0x150 [ 1035.781263][T12879] __x64_sys_mount+0xbe/0x150 [ 1035.785941][T12879] do_syscall_64+0x103/0x610 [ 1035.790540][T12879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1035.796428][T12879] RIP: 0033:0x45ac7a [ 1035.800323][T12879] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1035.819921][T12879] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 15:30:39 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) getgid() bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x46400, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000140)={0x79, 0x0, [0x3, 0xfffffffffffffffe, 0x5, 0x6]}) 15:30:39 executing program 2: r0 = gettid() ioprio_set$pid(0x1, r0, 0x0) r1 = accept$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @local}, &(0x7f00000001c0)=0x1c) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}}}, &(0x7f0000000340)=0xe8) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@local, @rand_addr="781c12de8b7f0d6425e1a6cd829da5bb", @ipv4={[], [], @loopback}, 0x6, 0xf442, 0x5c0, 0x400, 0x1ff, 0x50010, r2}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8003060}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r4, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x8040) [ 1035.828325][T12879] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1035.836290][T12879] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1035.844254][T12879] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1035.852217][T12879] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1035.860177][T12879] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa]}) [ 1035.897620][T12970] binder: 12966:12970 transaction failed 29189/-3, size 8192-0 line 3147 15:30:39 executing program 2: r0 = syz_init_net_socket$ax25(0x3, 0x800000002, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x3, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0x1ff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x894c) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000300}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000201eb63de05f075899840b6a0775c8b57c9b730304a5116280ca4b8567180de24524fcad78c6dde1e91de188090a000ee45692c87d37d0155ca71a71c6f877a50b16ae190651bebfcc2e79b859b87e0adc2e8427aab733b50ed46c9c6c2dd1e06634b4ad53f695b720b17803fc9736154ca06b3a12fa193e8acb679eff06961f831873a10ce05cae8ba9b3e0016d9d946ff8b88440e2b07d9a10f6d41e1fd3ee1f5bd9e302a543f10cce87c1c401566ca78c8150e3f72ae54dee70c110699788c017d5c4bbaad43bad2209", @ANYRES16=r3, @ANYBLOB="df212dbd7000fbdbdf251100000008000400020000000800040008000000"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000200)={0xffffffffffffffff}, 0x106, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r4, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f00000001c0), r6, r5}}, 0x18) 15:30:39 executing program 3 (fault-call:0 fault-nth:42): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000120000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1036.090342][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1036.090374][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1036.096166][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1036.101913][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1036.107653][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1036.113347][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1036.119045][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1036.130585][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1036.203093][T13202] FAULT_INJECTION: forcing a failure. [ 1036.203093][T13202] name failslab, interval 1, probability 0, space 0, times 0 [ 1036.205768][T13201] binder: 13198:13201 got transaction with invalid data ptr [ 1036.216583][T13202] CPU: 0 PID: 13202 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1036.231696][T13202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.241770][T13202] Call Trace: [ 1036.245074][T13202] dump_stack+0x172/0x1f0 [ 1036.249416][T13202] should_fail.cold+0xa/0x15 [ 1036.254017][T13202] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1036.259836][T13202] ? ___might_sleep+0x163/0x280 [ 1036.264705][T13202] __should_failslab+0x121/0x190 [ 1036.269651][T13202] should_failslab+0x9/0x14 [ 1036.274153][T13202] kmem_cache_alloc_trace+0x2d1/0x760 [ 1036.279517][T13202] ? kasan_check_write+0x14/0x20 [ 1036.284487][T13202] ? lock_downgrade+0x880/0x880 [ 1036.289342][T13202] alloc_super+0x55/0x890 [ 1036.293664][T13202] ? kasan_check_read+0x11/0x20 [ 1036.298508][T13202] ? test_single_super+0x10/0x10 [ 1036.303443][T13202] sget_userns+0xf1/0x560 [ 1036.307783][T13202] ? kill_litter_super+0x60/0x60 [ 1036.312716][T13202] ? test_single_super+0x10/0x10 [ 1036.317644][T13202] ? kill_litter_super+0x60/0x60 [ 1036.322592][T13202] sget+0x10c/0x150 [ 1036.331258][T13202] mount_bdev+0xff/0x3c0 [ 1036.335498][T13202] ? msdos_mount+0x40/0x40 [ 1036.339919][T13202] msdos_mount+0x35/0x40 [ 1036.344155][T13202] ? setup+0xe0/0xe0 [ 1036.348046][T13202] legacy_get_tree+0xf2/0x200 [ 1036.352725][T13202] vfs_get_tree+0x123/0x450 [ 1036.357236][T13202] do_mount+0x1436/0x2c40 [ 1036.361563][T13202] ? copy_mount_string+0x40/0x40 [ 1036.366495][T13202] ? _copy_from_user+0xdd/0x150 [ 1036.371351][T13202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.377607][T13202] ? copy_mount_options+0x280/0x3a0 [ 1036.382804][T13202] ksys_mount+0xdb/0x150 [ 1036.387069][T13202] __x64_sys_mount+0xbe/0x150 [ 1036.391746][T13202] do_syscall_64+0x103/0x610 [ 1036.396332][T13202] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1036.402217][T13202] RIP: 0033:0x45ac7a [ 1036.406103][T13202] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1036.425702][T13202] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1036.434105][T13202] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1036.442072][T13202] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1036.450044][T13202] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1036.458008][T13202] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1036.465981][T13202] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:40 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') r3 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) getsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000000c0), &(0x7f0000000100)=0xb) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x48]}) 15:30:40 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x1, 0x2, 0x3, 0x8, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) 15:30:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") unshare(0x408000400) r1 = socket(0x1d, 0xe, 0x5) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000040), 0x4) setsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000180)="86acff45fc27917eb9378d0f3be5f587b42eccbff6ec5fc3850ff1677ff2cd084779b61669ab8a90c4d77571f45df53bb58a4a9f0f52272a2beb487620fae4584e0543baf886b448ff9ef3ab0d47b0d238e387f9c5e259ad139f1b3bfc884a46aadb995282cb8869f04ac01bb228b3d96025e1e4202b43de6444af67f0667e681463545990920bc434cb6c0fb5970bf437591404c8829ebc19a3eda36d0acf873678941fe14927e704c0b7d0f1", 0xad) ioctl$SIOCX25GSUBSCRIP(r1, 0x89e0, &(0x7f0000000080)={'rose0\x00'}) 15:30:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1036.511074][T13206] binder: BINDER_SET_CONTEXT_MGR already set [ 1036.518662][T13206] binder: 13198:13206 ioctl 40046207 0 returned -16 15:30:40 executing program 3 (fault-call:0 fault-nth:43): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:40 executing program 2: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={r0, 0x3, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa}, 0x20) fallocate(r0, 0x0, 0x0, 0x1000f4) eventfd2(0xd6, 0x800) r2 = open(&(0x7f0000000180)='./bus\x00', 0x4002, 0x0) sendfile(r1, r2, 0x0, 0x8000ffffffff) ioctl$sock_netdev_private(r0, 0x89fd, &(0x7f00000001c0)="b3d1158183166eb68e02d2a2fe8eb34f524d746bf37de9c0fef25d4548bc9a979467d56901f1bba395757387d2c689b402caffbc188eae91c3f9afcf873e3d9d5352dd7ad7c4be944baef3a9baf2a823188b7ca1ffc915febb60039c626105f0b26ada762a8b929c0503a211ded5bd574ff00b") ioctl$void(r1, 0x5450) 15:30:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4c]}) 15:30:40 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x1, 0x400) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "ce939ada2d0823594b1824ebba8d707a5df28fa59bd73f8d670ac32c7e6498ce44ca70a4ddbfe8f748f6b128dda5dae2989444073278f6da9424bb945c40ad", 0x2b}, 0x60) [ 1036.658238][T13221] binder: 13219:13221 got transaction with invalid data ptr [ 1036.714878][T13229] binder: BINDER_SET_CONTEXT_MGR already set [ 1036.725378][T13226] FAULT_INJECTION: forcing a failure. [ 1036.725378][T13226] name failslab, interval 1, probability 0, space 0, times 0 [ 1036.743104][T13229] binder: 13219:13229 ioctl 40046207 0 returned -16 [ 1036.766386][T13221] binder_alloc: 13219: binder_alloc_buf, no vma [ 1036.798192][T13226] CPU: 0 PID: 13226 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1036.806200][T13226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.814564][ T26] audit: type=1800 audit(1553614240.290:83): pid=13235 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17371 res=0 [ 1036.816272][T13226] Call Trace: [ 1036.839778][T13226] dump_stack+0x172/0x1f0 [ 1036.844122][T13226] should_fail.cold+0xa/0x15 [ 1036.848723][T13226] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1036.854550][T13226] ? ___might_sleep+0x163/0x280 [ 1036.859408][T13226] __should_failslab+0x121/0x190 [ 1036.864352][T13226] should_failslab+0x9/0x14 [ 1036.868862][T13226] kmem_cache_alloc_trace+0x2d1/0x760 [ 1036.874247][T13226] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 1036.880059][T13226] ? rcu_read_lock_sched_held+0x110/0x130 [ 1036.885592][ T26] audit: type=1800 audit(1553614240.340:84): pid=13237 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17371 res=0 [ 1036.885788][T13226] ? kmem_cache_alloc_trace+0x354/0x760 [ 1036.911465][T13226] legacy_init_fs_context+0x48/0xe0 [ 1036.916672][T13226] ? generic_parse_monolithic+0x200/0x200 [ 1036.922394][T13226] alloc_fs_context+0x365/0x640 [ 1036.927275][T13226] fs_context_for_mount+0x25/0x30 [ 1036.932315][T13226] do_mount+0x13d7/0x2c40 [ 1036.936642][T13226] ? copy_mount_string+0x40/0x40 [ 1036.941608][T13226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.947838][T13226] ? copy_mount_options+0x280/0x3a0 [ 1036.953035][T13226] ksys_mount+0xdb/0x150 [ 1036.957273][T13226] __x64_sys_mount+0xbe/0x150 [ 1036.961950][T13226] do_syscall_64+0x103/0x610 [ 1036.966548][T13226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1036.972440][T13226] RIP: 0033:0x45ac7a [ 1036.976327][T13226] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1036.995922][T13226] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1037.004341][T13226] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a 15:30:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:40 executing program 2: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_MANUFACTURER_CMD(r0, 0xc0044306, &(0x7f0000000040)={0x0, 0x0}) [ 1037.012305][T13226] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1037.020267][T13226] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1037.028234][T13226] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1037.036195][T13226] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 15:30:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x68]}) [ 1037.105602][T13243] binder: 13241:13243 got transaction with invalid data ptr [ 1037.136833][T13261] binder: BINDER_SET_CONTEXT_MGR already set [ 1037.155664][T13261] binder: 13241:13261 ioctl 40046207 0 returned -16 [ 1037.186085][T13243] binder_alloc: 13241: binder_alloc_buf, no vma [ 1037.194531][ T12] binder_release_work: 9 callbacks suppressed [ 1037.194539][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1037.211814][T13231] device nr0 entered promiscuous mode [ 1037.219347][ T7784] binder: undelivered TRANSACTION_ERROR: 29189 15:30:40 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x40106614, &(0x7f00000000c0)) signalfd4(r0, &(0x7f0000000080), 0x8, 0x80800) 15:30:40 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="2e0000002200812de45ae087185082cf0124b0eba06ec4000241000000000013000000000000000051894dd65b2f", 0x2e}], 0x1}, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x3, 0x202400) ioctl$DRM_IOCTL_FREE_BUFS(r1, 0x4010641a, &(0x7f00000000c0)={0x5, &(0x7f0000000080)=[0x100000000, 0xc8d, 0x0, 0x45721a3, 0x78]}) 15:30:40 executing program 3 (fault-call:0 fault-nth:44): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00L\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:40 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x73) sendmmsg(r0, &(0x7f00000059c0)=[{{&(0x7f00000000c0)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e22, 0x2}}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000140)="869fd6353d61335ff8c053636811659c0787dae72a25c677a2e42592c852f6917d09936d2df6c1a5bc254eccac62f9eedf29c7f520a5ba8d531e99d2d40297b0af56840d7f5dfaaad89a60b7c37f13e8537dd4328b1e8aeefe64b3ed396b69bdd059961f8dada95603585c0c4fa6865db3514e52289b63385213e773c0f1615c64cc77f80fefbeba0b1d5d665ee4d9b0d28af7022b4b97d24e23d46bfd3716c22fa6b04f64e534a64112dba7e98df7151a7741076da188bddbc18cdf9431db5c7e64eecd0d8ca1c0091d9e2c7ca8857f", 0xd0}, {&(0x7f0000000240)="3386bd5eadc7723ff4d3b3d14e01e15b568f956001", 0x15}, {&(0x7f0000000280)="6979115b2c3667060d489003c7813ea7f0ec30b95e119e7406c1a4b4ad48493cf20665026d1af35f8604630f49e435469a01201b24d07ee6", 0x38}, {&(0x7f00000002c0)="5500130b0db2f4302e391dd8f74ddd6dd75e1cbf2f356d380b95d37ca0bb1dac9b4d11672389fbb73da95e528165a89db61ac767a6b58297d7c4", 0x3a}, {&(0x7f0000000300)="5036caa54943862b29038fdcd04fca25e25e047ce50184176e9eb77cc775f5b7830232915983b88a47ffdd7157773b345093cd2fb6f135db2b87fdc3861070d0a9ddd6e29d9ebe385ad2adf3b85f3f1c4408b8c17399bb425144d41a71fcbc1513f17acb2adce20b6b1026c90ae87a0cfb2aae72989b8011c1b974ebdb482ad9db88ab71086286611cf35055fb9326c6be72930d29424fdc7802d6514e79d4f12e086d643c905c67992e19ea7902d78d5ccddca3ffa2a8f12abcc6", 0xbb}, {&(0x7f00000003c0)="0efd1a09ceb6418e3f412f63c43db818604f2e7b15e0fb671bbb248ff4210d2ebbe732c54762290d214e5670c704072e64a3ab5201900060e34d67c98488c3493488bfc6dcfcaeda1aca0ec6e833de4c3711e676fc42472e6919f47cf9205ad9e33753d91fa9380a4f50c4d097a55cf13cebd729bdc0e5771c8a5e49978e21adfb49b3ad8e77085051ec9eab9be51704e4a35bc867c5e10151ab71c63b6ac311f55fa9f1b20fc4ccf5c792f7cb32cec34b0e3eae54b31d3dc455cb5d71832ed760721ceae8687db6f9e670a59324bd66402c04271f7ebf2c36f25f530a12", 0xde}, {&(0x7f00000004c0)="762ba3a7394e3b1ef6c505faeb6cc6bbdc5fd0912b3ffd1c3bfbca0a7568def1a59be86f9dad1c41d46dd341457e4bf44184d7687c7db4cd3314e335123e9a73b6dfc3", 0x43}], 0x7, &(0x7f00000005c0)=[{0x1010, 0x19f, 0x8, "c80fe367b5113a872a2616a5a26a645006afd94a9dd654cccbf1a3b7a8bb8d22d526e1e320b5cc2ee10c035c32a03c20ccfc55533c1c0d25aa323e33d13014c0b07dc6f73984befcdc2d79d991f80884c40ad14c9ba686168640ec742e61f15163a83e6ff7066f3582604240bf35da266eb109682d7bae01a20cba8e37d8bdad6d971048e36366497393a7c37ace107040ae36d5c70c55a9cfc8fb6a0bb006e9199f59b291256e6d691a352e37e909db0abc1c7d6490c50c47c271c5be887ee3641bd2097e6f3b9a206be828dccfced99cbb082109884b2294155ee3ebeccf495b07392e2e038ee1be1d8ea824d0c92f4870de0415e927653931a56461312973d10659889617870b87399a2d6663d19d2604a03fcf4e3f5471a428ee33fe3841f30552813cc8921a4a9dd0b2b4c2c55bd917b421255019906c9a2464ac601c5201c864710e60ab0247b761f91a03f55c22da8be74690f58601e35bdd7c3d4a0a15c56bb49a026f0a9f4a8921fcee28ce4e1282593a05cc576861ac7a51a5acd668b5df728221f7a822fde69dc68ab2dc57a6a16099a834feeed084e4ae52f7ce30262653602655ec38f075f7b3bf5e946022f0aa9f2fd00a53801e1ad292b271a0ebbe6e28d65601760bd46724677930f329e7c7d0116607cdee2e33361a7e238cbaf9cd77d5e6bda5c2ecbe5607d6b8b1d9be33159ea922067b83ced529f7e9ad089c14f6753d3277bed3e9db8cd4d1ac1f42777e5c1d81f6f3ff550ac63463c86602bd7bca184ac9da831993cee7a7dfa1229356a99cd460c8e8c4f339992dd757cb81553a344ea3ab34971b8b24f9683a8104f6429596229f2d96c249c6bd6c054140f880171fac1789fe47e08d51b9ee10098aeece3bfc430131dc8910fdf42ff6a30e0734ae636cbede1b8ec678d3be091c8f8f47a2db6030b7cedb4a635a1e9edbe558a4102b68a916dcb7d6bcd90173c1f9e63ddc2c2465a458a510c23d9e91e7b10e65536a96c1dd50acb92023a953ecead7d7f90d31990b40e215e7c80372cb2b375ada9a75b2a902478bbfd1c290c0d9cc7fb685a12cf86e5df0f0580a8b4f58830c123c3baabbb8de0401a5ca8501a4bb8184f4e9839171597039ec7f29c0e7baf73deddf1bdb25d89fd01fd0880b46c7ecac5f27be6e06631742af19cf5197e58a5af2ee710d94bd69e29db55be16b7d9f6d80491095c944fef5ffc2c3181b7d4e1dcfbdcd94fa94e7edc20c45108e38d488c3d506bdfd802281560b704cd21d0819d8ccf5b6f4a1e5ea15a8511bf42798a14988d16a3f38e1c740372f177c3b918e5a3c5a4abac3376d3de505e46cdadea6f48745255326c1eb8145b60ec369f1dc26b646619280735ed4bff7cbed7e66ceb417101383fc8222d6021cd50ee17ffaf6f3ce5f95f2bf6d8d69640c735f3549aa1e5961fbfa15bce5f715f0e72eb8b7a7fb98dfb8cdf2501249b52b7f298e60935a567c4e6b50a5ed6438aed8fbbcf88fc851a8f9eb8a6363d447fad14dc1c42c1b1251f5a3fc2c8a189dffe12c84926f4be51475dd1bc91b6d4ce4f0400791d676bd47368ca617ea3aca5256a8af172c5332eb229e15ab144139427439ff4410cf13d75a2ef7af53c5cac1dba7829e6346ef9a8be4280122799fc6f56ef169e2c191e8ef8ecfbd41e02aa65628763b4c7d1fecf663314902c23b265a12d1b42e87d21c948081a4737f25fe6583fa8bbe7e858d06e0777bda914e40fc92a5ee1f27e822eba37e678eca6206d3212dca3b73f52ba2497456e0df1fab6555845b5a26aa9c3ae055198b2c454964187060b153343618d2b6eebe59b80fd7240ae5dc0c9ff185c88f2fefa431673ae57cf8f65438a628078b734f40512286b0f4ca2928d4918a0fd25267d59f72312c285b39dec514988162ceef1ad976cc60e209349b44547265cd74d3a7bda567fd5244cc803176253b8d4ce1703c6f0dd72da400b0e5a44592d7022b3d0220fc6b77ec242caa38b0faff1680dcd01088c854e1c521b5f6fda327d71af1cb36ac80c9e45854ce25a558706d739cc19623f595f6845c13e930f558310cc5da57a3a82fa172fb1bcdb17b6e44b1b890b4363a0bbe61c43b820d2861ce864ade215e05ab7dbb15dedcc4d08d9310dfe6562d6bc276520cde35638310b58e10f79be7f7e3de97b4716560724d93ff9110b12442be65e7f679885ddabe383374677c79c801319c226d3272f82763efe6701ee5a0b3310f0668bba2ab2962766b165f0406aaebbdf8876a844a7d60bccbe213d26675d27a933fc00fae3d48c5050bc0a585178a05cc7bfc2165b6e0bd89d33dcef65de69e23fd7fe176e07ab01a1e156acad0bc6d5158de8fcff63ad67237d46ebd2fa308367da0dcac278a2e1edbb13d0c5bc32dab362ad3196d434567d5bb76b3119f5a159b04b14b705ba73dee173ed20cc249b748358746a16d7245074f91a2ed407085d376fca82bc1097b7a6b5bb9d86e05505ec766352984482510d390506e8e3f4cfdcd6a938dcf743b853c7fa3a60ff472f8d59894cd1377ca3651aeb8ac12666ad105e6e216c012258f76351ece7ce36c837f69d55598ca82b5630e1eb62158844559d6f060b62e52ec4340136aefa505320b0417020a4195177cb4896104116894c24ada64088c0115462b43c62626afc95793c59dfba17e14e2e5b06bf396a4be00c5b094a584eef00d224bef543bd7c926866de92fbb013da5c55f95fae441e3e3ed61215d1076e5690096196981cd4b16213e7a16a50895a71220168f5f71ffa890a08d40eb030c3db8c9f7de208b8cc03f3f9851cbe4acfcef6b770d722e5b8dc85e48ccab756603ba088f116c1bbe8370fbbfab9dda8b0234af9b9e90ba475c6b8e0d4475145cbd545934c6e20d72a326db00016b35d1a93215992b6b075b29cbf1c5d9d85222dafade591e0d823782805426c779a2d9c6b041dd2f401fee91a7cba4dbe2a8a41369ba9c723636610a296384719515a91aae0389bdfb833a958e15cc901a3931fe739868f8b982cdf534986d639a9db33989e9a8ae1d9f37263251fdd06f09fa8eabe6e1071603d730f9ec14848cf40cd6add67dfe5ba3926cd1b0cf5f9bd26142ab6f4a52f26cab672e6ac1dd29f289b7cf756993fcc18e5ac55e87401cb0c83a2c29aa1b5cdb6e210d46814acabe40db3316b096021d0b6d3720ba486beaf916c7c028e45fcb0dea5cbe991f3ee349d5c1eaac9748eabc9a309785eec9798cc80f8f73c849c6e41a76d8d153ac4acfd37066f88edc7d1124ef9636a83e5a4d107c3fd7e3e3b33ce26f6c5f381fdfa1b37de71ecaa4e1f8332bab152f42f30e357f89afe2809fe655c6d14fec01f37c3463d848dbbe3304cb9db732f8ac1b5228bd55127d2ff358d32a5c28445a518bdfb720abce638b88b4d74b597f892913e85857668c1aa01ea1fb87eac753246d09ac62083a8c5b5dad2159a342d678374ce918c522048dae9783d3ba11f5b34e16cb0c745bbb872ff64192734ddf3e39b5fa969c8f42c6182120625928bf3093aeea981d40c01adc33d1a2eb0539bbcb6227226beb6ecb4391da2050764aa98fbe755cba0d2542aefb4c7d1ca995244c496cda532d649401ddd9abae2bf65f219ee9251fd33a496f75bb0419bd56b988889d6845181a693e516387e8018dea573d7cf34c49123e400541b8390aad86e35cbb0cf98ae56264692fea57b309cef643e51a28409cc7fc51e3d416c4005eb0d08d989f2ae830d72ba79eb89e2e7ec4843d57807e848a1d24c5ef3501967c2b85bd113eb8509a0e0908fd12d32262f0c4293587a7ab0931c66c9f63cd6ff738d6c349d43e71ed658611a5ca38587f93e65073d5c0a63f223dad5064d54a26b2c2af33052ede897c648faff60eea9378c29fa344ba2f7aed4b731e33c932b9bf3f95cc9f3344974bd520e52677fa45927939a421c68f01381542aa80ec48aceb3a2ebfafac7ad1aadd660e5b459c1edb1bbfd66d50eef2efc63c60eccadbbf994ec893417baea86a7dbb3c4fe37b9794bb9f4dff473625d675721ed054ec86011ffda4d7ab141f299dc3dbd778eef75ca44667a34275a2fd9501b5d9212c959705d259e3710681e17329b528c20fd031213685277ba7fa55c7c2dd47f7f97b8e41c3143b6432c16d8c90242855e13830a86ddcdbe29949ce39b51e2d55c731986f4dd9170747915ff897bb8c65c1ec2b9cae0c24937275b9033e449e7754aaa7503b62f005b4ff124c99d694bf26d50669e25a0268b9673d54afe82e7f38fe7bd11a052f5f5a4d1be8d25ee586ee9fc36ba19d062b8ea1456c2fc328fdf032927c92fec726533d98bbe9fcbb759f97c2b646a31b6b33a9c7ec6fd95b3a84d5d3d6b15c66af1707140f299689abfb6f6d84e6e5d302968adc3c20a742889f47f9bcde0a386e1379b7b196c3941bfd7b45777cb8b2fdeec31b761adf846c9c3a41c87e9a9507d6767fd641afe0cf804e34802bf22c1dbb75f69c7742727e7b9759ce8a7c9e41e5e64cb84faadfd5e150b90b34105d4da272c6ae45c92fd6dbc494ecb46767c145feb2fd240cd23723bd747d8a7519b4ce43e343cdad808dc372bcb8344d360dc449a160a2f7e2ccf5192fe4a8bce0758fd123d83ccfd72b3c525bc37a21125302c7704651c2bc51e228c2a506a1acda688c148788352b557e267586b576db7719f4285612f9fc807c8318e2ef68be6d65767b460c4dd1069c525a71ea4bd1faf4b00d579b65e846cdfd98737af616952a0452872d5c5fbb65baae025085181899e15ffc22471f3ccd31c1326000d1c76f4b8ffa5b16afdcc7e8b574372c642cce98a081847625218b7756019eecea84fac63dbc372d7abb8e1a9cfc146d6ddac626f3b1d9c626ee151053f81b8ac3d467bb5bbed61ffecb5ce370b7b00cbb726dcc108a891c411dcd3769da5358a9dc634294b3b2fe2effcdbbc347d76de72035b0b70cf8f570905ef594f33e5cc9de071911633deaeedc48845af3f9e3201237fd5eb3fc6524b9646cfac8a05604ac9cd10125647f1783827a98107f1ea8f46cc885ab43159bed41a9c32492d9094dedd2f7679ab071502a24d45445e06d736c78c3141ca10cf8dba2bb3dcbecb48b613204bc40c9e4204549ceb278a95571e345ed25e513e34d5b28264fa056b1a7b9df4e8ec04a44106f60ae533128262405080778f6178c4f74899efc17529798d696840f5be0b1aaf65f4e085d049b018b0ed66652c1d9752bfc9e82e1e86f0365a26213591b4ec5350fcd320353f8d64e1f6df1826b3bfb46a25aec6f620aa93688422a6a0e89dd580f00e774e9608053e319d56393cdae4d013cee39038ba3962b4d2e4f6b74ec28b7c31e6fdd9eaec554d2600d1cbfd02d018f8f035731c385feaca47d2b3b007df858af2f071849ab4fcf263136b63b40f6f8228699d277374f0b5259c4a25e5ffe62f872c9e7ce978e32995e7d7c66695a097c112656fd45905000e4f4cc494a3766365ede40b752d178567efc1bc64807efd5532584befef7cd765b11696174d0afdbc67cceca9be2366088bccbc09488439dbbf0958b9b804e13c6c81d29a1cefb8948e94d8c49e3ed1f7543267ea78ed2c8fe749ac606de9503c3b17c3e30d9ffee08fa0009e5c59f845a78571cf7f7422d32d41b6721dd19c908324702e3fc169118d48fd842d60ac6a190301555ae109fd35f6d5a46909f5003dd4f5cc9e9fd505ca7dd52c989dd26f5755989fd7bb0dfa932b2056a2013a9800ce71b"}, {0xa0, 0x11, 0x5, "958936c0bf490938e7d3ac08d9e37b8b40038224603583f6033ecf906eba0727ef5c0348c9540154f3f1a1543ba8eee7a9f270844c59c4eac44d026032388efaa4434c6508ad30b545ff068c628bdc8854f7dcd5967f9d41e0176ff3fc19f18683a2108bf6feab0a37f442b5d0c9bb9d9349d110f90df6e568dc887e286302035e956bb4d3c1f9cc5d0cc675fc74afbe"}, {0x90, 0x1ff, 0x8, "0bf3037b17a6ffd76757299f45baa1bae8335360cf9e88c77da54a735658f9206f295610e19581bc8c82f92ee4af6d656fc6e665a6523a2775a4b66ea46f61f9681cf7f211dd537a58676cde38cbab42f52c9d3741443b8f99caaeb333a1090125d8129514bb072ebd0e8927a2a669ff28d2c0f3454a9ca11838ce4895"}, {0x98, 0x10f, 0x1ff, "8432f277d21c115033751eab6fbcb67cb81712617ef2ea6d43ba09ff8c431d86c67a53505991f5be8da648c178a1092b290df52f0da4ac362c577a28138cd1bf943a039e08c673514091d6fcd52e555da96d2f670c9c9e614acf2da74f8d607650eee5eeaed525a992545f795f811c0b3032936aa5b5b3c78036a41f2a0420ac73b84b"}, {0x28, 0x11f, 0x2ce093e2, "33ef1b13843d9c1f93dc1c9a5f1c4fc0430663ebe494"}, {0x28, 0x111, 0x6400000000000000, "323bb6485de65ca8cdd1e2b6486db4e23e3567d8fe20ba"}, {0xc8, 0x6e0fe3841dc6b21a, 0x3206, "f7af99613287dcf8e1874e092bdf3fa11bc75cbeeb2bd4a0a1fb317eabd6329961837560f24f28d8a2a803c29fc7fff51944644dd86c81834e1eb06fdada119b1321c846b3f868f7bc9431f8558e56638a0c745ed1247ebaef102330855416dc0980c1ab4112fdbafd08f12037762fd99f89490fc8c3d209940cc2cd9b409d951ec5292fa9519b0e83a3b48b860a3c3fb1f4a8524b3b9df04620e763204dd6a0c4820cb2d15130391fcd30923c1b771379"}, {0x78, 0x117, 0x3d3b1bcf, "17e9f5558a2c12aa9d59e8c0e5ce22d1e6f0a4d6299144852c49c12fc7eee8f33628f1ef9af88b80974e813e8ce1fa04e98bd0b60c399a59f793df08c9bb415bdc793860a36683db7cf79b2e7bf3bdc35bf580963860ded7d14f4e39806f7954355082b149184b6e"}, {0xd0, 0x116, 0x9, "9cd59606977c1209fd2bbbbef106f698dea63fd860bb19caf364077748dd585c58e07da61b2a5d9d321d2da1eb774513a31cdfada65d9579235858140921531d62c37ae1455065612880dc8c96ee9198cc94fbb549dcb11d1301105e4804db7ca6e8c164fc8d758d22ce40143cccf4122f18c58eee4ad815a6f0c6959719668b37dbdf465f46c47967bf9396a027068769369c9029300504db29293e13be23abe8d67fda0465855e4719f1fe8e3f3136a0e1326b1af8965570813c52af88"}], 0x1438}, 0xb52}, {{&(0x7f0000001a00)=@rc={0x1f, {0x81, 0x4000000000, 0x8, 0x8, 0x401, 0x6}, 0x1f}, 0x80, &(0x7f0000001b40)=[{&(0x7f0000001a80)="1ad8b33a1e15103690522a81706ca3d37a661ab78d1fdf4c5919400e85a1521d03ba7aba4871d629db789595121c31fd954d39f4ee5afbf9b86ff776b98edfbc7688a37967c8115dcebcb2d404ffcef0804fa28f1424f98bf2768d97b410b2ec5283ed542800ef7fd2a6db52df7039167f04688d20f8ee12ab726acd212f9e50b82091be6ee3b024a39f484153e35497807efe6d099bfa06a39e18db11cc4a", 0x9f}], 0x1, &(0x7f0000001b80)=[{0x30, 0x11f, 0x1ff, "c6be5dd9e8535539718d5ea71a11e4525531b082e88481dc7f23b13a"}], 0x30}, 0xfffffffffffffff8}, {{&(0x7f0000001bc0)=@rc={0x1f, {0x40, 0x9d8f, 0x0, 0x10f4, 0x7, 0x800}, 0x4}, 0x80, &(0x7f0000002140)=[{&(0x7f0000001c40)="0e3bac3adadce8dc087b280609465f8242c47afbec3b22fca4a7988723c9d729cf4d471ffa4ab1e3c343768acdb2a314d938fb96f7aef4317bb4e7ab1e57ee380530d79866b10cc4c224e8e01d47ad516efbec506ef2f305a10b260296b723322a4c3389a6b884ce96f75153bcae70d99d733185af12763a1e328185ff665a88cac62501ad456ce37d2ef18c1051101be45be470c2013ede13789062f30e10c5f2353ed5472b1eeaa9c960658e6a865bc7c23ea94ce25283d65306d4af7b0fc239558e3b169e6e1ad4353cdf256791fda594189c476a6e6d895085eb3c52eff77dbdcd00bd3fb93df7498b89c1067a6c2846c7add5d561aae9216a", 0xfb}, {&(0x7f0000001d40)="5bc2de3d79bcf99cb0597d8b3f97c788040b2d45dc8e6d45f6e0735deca9435cf6e8f54e6ba3b9003d163497fbfab8ccd28cfea605f4719fd6b5baddf0a7a492eeaacd414f0a30061b07e02f6d778775900054fb", 0x54}, {&(0x7f0000001dc0)="818abffee03af817ae99d7d2de689023e9580ebc2e2b064ef0d16441afed86a7aa73fe89df68287d9827066eb09063834560b02e0c8d7c", 0x37}, {&(0x7f0000001e00)="52ff845505be23cd0f5ce5f702e9df0ec3efe95bb2614351e16d289c8aede5859e5ca645f0c299af0c3ed2ca50e5601161aea63277bfcbe6bb10f74bf4e65bed7a8f5b852c8ccfbeffd94218ec04c806d93ff9786c34c7e86ddb92eb80f2e0f107d28e8a17da57832276ddfa69782e3ca4dd3e97f4b67bfb969dbdc086b098b235ab3292b32e87fa58738e7091ecf83987f4b1c6b80d90f730c06dd3a9012073287d1a2c64fdb0340c3affc56ad4fdef91eb76df4b2ceb84f3437b8e06efa84d7f3bb3bc11b624fe47ff5e05f7ed54719e3c00365f", 0xd5}, {&(0x7f0000001f00)="923b27e7433f7730dc9c4cda55cb46e6fdb555b64fcf2619a1b188cee8d0588e3641006935da21ac003e694687117777db6515b7abd46df0db82d71cbcb6cae88f3444c5144a97317cbedc39caa45448f2ed932a33421018afeb9030ec", 0x5d}, {&(0x7f0000001f80)="4503902587fe5639aed5df2ce28a360605ee917c4b5a41e4b840b55d3272f9b33b2ecace293e14e4eb3523693a6e73a5fce56cf4de8f03a5e33c1064d142f8422decd74389d3fe8a04661be7e4d708fed1eaa4917001c05bec8b396ea9519da2ce8eaf6e95f97ef6", 0x68}, {&(0x7f0000002000)="4e0e237cfe8080455810fcf0", 0xc}, {&(0x7f0000002040)="4a1beaa3b7ed2c56c68887714f6917d8b323b5208d966d14ae64695b4b6b2bbdb56fb6ad677d7bd23ff6cc80f1609fe3198ea3a559ffd0f027d12a9f355f252b08f09356095c1a94b04f6f1ba2b31847b77d3f87a70d491331a80ec8c8cb7a428e74768e2d7f570bd38c3f21646e44d7075e533d418ae7706e3ddcc3e46f035a276c5db3fd630521189a79231374595ed817d7971c44f2256cb8a220265ca85e6543af27eae734117b0efb033093e43c96ba1b5640080f2126cdb7094cd7d3d491d5ca7dbf54132482f7e1c414a102898201266af10481ffb72728e9e46039aa9993a7b0be", 0xe5}], 0x8, &(0x7f00000021c0)=[{0x20, 0x1, 0x8, "66fa780f9d7c10a69c735eff5735d793"}, {0x78, 0x112, 0xba7f, "f54226d96309502f01b6aef447556fa8d9311c24332ad43415020e81165d4f699e3ea8c0f00943d1e2c5ba785450aad29c349c8abf3ec3d1d24b135ddd3f576ced438a1597195a1b246c0a339f8e2702a92b0b9a51c4a23897b61548072dff9f2b9a"}, {0xc0, 0x11, 0x800, "450d67c2739bd3c50e57b27c53f3c00c50347c38a399fa185ad7676aa03db425e22dc1e82f255385f28ea193c4cd269b11a4ed55279ec64c4ac927e369f30b15bb585271e53ecf3d54e63b174f3ac896af0e5b7a1ec6b241a74fb639f2dcc48d92b96eaa6cd2370812243e267e23933519d77b1ddeb6c3b1a14581f3b9b0a77b9fa443d8f32c4bcb46ded0db8742ea8d5941cee7f67b09cf46074a554e95d134fbe340a4ed8553c53a4cda"}, {0x40, 0x0, 0x40, "ee0ed7bc4436d55dfa0c4fccf8bb3be1764ea078d8ca60bc9894609fb8f619331c0b0597d3cdc3640442285b4210a431"}, {0x48, 0x11f, 0x4, "c279aeff290b93e3224006bc9db64d92170847beacdc4b6bf433e7c4d4b00c1b726cc3ece08252b2b319eb1540c8d24100b38fc9aa4783"}, {0x80, 0x113, 0x9, "66b79a9d6a5c8f476929861a7c82a6f6d11fd7094948d738e21c19ac90b2702540ac92c2fefbbe3e23be1c6c0e7881cbd35941c9d94d66362266a99105c7b0c45c74cbc75f4cdacbf19b5c86a307c5ebd42db04084244c94e3115ac09918fc3b6cf21496d9285f15bf1e2e0b4ca6"}, {0x100, 0x104, 0x1, "985bb6fc09ab96f206537c6274c3e7617a5df4f5e5043da63fb744703410251048411db6c671cbd85d86f53deb36c9b8f17028d9238e02020d2f77cbe2c4bbba4e84b28a5084377e95bfbc8ca4983b671e787bfb8c0e3f5cf5a483343e0ea164399e55253bf4f55308118a8f8fa206e34883919670e5a9a632ab87bdb3ce6510905943822e0b5c5798cde9e5cfb48e3ff3e424df099954298f3309ef32547fa5967469c9b1b508f725ace2ea519ddd4b827df084db1f2b863534975e0f16f2bccb8e583a540fa7739a26abc1ab6a17028c18502791c12b1a36b7eb165f8b2c7375dd9589b1ae41ce12369e5494a978"}, {0xf8, 0x0, 0x0, "3a90532d2be513f0f6c5cd79a92a13598c367d0777daeb2d7d2a1525a7767dcdfa1977bb89f2e77a9793346f13c3ba0057e1fcc664eec0cc8be8e6608eba9d16a4a465c5187378b3454bb1f6c0190a0cd25336c12030598dee4967f22e3e098b44d00c978fa5d9edc280b5cf7a6f3e2d6acd61c86a146c9b70896a4ee077d56ca1a98a6359f05e9f77a9234a8c8918c6b138425b8b76326a52b8b48592d33d12c3f670cb73428bb04b45970002415bced88f5c14831576bfab53121f1744cd103ee459bf36bd9210324751a191f792984a22141ab1c1c90ba8e0cf210d96105b0264d0f245b8bd6c"}], 0x458}, 0x1f}, {{&(0x7f0000002640)=@generic={0x10, "73dd9f63b0053355389f310da79edc81b0137e69e9f47e16fd28e622162c27a45214b4e1398721acde2de67847e1c5412250e3d4a62b6e2642296ee43f1ad5cdb26c32efbb121b89a6d585913d4b893a55b09d43a6faa7b7d98396b8fc9f40d38e72647abd436765993a23911fd18a20f1e8a546719dc43010dec032805a"}, 0x80, &(0x7f0000002800)=[{&(0x7f00000026c0)="769ad3b8157de4af3e95d88f24b4dd8e3f31bfac4f32f296e6759923a8500fa08346d98f8c25f62804251f473181ee0442040ac951d2d280831463aeaaa928c641240f419d51725bc39b23257aaf5e01794d130d97d522c973e8613ca0db94c4ddc2863a9ec543d1e0c7e917d15a64eb62fe2c69eea829ec4a9fa7d3f7b05122488256c44a8dcd8add84dcff61b2e8466915660d2a7ae4821c5f457b27042e0303450820054b31c045322c1ee370e06def36492f944704", 0xb7}, {&(0x7f0000002780)="b1f8c7ce3aa00a656756895dfa158443cb4748438f02bba06954e99bdc74d925e7c4b99c", 0x24}, {&(0x7f00000027c0)="0f4c", 0x2}], 0x3, &(0x7f0000002840)=[{0x68, 0x115, 0x6, "40dd23e756c0f1d0b82b09fabdb89d1cfecaede71b922b29567cbb7341f29de77f278a5e8eb86d5ee175a383995cb09dc4eeceec5dc2f4d7585cffe812d6ee9bc1964460e39b5e792cea255579d51fca55f77143"}, {0x80, 0x184, 0x2, "2ade96bb934d6e071ed4232eaf8fc1ea38c94f5ac5e879387eac2ccdd8bfdb1884b70f6a4c9f014ffd852c6c3e1b8124131971f5d16a7cb19e99b7bde2328443f6e9234ac3b193231d2a9f609a53bf0c06fa658059331e695e3d41521cd78b5a4b7fa4943c9ab84f6d45dbf6f3"}, {0x100, 0x111, 0x9122, "dc6f65c538b25e7a8666f00a4a4c9d04ffe7ba26e3f3b3c0d4be8c89cdea1b78016974cc1b0ed6f68e62cfb9d78cedf10b8605467e357965459335edd848ff0dce3cdf0880f0a4f55c0e5ebb9a0d95979141f45ecfd63b39a5e7348ef2f01ec02dbeee0c4ee06ae876a336468b8f54fb40bba14952157edaabc57dd6820b4cbbaf766abec511c7943673243256d55f728abf90e725a0796973a8ca53b75d69fcbed4449e7878fb0f06151b6ccf6521c6f0800febb908fee8fad8c4f77802aa4bb36f9c6f29561d7cbf233c4f3221ad1a6c8ddbad09380d328c6002067fe1c5c28614031d0d7f48798df0084132"}, {0x1010, 0x10b, 0x1, "422acfda5ffc204e0dc40dc5518e77b3aebb66bb02b383f57472c1d420b7e88034b43ed1f4be9528d17a046099a26c4c0819cefe39710be94961f3296da3cf1e53de1793ae007a1dbe1a0feff6e6b46d6cc394dada39c6816db105950a19a98a560c4ce56c58d11f5161deda8483608b77a48e8e831102cc160684e65b93f950f0b7ba0694a01d507336af7285f589303865316cb74d8eae144678671387bc8fffafafc89f4d89d390d3b47c5d77674c2bd7f82c1629342c01ed961a85e2626746e76cc909f2c42b650ad9c66faaac4f4c5ecb95373e24632700c4898f67c520c7609013b9de2e4a34675708fb058c9ff3a07ffb6821daa30f745247ff3ce75cd90d62072987ed5f9ffe616bd637d62d938ecad02a5d824dba4be08eea64a7e9a98025e36ca14d3bb357a5461717a00ccbf866d2f411e835896bcdc36c9f9cd2cd614cec6898af4c3c66387e83b82374b38f79d0e21c455613b210397b4796426a391d1f71860f926e49206b5b42cc0705dd723cf0b6a46f24504898006776144b4c631b1750fb1e44186ff9b376a1d0477e1a89c06c2c0b417fbdb5b9042b03967ef9665a90968dbbe2835870947861855bbe0d84395b1e6a2214a8db2c4ea286d0bf2dbb091a52ed2eac8427d3c3cd50bc8aa31094821927a6c67b10c2bf2b2af724486bba49701ed7762f4754798cb5fdd4b44610b38ebcbf27e7f020a6050967494a4e1f7f449fce4997e578b4e26ce0227d73f8ed0f268f7e70568f40d5158d678ec8a25f2d996ebb7dfe13bac56568a361329fc3fa561fe480f3214fae3e585868d874f2adf80f80d1e17a1fe44b5b52542d9a6bd5eecb24eb9da2e1659f836ad9cc036a531a217861c7f2fb45fdd0f420d3f57c8305301e402243c301bc44af66fa86df75e928b0e23b6db47f2d1a4b9d8c2239447f3741dc9d8395f4ae5e11c88a3a89eb25506eb49b6d7297c62a58d4a02011033ec1788d721a1fcf6dd1412a665558ad8049fc992b3cb8c647145e433ebdd53058721507182123b3840bc31f432ee4f54fd6194c7099f2f8915b64dc96f9695eb7973f8ab703e4783c65c57402d0e34461703c845f586cd1dd02946074824c813135e8ce7948dffbcad8a92b703724531a0056ee1b03df8c34e1239fcdec05872d5df74ae5c3348126f57c5d4061e9f862ae28e0867fc1434ebe53c18ab21702224a567f0dc8d7f9f2ad627cdc1bfa0ad34f36fb2374d074f3695495364e50259ffbb062c66edba4c523b361c121312fdbaa763558c24f8ff92216a478e3bb68e1b7eb1d82d73f81e17907b3363b6e76abb8b6c594c0f74984282ff4e4cf909d9d3689e9fc32b0dcd1e34aca5bafb37f4d5f2cd3d03e2124ace00e32e10ac47cfec9e2fd01a2500412ab2f759339dc1a49c86cc87ebaf16a319f95838c703926740d8bd3509c9c88768bc2be6c2c8725413aefaf1f2f656ad3fa7349ad5eee4e66761917b1adfbf2a19c304f698ed43aafdeba10a13c1630b8557bb9c0f3504bfae07b66b0da2e0a84582a8f59175d245ea48d3f9f5e50e97ffaaac36df4efa6b7899518002d85cbab9809a1e109f6b6d06be23cf7c1ab43d9142bd574ca2b219a51c08d8b6349e5025af81c37967cea935a79ae768033410d6985e600851b874ec02b6a56a7708ee7528bee186a90b3786188cc98a1bc8adc33ce354ea1115d41cfa45367752596ccef01fcf74f23abbe159750dcf777aeadc5041ebfd733b8af6ba04f179440de695c4709b8c080aea5afab1d6ab5217d1e5d49bc98cd7e5c528aa4094b13aea0c943671fbe155b5e76e3c12740c23463b3cf5f63df7d30c6e7b9c861ca3ffed23b1524d99f060c6f98630f45546973430700e06e0d3fbf2dacc5e5d231c5f09a3b7b75bee7a5e8a022132cecffa3d3bf66e834c089c37515bc9e2f454383d68d4f456eac9351385016f30df4716dff62cd3ff97d232d8a28ecb9395b85d7bd761c82409b0d991d4521f040db906af07ec725f9c5093d1ea9488ba45e72ab02593689c6c547ea7d7e3576a0b2ea18ebbf4d3a1415a02f6db2fecee19695709aae373fafaa5048ace4ad78cbc8c837ea18002084384b4874c2a76e785ebfb89c3dd16027c53ff1070e6326a0f81267233a007f00bfec7329626590cd2ef5a93602f7251080f807432a15085039ca435c33c8f8374cef4fb2f994ffcdbd59f09f0547fe99bb1292fd7d25138c99a0ec64abb34a4705e463830a387a6010e7a46d85ef377673a8ea5908f6198e638c222f2139d0ff012f20cb5dadaee77d889c2b4a4a28a7a1ed10e8b650ac4e4f74a8edaa87c28e1c0b82a09fc6300abea26c60a1fffd8f620cf8673a06a7c9db989b0775cb973b018e5de418269c57f0b6be7575d6f1b453dc66627d4ed5ca43bdc3958254e04c34b936903407cb8fa1df6fe3965856dbf51e97e63d1de00bd85740b374c2621424757b6947366d05562b111dec73f83dbccfc732081c201defdef3f9aaa65646284a5b7855cf8f90f7a083f50b8d8c6d192a7d27a1c3ee5d65cfb1331336c55a5e21096485f9b95cb7aeefda2923c9f42f9c12fb710e2c50a9b5d19f4ccb4b1d5992464bade8c563a42de1cacd07fa54ffc6641128b9e397cbc609228ce238f30e412746ac939a23da773bc2f964a1f0be178a7f42406ed6273fbcffdf1aaa8b861e1dd7cf6f190e188e737b29bfac9b2e2218f13803d6755f2815b067a1df6c9da1cb2614ffeb79faa1883642f0405623a677fe072c52885793897edb5e0bb13e16527c1e1b7e1a0dc79450e4c7c38ddf85f286a72715c0000eded2b0d551d4ff23a9bfd2f6573c90af14b6cff603fe22bd92c18b37764995c01c8fe4116dbd46faed717a94c07e8f9ae14d30336d1c8e12c7daaecc6f417a108b434345a1a10e48972f256fa584f2d56a5f6b53e670aba7ceed12fdc48124ef9908da4aa801407811d4a2df878a1062520e70acf2105d4a9954aed389bd750b511bcb4c08b94073efc777b886118c74fd0c1ab2f3b8eb1685515bb4e3d3ed1dd46f8af19ceedf0ec98313420e2c2f18dec246deb3669e181b9afce3fcb2af04f21e2e7406b17f91a62229b264e65c03969a9f9f17531487fbd41c2e8e4f061dd1aa7013f042854472d5abb613d010f3bfd4c90405ac9e4fff08ccca69cd8fb5b43ed7a656df996225924dd732d4626d6f7fd1ae65b4e0f78ae3c579bf33d42cb78a826732048d80a2aae7278f66ff54369166d6c6c09aad5c6abf505e043b532f63a11080a1d6c4a2fce17a5b1020eaf3219b9a2196c0a62fd54d057b7ddc3389de22ce680ae52710152380021aad360d857bd28764d007ab19f0c2fc7769035bfcb5c7f31a5bb9c3ef243d64815ef8015ca857ba21e3bd9a908b6516ece13da81043df0c51daf57b0b4a15119b82dcf7fd9354e6cb8af1093a924093b7e101b72a8e92fb0df9e464c883c147a1e090cebf2628c80678e4a3cedc0d492fad6626227dd79226953bcea867b75168c642e0ca0e1203af5910c3b4161a8c3b10cdf39eee74908bcbbb26cf78e5d9815b0230defe83428402b1535d96234c91fc781dd721b11a0256ac1d9fe3b1f3bad45d62f97ac3bd56ab057eaad73aafe6fa89d311ef728704d7ec297b863d6b6ccbd0a3142b659e6026c84b4923f73b5c1fffbca4f7ed6e21b9696502cba5410c2df1ea58d525cd8ac878e89c4d99c998dbc9c6f197e990cd5fbe7826adb1418c114b508c3022e3822d239372bb937ede91e93b44a249f9c96a7bedbf0030ea08c14c9d13642950b8f8a9e28d080f96358a1ce5d2473b5526449bc5ac1a1acba319341028d780a258589239139b0c7fbcac31ab9a0b2fe2097967ab1a87631fd6a4aa7340d470907e3c1a8c295c4a8a3e859ab16bbcab00e2bd2393d7f72447bc54ef903a7ca2da2ea4e65622b3759888864d215f520535c116a8d47d0ffa0aa9959213bc7638052f8a52813acd7100fad8a507d30d6b05439a1ddb2a60ea0ac0dab95e9d16f41f2653d6f5f646f00bfb21800e7aba814438c24c5b992056cb9ec98f7f8e525da24f18444d2b7c8bd91638e47b6cc0082a5b0a6a23cfc3dc00c9ec125a2dc75ea92b7bbb2938760cb67ddf41aff29db0c4b946cf1f75ed17a49fc9840bd7dec4e0b96f99503bc57baec63b4a2bc0e2cc3435df09be060d0b2a436c97a160a4cea0262defb5b66e179134a77530c5efcb9bfe111c825d50ff8eddb5ad8d54f1c651c5c714f836809d4f01144cbbb620e1c26b73b725d73e6ee50d1b7d9845bfa2778ad3c75e26178adc29bd0b1a1ecc78b0d41309afd9e4fa167818550d48881a0baea6b976b08b592ab70fbcb59094095f9a6b58fae8f11fd9c63cb97016e5101a5f535dd2f145ec251a8ecd584d11a680eae27aa66edc1f7266fd525f0dfefc0647e916a9f1bd6de8c816e666a03f6d5ff9fc36e431dc6f46ae739bdef6307e5ed5608814fa0973c3fa53c0234a9f4f638118a536af75e278814d8255da573b11ea829219436c2873c49e852903c54de59a23d49b1be10688dbb826a301e6af56fcaec7a50ca0d7a3060d3289394a359cffe5a6156367b0a4a280f70260e8d34dc822a48f3ef1cfde1fc7f1f22f9eeb8fbb41b4d3f9676aa6114eb1601fdf7099ba1456452ee7d5a47029004fdf8015c9bb2599737840e32df65dce34f19f6fd108664c1c4ae664b6c3aac4ef19786a23851552d3fe13aa2fce6282fd890124879cb5f88157337c5d5f61ee242cc1e5f2d882e735c9158ca979091e07d5efecd525d1389c59e474a7f8b41fb2b11234be1cefbd93b9ebc8167d5b29a3ddd9459de94b7d71b2a2dd6a1f547a6eeb6136c1f8f23bb375e414349db4b25d393fbf75b7580d9b7ca081dd9a025cfd105c9c73d336dd2b3a9a38c63c531e137b60689dfede700017a7ba1cc0c033926309100b6067d19769e9a0a19018685f5198f46017ba0ede8c6f1d2d83e42fea9f11ac8d949842197c55956fa7a4d3c9d1f37ea4ff5591f099751531e25b797242eb14a679c3d35d533912191008cb61f4ae203cf7aadb4fe18fd118d46b8e9424bd3b6de225e9aa6c4a74416c713719e1dfc930ea990e89539b63ac431a1d391d6ac38ffb54dbcfc0c5198a78ddf933e4ce386fc69fe00d4d54f1b66785233dd44d9fc0e82e80128153fbedc04dc1683acc1de265d5666e1e13157f263a10ba37e638df0942456662d17ca3a6d8c49154fc7c951556c52df8620a2fc26b0cff6ee0bfa95831fe7c779c12e7dbed6169fc0c62e35de9e0cee9a78200dc23babe53e9c0619935c2a2dc87ee68905b9e29c3e267e56be97ccca1dcac9bf4503cb2ffa1fb7578bcf1be546fe89f7b06390a42da22970f26b18586a4c9590e2dcdd78f1fd918c7d4f1add19ffdf0e908ff7a58f24211544069dffd2add1826429205ab2a4b1f219dc03eb792337498cc6eee7cf80a049087b4279b3c2994095d6467b7cc6f85719f6d07f0be4274faf57b3c198d047ea352990ab796698ab3782dd9b4fa98f3956012584e3081e81335ba15dc431ea827354acbf9e50abe97853cdae0a4f0a2f8b7a86482c942e4e2a93799bb5c6ed59501c39c99de2edc0595fdf05239ef5517fc8b8f43850b8338e173e2ee5bb5e57b91ce5760ec440a9cfb9f137b31cb7ed31b7d99bab1beff5b06c697979887aaac17a67445b9f10dbd0bca8a8bf9a360d8a79df1b0b5104a4fa6ad76f1be17b2cd86586e5ed54c83a2d7044a66de4ef5ceed52eb20be6b05ad2c414938f7"}, {0xb0, 0x0, 0x3867, "638369fda27925d8d2c99dcc6e318ea2e49d9f8a63da307c4cadd4bfb759c8b70d0029859e9cd2a1307d31acd138dd26355b36706eda028f067c05ef24d07368be282d337d4277afec44c9af79927fd92288d4378f9e70aff4e820485653a1c9ded218b101cd11dfb7166e277630cf9e1dbaa9d4db3c0740fc00e57686ffffe254047feb6a2971d18462b268a7b9ffc9e2bf8ba9b5f4f70ad8e335"}, {0xb8, 0x112, 0x4, "4fab5bda05575d63d9e099133053398a9cacd031e4396cc0fe7ed07890ecf27d0846c15d98e5819c1e86088eb9b69dd59654bbe4d3b55ca51c56b1686fe4cc02d00a70bd277004410157c8c2acdfaebb3b93a2be482968ea9532f859560cbadbb19043f44c1950465e45eb4e698cf5f179ae7639c0be6d41a18699140320cbeed0bb96743abe92d2f9e822c195c54e5827d5468bbafe06b4b654354f3842cbaf60a67af6"}, {0x10, 0x1, 0x8}, {0x60, 0x110, 0xbd7c, "d4f4582d5fae66861c94e123c19045d6dd1c418982387af43f0330d3943756ea292f457ba90f30bb425a707c7a3bfbe208fd8fbdc27b881acb3d1c20e6d87ddc577f3f1507505909651d4fa7"}], 0x13d0}, 0x1}, {{&(0x7f0000003c40)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f0000004e00)=[{&(0x7f0000003cc0)="7ed03c0ce7fc9e0c66efb4138e71057c5aeda50e91b08e17e7749e632ee272ef57755ea5b6412c181b5f3f1db5283f94780c96e300b22462bd4e7a59230f17bc32224795", 0x44}, {&(0x7f0000003d40)="76ec51a21a4ef000822ebaa3056db22f206a8250b158e3dad257e94b271129e7a22ebfc089676ce4325f9d4ce28a78394da508191612c2dd39d737188f82183978e6414c38e6404f", 0x48}, {&(0x7f0000003dc0)="0c467117d404ec6237a7f5c733722aae0d", 0x11}, {&(0x7f0000003e00)="7d204ae38f13655e092224d737ce88a9ac5c3b46d4eea9dacf906f5c7bb8132ab3b6aba0113c0efaca938c5a9709480ab08b35aa662ae4e439632915863f066dafbf52ca45cf9cfa09615213e71eafc5fb397951bb71f170a244143c500455b216dc0c5c2b4a4228b1f2ee52ac781328f99ef2dc76b31271c50afc4657ce7f6235f1c94f1c5762f7c4317b012b529dc01a0f4d57d1487ad46f6f2294a9aadfa402cfbe9853d2b786e9f85646539bcf52faf5461e36dc860fee7e53a64a8ff8ebbb75e2c81a3532f40261dae5a201c4e6c03b5d139376e60d883ae4c80d30ae8c4944bd6330891a53c334029ae3f83d3d53cd1aa58975a0d1d582e5076719014cc86547e0af51f83c25795d791899ae9f0f2c9684a44e81a6ff90bc39da579a777968f3af8192807cd3b7b330f141066c5288fc365a0f42c2b11fc8db93dad5f86b56062c8493fbd2a5eacd689d44eb5d1ac7e134a002f5217f5535466c147d5e2b82560e33df3381b67921307eda868e2d0a1c0f8dffde7a7e9c1b1d9827222258b4e14d4df22e4e6ca713fad61591faeb50bc076c3c3e3b75a189fa40415aee1a23756aa6790ceccffabe59d87c08a5423785d80ade66f0ca67c892523b976d5e60e4fb31c44d8c8c496bf9b4db408602a2e9802b4918a5e45ad7388b5843f1fedb9b9c30489e25a201467aab0de3d3ef069338bc53993210f556492fab5586b3401ebdbfd866a153033c880cd5cb306d32e798920834d30e7d63a8a029c395413eec560d0cba65d95f2d081b64d0d3c41f700cc693545eb5abeecbc0735940e438ca486f415092af5e30d52205f1aafc58b93dd37a5a2f44cf99db204bdb697d65ab71480560ff44a32c6d15f5be29bb66c82afcdcb9021226d59de992053944d9aa2d4b9bfaa90e0bf6b327e032d3ae8e5f487731d667b196bd993add8241ba3d1a02d60936479cc7b57019f0065627937531db98e9ae30e4370f5d2e2f1e824e93b0224d0718e2b8ba750b6663900c513d5aae43351297888fc3c8343e7577ccf206d88d40ddd65f5b028b29195e014c336ce5aa1c0e94c595f0248ab2e5a2ad9ee60b74da832a663baae4fefd4f7bfa5e559946e7551fa7aa871804c087a54ffb02cec5fc3734e96205aa651083d19f527fcdf31943a0bd273a38caf119188282a096e1e71892b745d1c3feb1ad0effdd53be10122514946698ee2352b90f4438698fcbb680a8a248b175ceeaeb9513e94fbfc9ac608f00dc07c5af6c3791af1649bc7d598db9c557c6dff0fe58c24010053d8e5dabc8d6e68a8efcd89e2ab4bae3db73047c527ffe5bde253a9c099b72bb04cc2bb59dd20d2285964e32d87ea2a9100e1aa0275214b5e9e4bc5c299f5e20b001c786b4fed6529d2e88bb45ee9e8a4ddd91a2baaa8366d8592e29c534d35f4216c8b57f60599b43e617338276b6dae6f196ec09521e6e6d2c30f51d2786a9c57164a5ebf3f98ee57b6c5cb060f5901ae6d3739e8ba05f62598bc2298fcf264be66ae0910b22ee5eee560f5f6c3c83c76b18bc44e737d3481c9de020abbb3ff43014f70ee800747d198464ee2dbc9d2b24b16629511d726dba53bfecf7dcca71c49ec5fd0b4ae8db38642c2a826af75c7a2f85c0bc09f86c9583315702bcdcdc11db0e38a79117393830e2908c897f478d200d0af9ac09907fa7d5f6e3f28e5d36a2494beb5a1fa6b98eb801b40cbac065cb6f59ca3f231743c00a99a0a89f85ca112cc6fceffd47ee1d0036d3ccaabbababd591abb2fd33cf01374aa43616bc244543397743bd435a9be867e037aa68785e657d34d0728b4a3c3fc7f7a79272cfa0c7d041617c9c9d4bb344b0d8a9f6cc8a465da56904f4480c78aeedbba4d34ff96afc2e4f6893a1ce038e1c95a7b48cc4403fec0eae17774c585b92d9222ee47aad81dad75c5efb02408ebe92c6b3ceb43e5d4993e5737b69ff5f4d8256e4137ad10ed3d836772d41f90fe7faaa906efbd3ae6011f54decbc36cb7c0137ea76bdd042e8f741c25daf9bb3d9a252bec32a6dc67e795415eae63fe26ee0489059b335a270919a2ce239b71a2f4d815913b64beb939dcfed91a424ccea04cb846dc55b7035d104d2847b51b9afea651ddf57caf21ec3cfed4546e04146d90a38195673ac783640f90c6e2bec04881289c0a097c337d322e27df7a484d99b3b76932efc378b575609da7c14bd6aa0b7a18c70c719e4f64a6059f97452a2d089abbd523f4534f706337d0452664c78088165f2b4147f9428c2c2cb9438617bd7be7c4243a0998752942eabcece126cbf13c5d084ff9f4945898ef11f681567573817749f3256d77861dfd8195f54dd9c3db786185dae323b8f03f06b88de0e4591fa4f8cdfd04e6fe3a4fb1ca308ffc9a3033202b77abb405d603ecf466f199783d2bb3856c7f2f76d994fd46c9e0c0b6d42c0dc86c0e3fe557fa225aef6fabf45f8d9b456367c780852becea636e26046b4f28618792d3d9a55b6d353758cc677f8ed90728335fd071e28d76ccbc620985826616c5881c6bfa1e1640fdf92e5482b09eb821d577adb7136f85890935ca1420387c677ae6e9ac9e415b565092682b2b937c409e23e397e5930481f4d8c345693e4ebf7312bd634b44ef69d63342cc6a82b2b583cd7835dab32746f0be3501de2bf78710c139cd16d72c676a5df8fb38ca0c5611ce6e2d44135cf41be5d23c25ed2449b5bccc16d5786071af9b1ec37228347ac17c5dc5e077e871e86c2d2553b8f78ed7f65e62ffc57af7d2a2dad1eb0b3dd8ed6193b5fa1cd8dd835cc6638111982e9ac6672d699af21eef5f01ee713ceaf5ff65b2c9679b10da8a18a2d40cc8714682bca65c588894ba86ecdd60484356e0fbbf09b49f169adf6c84a8aa166b40eebd84ae8ee5d0a464d13567a4b8dc9d2fef3ada9f958fc935d60ecf9ff77f57f1fed440b809602e35c5c17c9669d74bd977c80f3161a9ec59fcb2606d97cab5587d9cf84805e9b76222985a58aca3f5c21372b374460a1537fafedf5cd5e6b63ff7b1f557a022f0b0fab82777e191a4acfc815ed19e52add672e466b007ba685bcac7c3fdc4994d89fca6a1b7602a4063ca28e49c5bfbed37f237a16deeb3703dcd4d987a7f340e002f6443f1499dc28003f139392fecb691b3c3ef27da2b05327d360a82c7f0ae3f5306de4dad7436f5a620d454af0f903ff8b32a8a500707de19a865f1c0201901cee33847cccab5862d70f6e60e22b924a7112d008073bb029501951da1837d9c68e4c1d46dabd7b01e245e438c2c9a9535880993a271489b5fd482d4b1f07f28d1ca6e5d2b3cd2bfb98f697ca4f3d38c5bda3cbbbedb5eeead516d6a9e96e135266421ff369ef2f8a84e0edad57cb663d42c1deccec3798dde8f7cc19a97080e565f819ffb8e089ba7957918b725ac09f6c4cc47a06df91f83e63dfd22f9b90e68eb0f924373fb067fae5fa990c91b3252cfec1ae5aed9b376878c3fe14b65b36b45041bf0a178f3fb4573732da67afece6466122d3124d3513dce40105c5420ffbccf17f1e67126f0eb535ea624e4ba252533043ac1cdfcb26237b9dd0f814fdb07769ca29471d94a777e5669b892016dec089bf0b4599d7c7be3f6bb791a8bc781f3081bbe4c987438c79f2a7a6100e93f4842e5f5ca72767551c7de7e4b89f447767ac09d774801129dfa6fd2cb094184ae7b15ac73657c5febc1f539be5a79293a74ff15bc5aadb705fc8139664dc9cf1e485a778db07d56cce4bb79e187a94bc0d6b95be358c8b91f125153ccde0d25ef790f4380077ff85d7278e56b71db735b361eec3760d793179fa70f43b5c0d948a76d08cc789367f66593582b4ddaad1898bedb60ed3629fbd239f67360a24a91d9f2a6d160b5f09d13962e5775b6e5dc57b3c1de2164b01f5ca2ce22c705566cc6d25a324beeb4d917e7f3aee150c6eca33e8b259815a70e93b5ca4783777c65654012c23f16d2e1fd8a67b8c165b1ed5229b3445d9eb5b503d3721ade5fa6a9dd2320e0c9de7ecb8f8fc8a9b407c78ce5b71cfb60934ad9f0d77ebe444d1ec1d681d86b80f067046e1a88d489fc79cc6b45db22a0d66345e9e4be6e557b9639bae8ba18515c32c4a7800ec5df328ba37be432379be4db9a5911461f171fa2df734801e7332d5b8dd102c08cae987b731ab5e2033996d964f2764c61b74c083f1a017dcae4c2450da63688446a19f2c88f365ff174b6a242cbe249cc0f69f889e75c28694f6cb2eb866931f4d9b033da8d680b4278f62f09544942284e3a732d7cb5acd1620792ad42566bdc9bb204e8b04acd60b1fa4e6e79d1032601a14cd1c242084e9c1fa1d6efdf1b7db2c88b985606b916cd749a461fa405667735dbd40a835e96959b5d05d55027930a8b2eceabb3a447e1a531cd71b47482cee94acbc7b78519add2caf4b70058be894bc3bb746af3a1a6086ecd7e26bc8a42760505cd2f9f68af1cca5a0162ff3a25e76eae557935428c9a13d1ff21f10faf0e7ace8961bea4ae01369378c76cd0035e962da000bf49f855cb45fda3cdd9ce2336e688c739477f99729b5a3c2496eae0867d2e2fbdc8689bd8418edf9cd61e39383b2306b4006edb8396fe45c3c1654b3acf43433f7121f88bc53cda260001ffafbcd9d0e812b26153a18239a4b3f3c185b94c68fd1db8f51f224451aa119d64fabc55b91745f429e0a401c20c4100bec9d580adb2f574c61b7410d6528c2ffd6a559b0ce829ccbe11bdec3dfb7b1d6d023387cc617ffb45bab9b89382fea860e7e590f5f5f026a68e49a5656355e395c5fdfa42dd2d3f44d15eaa7147dc2605b1390b973d32c878ea6c47e5ef7dfff453573f8073fcf764d1ce3d838dcd99dc814bd17669ff20fb55a361c7dba517669b6085a65d1f37f8eb277ae775a11d22206caf787c403a6f5a3960868857c647ffa23c63f9da1de2df6c80189a8a12811a4155e8381f14ab607fc18da57c08a9dcb42f553e5fe54a75dcb84454eae1181abe17553a72ae7d865cc80d66d4a87d62ca62bbd421a99bd65617ceab6c000bf09fbaba33d1dffdf2c558cca6143b803d89e2a5ba9c0ca66cac864b8e1bbaf948a131b907026237a191dd52db2c3c53c7f7cd965f512ffbc775f72e5649b5909a8ef934adc3779df2fd0014601ea0bd5998306e56a7ea7515082ab88b64f7206798300281793cd12bb13dc5ff0aa4b19e173fc4bdfab752cf0a005d5c66b3cbd86dea9e171998446aa72e65169848b89b2cff85ce4ba452c8c757d64aaa9e623253181ab00ae202ed9237d3a5fefcd0eda4d7a32a1248a92cd8502d00dacdcb5dccd1dbcc98f6d84ce0df7f42c061812f6fba8b2ac4a9288d6fa1b28d447a83686615de09dc611bedfea4151468397745baced6af22c869c3740095d72507ef63fb81ac0353bb2c3730824c65964c86792ecf78829c7da83f71a4f5a2b44d73bb6080a6b62967803d5ae24a1cf356e5b88be4713a28faedfcee7c0362dd2bdc10a1c8b5a901c2739d49afabe25a0b3b49d6e7e64256b896b0374eaa35fd73ab69af5147a45ac1cb1916ca36f98c23c105f835f2f8063f48554c9780422ef81f07391427ee8aa8c910ab380bc879c3b60f502a4c0e125f430e234aa163bf0930ae3c22f575f4f222ac6e2ccb2c2e3054503ca5f537ef5fc36198138fbfdbf4ae09e94c04e5f29b331574ce3fab00df21229d4d45c8b40dc8a68a645d4cec9cf2ccf0e6248a4bbffedbef277d67a4bb15e3fe0c72fd31d54c4358e619c63", 0x1000}], 0x4, &(0x7f0000004e40)=[{0xe8, 0x11d, 0xfffffffffffffff9, "cf791a05f7b7611369a88b7492cd6781756c7df06f7879747de27f10f4a61ab5e2a27eac5bf069b63dd6ce59f47250e0b7193cfe11ee3d896814ac4fbd2d80b5a8e96736dacd752ada8c9a5085b07f255fbdb04912bb81244bb6c1903e4ce618db1255c550bd3b0f13e77af625842a4856c6237a13cf56a4de0ea229f62bc8e72c006d4cf73891e76703f07d99e557e0a5e44f894c80f85a042401e37aab0047c52d8eeaa89ad506a072ac726b820235e97ec904f276e74c08b749f6e128a548d92b549adfa0f9d555a3d25c21aa65edca79f0d2b645f6"}, {0x70, 0x10f, 0x6, "5282fcc76b4702e9e88c623c57217f606fd690c18bc8def44b2ee8b2c8c18b312681ecb986d5d6f82af0af3410b63bb68cab4737c1c146cf9838b68369bed380946c6826a21cc20cfc54dd9b39c9eec2ec6804dc8cf9b67b741c"}, {0x38, 0x1ff, 0xd799, "9f55b6ad307dfface8a182f60f0927ed4d95bf17de14488df2a9a8d13c825ca743d011ea6a"}], 0x190}, 0x9e9b}, {{&(0x7f0000005000)=@ethernet={0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x80, &(0x7f0000005640)=[{&(0x7f0000005080)="0584adf6625f24fd85a8371cf8a78755b8203b9eea3bbf860b954353cded72ec82c60898ec87da833bfd6023a265ee47f1b831df50e204443e454902283373dadcd15c80c2fa031826394cbd9719c84b866660575218a846a04dc07c949397", 0x5f}, {&(0x7f0000005100)="69bba764349fed6436442b1eca962413af6f2eef1a0485a573a0ef140abdda2a65b020adc581d612c515ad07e6fe8a2a813c932fc0c32ec9b5801b944d01235a00", 0x41}, {&(0x7f0000005180)="3788a2ac647bca6e47d7c2f9bb465471b3159f212c49cb0c60160b40a9aa22ac0e539d869366f9dbd59c3eee58dffe4487074d78c6ed9939582273d079c1288c7e5f89b50ae219204bb0003f2753c5b70520735fd23d76", 0x57}, {&(0x7f0000005200)="918ae1438a11e8d571b3e0dc975acc3fc71930fcb490e0d9a66f106df6c61cb22f45bb8c249abae4e6c9468d65896f9638388898d7386df35e4d52267360a0fe5ad8322705d50c4d9a0569c315f88a17b9eb748577eec3eb4527a699b4cfaab0b28a57ddf1387089ec", 0x69}, {&(0x7f0000005280)="c9158bf2700e424d3652657b651af220edc6f4d13697c021dbb1f14fee046e779366fb56c592745b9149530d5a016660f54d01bb542efcde5d3d94ae8ea7b98836618a5e88aa564ed6", 0x49}, {&(0x7f0000005300)="db25a92ce6117131c04e5cf79e76f1138576b1edd493ea54623a285c73e3383f7a1e724dedceb2cec62e9e8df0b5803e94f9bffdaf5a8027baab86fc2ae660fff4f61d308435e358ad541cc28c8fa6c80cdc63afc9700615ddae4bf2eec508cf2a84790a449b759065676fe6a9e50edf858f10926406d044a07cdb7ba302af0271d873ee5fa10ccc3d7b09998342c92b47", 0x91}, {&(0x7f00000053c0)="5626b45411436fd1bffa8fa6f0798ad451cb588f9b66e1d7e49bec48947d439f413c2463d0ee294119b0be7c1f30d86a373b020db979a72fd410d6a178c63d9585db0de58a67771103dff63095370697aa0641d7282113375694627a46a7bffe79bd988722b4854ff6068435fb4e234e1bcecd749ff265fdb30a4b9ef61169d54bb1a795456fbd8be6b87b76b9f816a101df51c57fc7ea490a38650e5140331f54d4cd3cf8486b31bcb179af074a7adb91fd", 0xb2}, {&(0x7f0000005480)="bb8a8254626e03ab5871e89fcc0da652689b703440a545e938252fbb2a87125687596e9ffd19a555beeb72e61a37b47fbd476d2b31ec5c574b7caaccbc284414193e0307226239b87cba8d0fab520c0b64cfcf5088623d8b192ddf02f08f46def386f9e3a7d00159d156212f1d0a20a9cc639667c47593b7a5ea3a655dee53a98c7a", 0x82}, {&(0x7f0000005540)="94a44566be3df3a6d13a4641117f67420434efcaecb1f626d967bebc8f7ce7102c9136fefb1b8f351efac29ca68a261980a8a1ed4173cd246e4a1179927787679071ba9898ec63a6c13e83e23f9b501986b0b8e931579b3f83de2d0690993dd8086a7a276faa07fd351657f4237c935e46c010b8a0286d568f216bf526c86f505f0756c1d2b03d1b5ce44ed80a612d05f44a28558457fa10fdcdf4ae603ae725532abc9b26fac3a57eea4c7fe4cc52d73d94c3c80bd84199e9fde21d4a3723ac6f815617492c044de4e3f09a1669ea6821562fd5", 0xd4}], 0x9}, 0x6}, {{&(0x7f0000005700)=@generic={0x8, "1aefc8f75009066cf42ae575bfeb77fb85d2dc9bbca4ae6f8718b30c7b76a3fa22c8384e4036a28fd084081e4f8bd7067cb9551dde00720eb64fda94c1316e4b25587d42d7aa7aebab2d8e4f7677b61d0bc1d34de6e8c4ba60a4738b2612621425e58c82b0f1883f383abaac2745e4b0a19202cf2766b47ab72a1114ac26"}, 0x80, &(0x7f0000005940)=[{&(0x7f0000005780)="b733a8250d46a418937833099da181bf1ab149d55e386a2b7911f5d88d67d0b71ae605ddb2d6f1441dcff4855b567a0fee7e0b90fbd6b3d6be6c78a3eb5b922ad009a2a6433db23a47f2629c0d22d33c28d9146bfeb236c9ee04b7e68ed4f7e860ad0ed6e2464d4f07e99c5b76cbd0f3da2a60f1669f7a1c6bcb596bcdafa0", 0x7f}, {&(0x7f0000005800)="d1995568fd985b9b033d3a", 0xb}, {&(0x7f0000005840)="8321d81b5df44d998472d991cdb97045c3b6f4592e2dcf86de3e68d2fb469f", 0x1f}, {&(0x7f0000005880)="697ab6a90e881041b2c48f", 0xb}, {&(0x7f00000058c0)="64c9310c7d73851e2b1d246ef9655337803367f059de322771f7477810ef61e2026bf1086d86c33adb4f9ba51ab91020f2e09f4531cbb3889780bce92a165fcff675f9a0fabb", 0x46}], 0x5}, 0x9}], 0x7, 0x8080) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x80) 15:30:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x6c]}) [ 1037.431596][T13370] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1037.452095][T13375] binder: 13366:13375 got transaction with invalid data ptr [ 1037.458274][T13364] FAULT_INJECTION: forcing a failure. [ 1037.458274][T13364] name failslab, interval 1, probability 0, space 0, times 0 [ 1037.488855][T13396] binder: BINDER_SET_CONTEXT_MGR already set [ 1037.506106][T13418] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1037.524147][T13364] CPU: 1 PID: 13364 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1037.526898][T13396] binder: 13366:13396 ioctl 40046207 0 returned -16 [ 1037.532192][T13364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1037.532201][T13364] Call Trace: [ 1037.532230][T13364] dump_stack+0x172/0x1f0 [ 1037.532258][T13364] should_fail.cold+0xa/0x15 [ 1037.532284][T13364] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1037.532312][T13364] ? ___might_sleep+0x163/0x280 [ 1037.532336][T13364] __should_failslab+0x121/0x190 [ 1037.532364][T13364] should_failslab+0x9/0x14 [ 1037.540892][T13375] binder_alloc: 13366: binder_alloc_buf, no vma [ 1037.548990][T13364] kmem_cache_alloc+0x2b2/0x6f0 [ 1037.549008][T13364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.549032][T13364] ? should_fail+0x1de/0x852 [ 1037.549056][T13364] getname_kernel+0x53/0x370 [ 1037.549078][T13364] kern_path+0x20/0x40 [ 1037.556690][T13364] lookup_bdev.part.0+0x7b/0x1b0 [ 1037.571944][T13364] ? blkdev_open+0x290/0x290 [ 1037.571962][T13364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.571978][T13364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.571997][T13364] ? vfs_parse_fs_string+0x111/0x170 [ 1037.572016][T13364] blkdev_get_by_path+0x81/0x130 [ 1037.572044][T13364] mount_bdev+0x5d/0x3c0 [ 1037.581597][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1037.587692][T13364] ? msdos_mount+0x40/0x40 [ 1037.587712][T13364] ? vfs_parse_fs_string+0x116/0x170 [ 1037.587732][T13364] msdos_mount+0x35/0x40 [ 1037.587748][T13364] ? setup+0xe0/0xe0 [ 1037.587770][T13364] legacy_get_tree+0xf2/0x200 [ 1037.613231][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 1037.617046][T13364] vfs_get_tree+0x123/0x450 15:30:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x74]}) 15:30:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7a]}) [ 1037.617067][T13364] do_mount+0x1436/0x2c40 [ 1037.617097][T13364] ? copy_mount_string+0x40/0x40 [ 1037.672676][T13364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.672694][T13364] ? copy_mount_options+0x280/0x3a0 [ 1037.672713][T13364] ksys_mount+0xdb/0x150 [ 1037.672733][T13364] __x64_sys_mount+0xbe/0x150 [ 1037.683567][T13364] do_syscall_64+0x103/0x610 [ 1037.683588][T13364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1037.683601][T13364] RIP: 0033:0x45ac7a [ 1037.683621][T13364] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1037.722261][T13364] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1037.722278][T13364] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1037.722288][T13364] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1037.722305][T13364] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1037.732104][T13364] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1037.732113][T13364] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1037.803054][T13397] device nr0 entered promiscuous mode 15:30:41 executing program 2: write(0xffffffffffffffff, &(0x7f0000000340), 0x10000014c) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000cc0)}, 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x40000) ioctl$KVM_SET_NESTED_STATE(r0, 0x4080aebf, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'ipddp0\x00', 0x21}) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) getdents(r1, &(0x7f0000000040)=""/46, 0x2e) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$getflags(r0, 0x401) timer_create(0x0, 0x0, &(0x7f0000000200)=0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x280002, 0x0) timer_gettime(r3, &(0x7f0000000240)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') clock_gettime(0x0, &(0x7f0000000280)) 15:30:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') r2 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0x0, 0x2) ioctl$CAPI_NCCI_OPENCOUNT(r2, 0x80044326, &(0x7f0000000340)=0x8) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="1103000000000000000004000000c53f9c9d9c4f4fcf4398fadff55193919e7a7aa844843f5450ef2b6968cb8560653ff3ee667394404a13de164727d7f2295cd58de9c50f8c80d349cdcb7720facd1734917d44250f2bc2f2d5b25c4c4b77f747752055b63c3041d76c16bf5748a3b2379e8030f686452234f8b85c099f8e04c9378081ef2df9d6ce3ae229a0c268dcd819eb5caf6d5596c449875c"], 0x3}}, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xa0, r1, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xab}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1000}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x216f2a79}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x64c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_NODE={0x4}]}, 0xa0}}, 0x800) [ 1037.859710][T13489] binder: 13451:13489 got transaction with invalid data ptr [ 1037.886417][T13494] binder: BINDER_SET_CONTEXT_MGR already set 15:30:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0xbf]}) [ 1037.960662][T13494] binder: 13451:13494 ioctl 40046207 0 returned -16 [ 1037.967428][ T12] binder: undelivered TRANSACTION_ERROR: 29201 15:30:41 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x8000, 0x8000) futimesat(r3, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={{}, {0x0, 0x2710}}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r4 = getpid() perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x20, 0xc62, 0x1, 0xfffffffffffff801, 0x0, 0x1, 0x800, 0x3, 0x7, 0xfffffffffffffffc, 0x8001, 0xfffffffffffffeff, 0x9, 0x1, 0x101, 0x2, 0x1000200000000000, 0x626061c1, 0x0, 0x1, 0x1, 0x92b, 0x4, 0x1, 0x80, 0x1, 0x401, 0xfffffffffffeffff, 0x800, 0x401, 0x8, 0xfffffffffffffff8, 0xffff, 0x8, 0x8, 0x3f, 0x0, 0x1, 0x7, @perf_config_ext={0x8, 0x800}, 0x10401, 0x0, 0xf104, 0x4, 0x8ba, 0x1, 0x800}, r4, 0xa, r2, 0x1) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r5, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:41 executing program 3 (fault-call:0 fault-nth:45): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1038.079314][T13566] FAULT_INJECTION: forcing a failure. [ 1038.079314][T13566] name failslab, interval 1, probability 0, space 0, times 0 15:30:41 executing program 0: getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000080)={{{@in=@broadcast, @in=@initdev}}, {{}, 0x0, @in6=@local}}, &(0x7f0000000000)=0xe8) getpeername$packet(0xffffffffffffff9c, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000200)=0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xc, 0x0, &(0x7f0000000180)=@raw=[@jmp={0x5, 0x2, 0x3, 0x6, 0x7, 0xc, 0x8}], &(0x7f0000000040)='syzkaller\x00', 0x5, 0xfb, &(0x7f0000000640)=""/251, 0x41004, 0x1}, 0xfa) 15:30:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000231000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x7, 0x100) ioctl$TIOCLINUX2(r3, 0x541c, &(0x7f00000000c0)={0x2, 0x1, 0x20, 0x80000001, 0x10000, 0x4}) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) [ 1038.169308][T13616] device nr0 entered promiscuous mode [ 1038.191628][T13566] CPU: 1 PID: 13566 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1038.200070][T13566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1038.210126][T13566] Call Trace: [ 1038.213426][T13566] dump_stack+0x172/0x1f0 [ 1038.217771][T13566] should_fail.cold+0xa/0x15 [ 1038.222377][T13566] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1038.228223][T13566] ? ___might_sleep+0x163/0x280 [ 1038.233080][T13566] __should_failslab+0x121/0x190 [ 1038.238041][T13566] should_failslab+0x9/0x14 [ 1038.242549][T13566] __kmalloc+0x2dc/0x740 [ 1038.246804][T13566] ? __list_lru_init+0xd1/0x6e0 [ 1038.251656][T13566] __list_lru_init+0xd1/0x6e0 [ 1038.256350][T13566] alloc_super+0x762/0x890 [ 1038.260764][T13566] ? test_single_super+0x10/0x10 [ 1038.265694][T13566] sget_userns+0xf1/0x560 [ 1038.270021][T13566] ? kill_litter_super+0x60/0x60 [ 1038.274960][T13566] ? test_single_super+0x10/0x10 [ 1038.279889][T13566] ? kill_litter_super+0x60/0x60 [ 1038.284842][T13566] sget+0x10c/0x150 [ 1038.288645][T13566] mount_bdev+0xff/0x3c0 [ 1038.292884][T13566] ? msdos_mount+0x40/0x40 [ 1038.297346][T13566] msdos_mount+0x35/0x40 [ 1038.301586][T13566] ? setup+0xe0/0xe0 [ 1038.305492][T13566] legacy_get_tree+0xf2/0x200 [ 1038.310164][T13566] vfs_get_tree+0x123/0x450 [ 1038.314661][T13566] do_mount+0x1436/0x2c40 [ 1038.318991][T13566] ? copy_mount_string+0x40/0x40 [ 1038.323934][T13566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.330182][T13566] ? copy_mount_options+0x280/0x3a0 [ 1038.335394][T13566] ksys_mount+0xdb/0x150 [ 1038.339646][T13566] __x64_sys_mount+0xbe/0x150 [ 1038.344336][T13566] do_syscall_64+0x103/0x610 [ 1038.348926][T13566] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1038.354808][T13566] RIP: 0033:0x45ac7a [ 1038.358697][T13566] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1038.378311][T13566] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1038.386757][T13566] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1038.394723][T13566] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1038.402706][T13566] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1038.410692][T13566] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 15:30:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfd]}) 15:30:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-twofish-3way\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56ea54c7bef8915d564c90c24000000000000000000000", 0x18) sendto$unix(r1, &(0x7f0000000080), 0xfffffffffffffea5, 0x40, 0x0, 0x0) recvfrom(r1, &(0x7f0000002240)=""/4096, 0xffffffffffffffff, 0x0, 0x0, 0x573e8c0d4c32d852) ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000040)) syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x1, 0x2) [ 1038.418652][T13566] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1038.452502][T13620] binder: 13615:13620 got transaction with invalid data ptr [ 1038.486286][T13620] binder_transaction: 9 callbacks suppressed [ 1038.488275][T13620] binder: 13615:13620 transaction failed 29201/-14, size 8192-0 line 3179 15:30:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x300]}) 15:30:42 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) write$FUSE_LSEEK(r0, &(0x7f0000000000)={0x18, 0x0, 0x3, {0x8}}, 0x18) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x180000004000000) ioctl$int_in(r0, 0x280081080045006, &(0x7f0000000040)) [ 1038.587333][T13737] binder: BINDER_SET_CONTEXT_MGR already set [ 1038.623577][T13737] binder: 13615:13737 ioctl 40046207 0 returned -16 15:30:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x500]}) 15:30:42 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet_tcp(0x2, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$mice(0x0, 0x0, 0x0) r2 = syz_open_dev$vcsa(0x0, 0x5, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x3}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000100)={r3, 0x8}, &(0x7f0000000200)=0x8) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x6, &(0x7f000000a000)) setsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f00000004c0)={@local, @rand_addr=0x101}, 0xc) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x401, 0x0, @stepwise={{0x0, 0x6}, {}, {0x9}}}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x88, 0xf, 0x0, 0xfffffffffffffd81) bind(r0, &(0x7f0000000600)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x4, 0x1, 0x0, 0x1, {0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}}, 0x80) socketpair(0xa, 0x40000000080000, 0x1004, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f00000001c0)=0x8000, 0xfffffffffffffff9) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f00000006c0)) r4 = getpgrp(0xffffffffffffffff) ptrace$getenv(0x4201, r4, 0xffffffff00000001, &(0x7f0000000680)) syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00') bind$bt_hci(r0, &(0x7f0000000040), 0x58) [ 1038.632106][T13620] binder_alloc: 13615: binder_alloc_buf, no vma [ 1038.640018][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 [ 1038.656571][T13620] binder: 13615:13620 transaction failed 29189/-3, size 8192-0 line 3147 15:30:42 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/rpc\x00') r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r3, 0x4, 0x70bd27, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0xc0) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x400500, 0x0) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f00000000c0)=0x9, &(0x7f0000000100)=0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') r6 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SIOCNRDECOBS(r5, 0x89e2) r7 = dup2(r6, r6) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, 0x0) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r8, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1038.728203][ T12] binder: undelivered TRANSACTION_ERROR: 29189 15:30:42 executing program 3 (fault-call:0 fault-nth:46): syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00l\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:42 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x5) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f0000000540)=[{&(0x7f0000000500)=""/6}], 0x364, 0x0) 15:30:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x600]}) [ 1038.953936][T13864] binder: 13861:13864 transaction failed 29201/-14, size 8192-0 line 3179 [ 1038.973720][T13865] FAULT_INJECTION: forcing a failure. [ 1038.973720][T13865] name failslab, interval 1, probability 0, space 0, times 0 [ 1038.990990][T13871] device nr0 entered promiscuous mode [ 1039.016401][T13873] [ 1039.018752][T13873] ====================================================== [ 1039.025768][T13873] WARNING: possible circular locking dependency detected [ 1039.027470][T13865] CPU: 1 PID: 13865 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #37 [ 1039.032790][T13873] 5.1.0-rc2+ #37 Not tainted [ 1039.040846][T13865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1039.045417][T13873] ------------------------------------------------------ [ 1039.055461][T13865] Call Trace: [ 1039.062467][T13873] syz-executor.0/13873 is trying to acquire lock: [ 1039.065761][T13865] dump_stack+0x172/0x1f0 [ 1039.072142][T13873] 00000000d46ccbad (&sig->cred_guard_mutex){+.+.}, at: lock_trace+0x4a/0xe0 [ 1039.076462][T13865] should_fail.cold+0xa/0x15 [ 1039.085102][T13873] [ 1039.085102][T13873] but task is already holding lock: [ 1039.089685][T13865] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1039.097023][T13873] 000000008a1fc4cc (&p->lock){+.+.}, at: seq_read+0x71/0x1130 [ 1039.102822][T13865] ? ___might_sleep+0x163/0x280 [ 1039.110252][T13873] [ 1039.110252][T13873] which lock already depends on the new lock. [ 1039.110252][T13873] [ 1039.115122][T13865] __should_failslab+0x121/0x190 [ 1039.125584][T13873] [ 1039.125584][T13873] the existing dependency chain (in reverse order) is: [ 1039.130515][T13865] should_failslab+0x9/0x14 [ 1039.139509][T13873] [ 1039.139509][T13873] -> #2 (&p->lock){+.+.}: [ 1039.144035][T13865] __kmalloc+0x2dc/0x740 [ 1039.150509][T13873] lock_acquire+0x16f/0x3f0 [ 1039.154743][T13865] ? lockdep_init_map+0x1be/0x6d0 [ 1039.159749][T13873] __mutex_lock+0xf7/0x1310 [ 1039.164754][T13865] ? prealloc_shrinker+0xa6/0x350 [ 1039.169756][T13873] mutex_lock_nested+0x16/0x20 [ 1039.174758][T13865] prealloc_shrinker+0xa6/0x350 [ 1039.180021][T13873] seq_read+0x71/0x1130 [ 1039.184873][T13865] alloc_super+0x710/0x890 [ 1039.189534][T13873] proc_reg_read+0x1fe/0x2c0 [ 1039.193934][T13865] ? test_single_super+0x10/0x10 [ 1039.199051][T13873] do_iter_read+0x4a9/0x660 [ 1039.203965][T13865] sget_userns+0xf1/0x560 [ 1039.208970][T13873] vfs_readv+0xf0/0x160 [ 1039.213286][T13865] ? kill_litter_super+0x60/0x60 [ 1039.217957][T13873] default_file_splice_read+0x475/0x890 [ 1039.222868][T13865] ? test_single_super+0x10/0x10 [ 1039.228911][T13873] do_splice_to+0x12a/0x190 [ 1039.233846][T13865] ? kill_litter_super+0x60/0x60 [ 1039.238851][T13873] do_splice+0x10a9/0x13c0 [ 1039.243765][T13865] sget+0x10c/0x150 [ 1039.248686][T13873] __x64_sys_splice+0x2c6/0x330 [ 1039.252474][T13865] mount_bdev+0xff/0x3c0 [ 1039.257830][T13873] do_syscall_64+0x103/0x610 [ 1039.262053][T13865] ? msdos_mount+0x40/0x40 [ 1039.267146][T13873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.271546][T13865] msdos_mount+0x35/0x40 [ 1039.277953][T13873] [ 1039.277953][T13873] -> #1 (&pipe->mutex/1){+.+.}: [ 1039.282187][T13865] ? setup+0xe0/0xe0 [ 1039.289190][T13873] lock_acquire+0x16f/0x3f0 [ 1039.293063][T13865] legacy_get_tree+0xf2/0x200 [ 1039.298067][T13873] __mutex_lock+0xf7/0x1310 [ 1039.302801][T13865] vfs_get_tree+0x123/0x450 [ 1039.307826][T13873] mutex_lock_nested+0x16/0x20 [ 1039.312308][T13865] do_mount+0x1436/0x2c40 [ 1039.317582][T13873] fifo_open+0x159/0xb00 [ 1039.321888][T13865] ? copy_mount_string+0x40/0x40 [ 1039.326664][T13873] do_dentry_open+0x488/0x1160 [ 1039.331585][T13865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.336845][T13873] vfs_open+0xa0/0xd0 [ 1039.343065][T13865] ? copy_mount_options+0x280/0x3a0 [ 1039.347555][T13873] path_openat+0x10e9/0x46e0 [ 1039.352731][T13865] ksys_mount+0xdb/0x150 [ 1039.357823][T13873] do_filp_open+0x1a1/0x280 [ 1039.362054][T13865] __x64_sys_mount+0xbe/0x150 [ 1039.368557][T13873] do_open_execat+0x137/0x690 [ 1039.368578][T13873] __do_execve_file.isra.0+0x178d/0x23f0 [ 1039.373241][T13865] do_syscall_64+0x103/0x610 [ 1039.378413][T13873] __x64_sys_execve+0x8f/0xc0 [ 1039.384564][T13865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.389132][T13873] do_syscall_64+0x103/0x610 [ 1039.394305][T13865] RIP: 0033:0x45ac7a [ 1039.400191][T13873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.405293][T13865] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1039.409177][T13873] [ 1039.409177][T13873] -> #0 (&sig->cred_guard_mutex){+.+.}: [ 1039.415576][T13865] RSP: 002b:00007f70dfadda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1039.435177][T13873] __lock_acquire+0x239c/0x3fb0 [ 1039.442877][T13865] RAX: ffffffffffffffda RBX: 00007f70dfaddb40 RCX: 000000000045ac7a [ 1039.451271][T13873] lock_acquire+0x16f/0x3f0 [ 1039.456619][T13865] RDX: 00007f70dfaddae0 RSI: 0000000020000100 RDI: 00007f70dfaddb00 [ 1039.464582][T13873] __mutex_lock+0xf7/0x1310 [ 1039.469579][T13865] RBP: 0000000000000001 R08: 00007f70dfaddb40 R09: 00007f70dfaddae0 [ 1039.477542][T13873] mutex_lock_killable_nested+0x16/0x20 [ 1039.482813][T13865] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1039.490772][T13873] lock_trace+0x4a/0xe0 [ 1039.496811][T13865] R13: 00000000004c6ae8 R14: 00000000004dc0e8 R15: 0000000000000003 [ 1039.504767][T13873] proc_pid_stack+0x13e/0x2c0 [ 1039.522568][T13873] proc_single_show+0xf6/0x170 [ 1039.527861][T13873] seq_read+0x4db/0x1130 [ 1039.532646][T13873] do_iter_read+0x4a9/0x660 [ 1039.537662][T13873] vfs_readv+0xf0/0x160 [ 1039.539546][T13877] binder: BINDER_SET_CONTEXT_MGR already set [ 1039.542351][T13873] do_preadv+0x1c4/0x280 [ 1039.542364][T13873] __x64_sys_preadv+0x9a/0xf0 [ 1039.542378][T13873] do_syscall_64+0x103/0x610 [ 1039.542392][T13873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.542396][T13873] [ 1039.542396][T13873] other info that might help us debug this: [ 1039.542396][T13873] [ 1039.542410][T13873] Chain exists of: [ 1039.542410][T13873] &sig->cred_guard_mutex --> &pipe->mutex/1 --> &p->lock [ 1039.542410][T13873] [ 1039.548504][T13877] binder: 13861:13877 ioctl 40046207 0 returned -16 [ 1039.553170][T13873] Possible unsafe locking scenario: [ 1039.553170][T13873] [ 1039.553174][T13873] CPU0 CPU1 [ 1039.553177][T13873] ---- ---- [ 1039.553179][T13873] lock(&p->lock); [ 1039.553186][T13873] lock(&pipe->mutex/1); [ 1039.553196][T13873] lock(&p->lock); [ 1039.553202][T13873] lock(&sig->cred_guard_mutex); [ 1039.553209][T13873] [ 1039.553209][T13873] *** DEADLOCK *** [ 1039.553209][T13873] [ 1039.553217][T13873] 1 lock held by syz-executor.0/13873: [ 1039.553220][T13873] #0: 000000008a1fc4cc (&p->lock){+.+.}, at: seq_read+0x71/0x1130 [ 1039.661061][T13873] [ 1039.661061][T13873] stack backtrace: [ 1039.666945][T13873] CPU: 0 PID: 13873 Comm: syz-executor.0 Not tainted 5.1.0-rc2+ #37 [ 1039.674915][T13873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1039.684964][T13873] Call Trace: [ 1039.688254][T13873] dump_stack+0x172/0x1f0 [ 1039.692581][T13873] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 1039.698645][T13873] check_prev_add.constprop.0+0xf11/0x23c0 [ 1039.704443][T13873] ? check_usage+0x570/0x570 [ 1039.709029][T13873] ? depot_save_stack+0x1de/0x460 [ 1039.714047][T13873] ? graph_lock+0x7b/0x200 [ 1039.718453][T13873] ? __lockdep_reset_lock+0x450/0x450 [ 1039.723818][T13873] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1039.729616][T13873] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1039.735411][T13873] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1039.741644][T13873] __lock_acquire+0x239c/0x3fb0 [ 1039.746486][T13873] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1039.752289][T13873] ? mark_held_locks+0xf0/0xf0 [ 1039.757042][T13873] ? save_stack+0x45/0xd0 [ 1039.761366][T13873] lock_acquire+0x16f/0x3f0 [ 1039.765859][T13873] ? lock_trace+0x4a/0xe0 [ 1039.770177][T13873] ? lock_trace+0x4a/0xe0 [ 1039.774519][T13873] __mutex_lock+0xf7/0x1310 [ 1039.779015][T13873] ? lock_trace+0x4a/0xe0 [ 1039.783336][T13873] ? lock_trace+0x4a/0xe0 [ 1039.787653][T13873] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 1039.793276][T13873] ? mutex_trylock+0x1e0/0x1e0 [ 1039.798036][T13873] ? proc_pid_stack+0x107/0x2c0 [ 1039.802876][T13873] ? rcu_read_lock_sched_held+0x110/0x130 [ 1039.808590][T13873] mutex_lock_killable_nested+0x16/0x20 [ 1039.814126][T13873] ? mutex_lock_killable_nested+0x16/0x20 [ 1039.819846][T13873] lock_trace+0x4a/0xe0 [ 1039.823991][T13873] proc_pid_stack+0x13e/0x2c0 [ 1039.828695][T13873] ? dname_to_vma_addr.isra.0+0x3a0/0x3a0 [ 1039.834423][T13873] ? kasan_check_read+0x11/0x20 [ 1039.839264][T13873] proc_single_show+0xf6/0x170 [ 1039.844020][T13873] seq_read+0x4db/0x1130 [ 1039.848265][T13873] do_iter_read+0x4a9/0x660 [ 1039.852779][T13873] ? dup_iter+0x260/0x260 [ 1039.857102][T13873] vfs_readv+0xf0/0x160 [ 1039.861248][T13873] ? lock_downgrade+0x880/0x880 [ 1039.866107][T13873] ? compat_rw_copy_check_uvector+0x3f0/0x3f0 [ 1039.872169][T13873] ? kasan_check_read+0x11/0x20 [ 1039.877031][T13873] ? ksys_dup3+0x3e0/0x3e0 [ 1039.881442][T13873] ? kasan_check_read+0x11/0x20 [ 1039.886284][T13873] ? _copy_to_user+0xc9/0x120 [ 1039.890952][T13873] ? __fget_light+0x1a9/0x230 [ 1039.895620][T13873] do_preadv+0x1c4/0x280 [ 1039.899858][T13873] ? do_readv+0x290/0x290 [ 1039.904180][T13873] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1039.909632][T13873] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1039.915081][T13873] ? do_syscall_64+0x26/0x610 [ 1039.919753][T13873] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.925808][T13873] ? do_syscall_64+0x26/0x610 [ 1039.930477][T13873] __x64_sys_preadv+0x9a/0xf0 [ 1039.935176][T13873] do_syscall_64+0x103/0x610 [ 1039.939779][T13873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.945657][T13873] RIP: 0033:0x458209 [ 1039.949545][T13873] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 15:30:43 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0}, 0x28) r1 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x2f, 0x10000) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f00000001c0)) [ 1039.969263][T13873] RSP: 002b:00007fd8a587ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1039.977668][T13873] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458209 [ 1039.985712][T13873] RDX: 0000000000000364 RSI: 0000000020000540 RDI: 0000000000000006 [ 1039.993675][T13873] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1040.001637][T13873] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8a587b6d4 [ 1040.009723][T13873] R13: 00000000004c4c8e R14: 00000000004d85a8 R15: 00000000ffffffff 15:30:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x700]}) [ 1040.039729][T13864] binder_alloc: 13861: binder_alloc_buf, no vma [ 1040.039772][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.058098][T13865] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1040.061214][T13864] binder: 13861:13864 transaction failed 29189/-3, size 8192-0 line 3147 [ 1040.067351][T13865] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1040.082727][ T7784] binder: undelivered TRANSACTION_ERROR: 29189 15:30:43 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00t\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1040.110759][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env [ 1040.137683][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' 15:30:43 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0}, 0x28) r1 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x2f, 0x10000) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f00000001c0)) [ 1040.193066][ T3876] kobject: 'loop1' (00000000cb8a8e73): kobject_uevent_env [ 1040.227938][T14092] binder_transaction: 1 callbacks suppressed [ 1040.227947][T14092] binder: 14091:14092 got transaction with invalid data ptr 15:30:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa00]}) [ 1040.248152][ T3876] kobject: 'loop1' (00000000cb8a8e73): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1040.258470][ C1] net_ratelimit: 15 callbacks suppressed [ 1040.258477][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1040.258531][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1040.258626][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1040.258687][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1040.260357][ C0] protocol 88fb is buggy, dev hsr_slave_0 15:30:43 executing program 0: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x50000, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000040)={0x2, [0x2, 0x9]}, &(0x7f0000000080)=0x8) r1 = syz_open_dev$sndmidi(&(0x7f00000000c0)='/dev/snd/midiC#D#\x00', 0x7, 0x80402) ioctl$void(r0, 0xc0045c79) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f0000000100)) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000180)={0x3, &(0x7f0000000140)=[{0x4, 0x0, 0xfffffffffffffffc, 0x2}, {0x4a, 0x20, 0x0, 0x81}, {0x9, 0x6, 0x3, 0x7}]}, 0x10) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000001c0)={0x3b87}, 0x1) ioctl$VT_RELDISP(r0, 0x5605) connect(r0, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x3, 0x2, 0x2, 0x4, {0xa, 0x4e23, 0x1, @loopback, 0x7}}}, 0x80) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f00000003c0)={&(0x7f0000000280), 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x68, r2, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x845}, 0x40000) r3 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0x0) keyctl$read(0xb, r3, &(0x7f0000000480)=""/111, 0x6f) bind$vsock_dgram(r0, &(0x7f0000000500)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f0000000540)={0x3, 0x71, "9051e6ad451fd6bdc72f8557fc8ae1be4609d728a58cb005f5f7c3de7e3fa74a716ef1950f1b36a9dd490b396544925e6baf418b23f6ab842852e1afe117c81d5a760fe3171bb8652e1464464dbf9d2a3748479cacc6c59af4ee17231488d355fda1622b30e5830badf6cea4e42d0609fe"}) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f00000005c0)={0x1, @raw_data="744e164d2eb9909adc482167f4dde75b878054be94b48f5072617e1977f10c7d869178dcaa0eae7053c2b9dfea340de692bf9ff357fe608d3de85911bcd2c5f02b03688877b6aaf9c8a71e7d6b45d896810e0817cfdaf43c3b415c3fce26d074cd585e02bafa815f6bb9e93c4567222ffbadb2041e10b16f004e1da4f150c99adf6fea1b3b03c83de4fe1b7bd5c6218d29fd25c2e00b933063688a5b90e6233d12c04138a6c210459bb7ae5fe1efb7fa36fe49c9218a9b5d0c7f0782a6149d11676f991d9947031f"}) listen(r0, 0x3f) r4 = openat$null(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/null\x00', 0x10000, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000700)) r6 = socket$kcm(0x29, 0x7, 0x0) membarrier(0x41, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r4, 0x84, 0xe, &(0x7f0000000740)={0x0, 0x8, 0x2, 0x5, 0x530, 0x2, 0x9, 0x20, {0x0, @in={{0x2, 0x4e23, @broadcast}}, 0x4, 0x4, 0x80, 0xc45f, 0x3}}, &(0x7f0000000800)=0xb0) setsockopt$inet_sctp_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000840)={r7, 0x83, 0x1000, "324c47b100670ba07e00ad6f97bf6ce9d031cb894dec7e1470b418c023127170543203d73aa592f0980f6ecae8e1f33ab51fa5fb87f198c22910905e559a278e7ea4f9e05dc4804ca8170e12c3a466867b8d45e1b0398de0066b7f82ebecc5be6b1a0d5b207cf0ecc893e41352a96f92bb1da6cbca46f56d1fb341f1d58dbca6e6a674ea34d72da341f71f663b5dd9a95d0d46a118b2746c66c732500c8e7087e94c756bb8ad4a5ac37bb26ce522f4560e3d11f1782d9ba5ffa7dadc4f24729511417c458d334c20fcfa2d9b5dc2aec39b839a7260eed2de29f73ccc887fab6feb9c279b07c2f1dddace3ec2805844f3a3b53c108103bbd9e344c4a3cc517a5125021c25d61d69a8e2a91a5788a5a4c03130acd5efe8c01c5c51c59e9a9a28f46187dbc552f50afc80b58dae41311b88402f2740137b01d1bfbfe0e2984140f6f4b0a1056741dbd5089132c05a024c2bad8f5669e1ace1243df9e0a9f2338f81c17e5682c5ae5508b5cc8c0dabe912879f76ae3ebe89074c7caeb6222612eba7397e2dec6682f5544f0e6b3b28d4d786c77041d2f7b4dfaf4a559431ceaaf7f642a51165c68d0df8e47623ce2f1db46cbf86a5c2d64d78525d198852034f38854dd412612407ce0f3fa60cf9a860fbfdd452980b66f70fffad04c9db337afcc65db872fa051d7383485ba9552e2c51dd2cf126bf811b39aef21c7c186f3ababb3ffa3a7b9303efdae06a9547b33632d54a5fe259a2523536d07508653ec6df2d2eab69371fef02f18e4765f633bc570b8b62b25696c8dafc52e7af669f77401c36003fc97dd3e7548ae404a0e40cbc3464a833fcb5303950e27a8718c626dd7f77f54157d0ed4d6025eb6877695f1c60b38d07a36f44c3c5bdcd8cb01f1d5a67baa34ee8e3517a9f5bea799f041a4ca0c7de7ab5deff451e64e06dc0d64f63562bc1519f97770087c6596858d6343172848886c29f536d136463f80fbaf4dc2086cde2c63fc73940e6412ddafc72e2f4a2f49fdda71975edc28097e2876506e1a3483ccde3949b51f6cd6b04380d235ad3a35a8bad7989d94a7bacb6e49eb43b29a25cde6ccc76fd2aa589623b6491c9f851ecb3a92fa8ef82ba47e56c25cc4416c7a46f8def723130fd106528ed897bb0c81ec926f2cd2be8cb14ed75df2c43a8b2feba1987a5b5cb90aa30bee46ae3d27310c1cd38acca994e88d0f15e5ee23680ce091a1ed91cf9fdd20fbe6ae70fb024ca303f9109aab1eb89031291547de78f5359987a40437b4a7ccee13ba69a96e1e36163e522395f3bcd11e14411415168e4e1f6b9d44db097a0c7c2227b11e5812b324c789c3d80a7025a8b66b6f2f0da0b4b71f45b23e0f070a4f8cd7c7c97350ba0504613b6ef9d6454ede71a1b72d0e0065f9c6ec4fc2dbcbfb75eebce51e51b3381c243e5a78bff39af2f0466ffe5092018ba726d4f6e49dbd4990b73c2cf65332be51ed316b2f88db273e9de9e0bb210ba773ee8958eb4ef456722a097afd20b679cee2036fad844df24b3e73423c323e6997515879220421ac7bc5834ce727fd6523598d248a9196b79a0aade0cefa4c4bd138d342f963b072434a84118da705b4f54a991016210d59e9716ba195cea20428398f117e1bdc0699ddfdf9ae5e9227376932b2bb01b452257dc9bd5ab60344b3aad1e63dbb11e9e7875ea846599123009b7c737af67eea0a2f20726d8fb1f99d8c129e91f6bb9a7c66a80f87d7a8f34ba19f06ca190c25234361fe51deff1cae66ea1693d686e3a88e1faed85bf05a4bbd3a46aed920f1ab41690a285b2ab82490a3e0fe3d66ee0a188ee85a7a87386ced6d1487d03cfb1b99240a496a4fa65260515448cf40094678cd23de8592a306401692c703b544c48c5e9d47db59f02eee5eea1ff1052037e878b8eae709c7072c091334905e1ce03e6fb91addf4c4c50603e5cabe47efc4398fbcabf98d46dac95487c140260d4694a6fe688675fce8185a6a2678afe5f1947dfd9e282dced6d6b630605579decac4592dd54fe71c7294224d55b6f00b0052a50ac977999e115d3fba734cd107c80aff6b88e80b8eb4d03b499476ed1d5af5217d257188d29438aacb2ec31fd0d24adfad45216f4d07835636d3b82cb68edca18034781d4140445aa6e7b1eac807bd94adece7c78daf26c6a4531b0b58a2c9a97bbd5d12b47c0c9b2416a6f3c25d39263f9d1199dcfa9aec742ed75d04c2d51c74c45e6eb0e1b15a2799879dc1ab0da5db34348f698f4612f25ec289a401b9aab0508fe77e3e89571eedaae4056697d6c94aec72b0fdec22eda0e1d9eec41c5b660c5d9c46b1f661236e95d5867dae1a3adda7a0f12564123fc6b596a827500fa41f1ef044eefb77f7fe747afb1474d6aa3fcc81c5203f5fe84481f1e5a45e114055d2a51a760fb8acdefc6e9a05ae3363f515b36ad6e4a0291e23cf24425c2c7d129eacf0d95df0516aa1d0c68ec6a6b74bc775a10c235a18e70ad9b9aed0448dfbd74896b64a361148981a5234588a0c3637ccc0ec123a9862099bd25f5655eaf78e0ad8291baa31aac2050577d33c070b7f56a0308e9b2d1ac2416038f548ae174614d57e89a1b68d3afc804824d36e43b36b0d17dbc7fdfe106b464fcaac7e37249edb26c99cb1cb8fb424f56ac3d30b8b381c0ee27a555c5498ee1de5703143d224dfae6b00bacdedece577e826a4c04c03eea7035aa9f2ae9f1c0f4ac1e8c0705aa7313bf6e9438c0a6b3485fd477f791f2f233de597e90394a2e38d2dc181499398e13942947892aed22404073c1e4a976a1079e5836b26dc22c3955aef6d725c9e342b7c6169442105c8f95a84f3989b951933c816ca1a87c26b0cb434df79965c87c253ba6e50e9a48df80e29dde2e3cb3ad8878bc838931ab4d9535373dfd5de2e1bdcade5430163ed5ec1eed2f31ccfa854553ea887df500a994061888451ead8eb59c9f03a9323bb18a28ddf76831c58d4c0757eb9f18b5cf9b507e66104bb517272bfafd8e862f3e4689965feb24df1ed6defccd6d866fe9ee671201e3fa418aa0680fc4016e62744151d42ddbf2f6a9adf2f822ae2afba846cfaf32f0ce590012ae43190704a19a515f62d4fe9e9fd542e55bbcd300c14df364dc766e74da88a5cc342dd08fb3aba5678bdf3fa81751426e386427162fe7f7a0389aa814960819d441930ad59d0ddc038971e6371f2466b33270ffc5865c89d79a3f3dd7a80912bb69b3505ac4731a6e3f1613ec69bd7baa83c60468df2af4853fc830d59cae385668836d2a8b8f84d4869374abcc2de44eac1a46753c009cbd47d7ff3e61d98a5cfe0795e6e26a1409c290e355e0e22f430d4c9f441f3ff96ae55181d39669ee6191d890c25d3e705fb4fa321e0cd8c0ad4c94bbb47c959df601770d6db599c2f08b1d1ec403a3aa5f1f076ce7032a3d721533db05feb6fe22c5357b32db91c516c6a7eab3ad49df2b0be6e3c14b167ff19049cd6c004c6234d2acc2b00a38a05f9d56ff22576d8a241c8ff72f63022dfa927dbcb26e0bafb9a5ad2d3a8ec75cee4c16337f95b15243a5f8d89285cbb3b8ff2b84cac94a2c680a8e1c5a4bdf93fbecf216b20ee53101ce2b31300b8763914ba2fd7e9297503382d94fa2fffde7c233adb326a91f9db569e93fd1dc3a066e08d5469963e13d7bacab5d57ed83f4fbe3ef2ba204d2a8ecf6d09051d19d5bf7fea784bb96adad62005cf5abd2061dd6291be6e7239f219648148d34811fe1abe51b093b10f373a89cb1571500c9a29f017dabf98968b38a26324308f3fbedad7909121f6e98a9c2e864261975b8c6dc75bf6516b688dedc1a2d6741c027981c0165c09f8349995e911b3198d973427aef1ed0fcaa46d5f894bdd0a2cfe0179d2d0add6f0b46d59d25ff8a38b9036a3dbe93eb1e26b05c83e780a024e33cba5510fb412f28dc81017695c63293977af6d1062f26651aaa8f3d082cbb2f8ec4eeb8bff3d8ff01490d773ca00cb9b05497be1c32b12a37ffdb13c28266f3416c1f275bc4e20ea0c0d55011fed5daf60e480213aae3a740e4c6ec92e37c7c5437276be2b4b2ff8ea9422b34a8395ae459c5aa4f01492fb11ced7813485e694db0a19c2d83c6121725615e79ea2ae3ba75492e524595ca95c7fa3b115c2443e5184eb948f2e8f92626fb622571a5e17e57ecb50eeff58983a16c53cbba07fca5fbd32915038556aff2c42d9b01fdaaae882af492281ddef3a84d58c43a3d709a208e0faad34d92483dd670a12a863c91d1a3ba4ccfe112b6a5f5a591e68d63f67580709999ead425d322b963b37bb5a85280fdfaafef7808078ce85a57124813880a409e723072c74e7c3cffb936f4d0ed6145b7e14b468a26669d6f6b030fe6abe6147acfa1bddaf1a48940fc112e502fb9365adb5a9460e466ce29a483a18dae0e7387dd732ed4a9ef5508ed2f5c0f4f23198294c297308f776e5d65b4c0bd76a567a8ce93e07fe49fc7c8b5485c500fe44f50542ce6afcd8e4b9d4bc764ea297e1f75eca876071074a698684aa737e0fb3de5ebf6baa2121dccf37743433d75569339ca86a337e5a1c848768c0d1a7b24ef10fc262577463bd8bbcf831c8c596d45fece3910519b45ffb0d93b071339220bbaa35cb646d36309b4a91e81293f4aaccd6b3d79bc788d59cbab5c452ad3eb3fd6b04f72b301ed5020a473a34ec554e6bd9a3338116798a719f231858a8e7829119b1d7747c0e3390ca289170c6e1b6c2227ed911c274b6627a7250779246a7a0098f5521a5ed9252965e04de8a540b57889043615625bfc955c381a1b848014a3ad438ed864e6f881c41dbd20fe07e30d5b94c4e13e07b40e6a1e65155534c19a5af9cbdf5af761492ea989c9703740133262cda6851ea0497325bd73322b92ca5993e85bcefc078915e49fde5e4bdef297ea8463e43e51752cd2289c0220a59483f937bf255eb511a7e0d9bebc185272d60f3e4ad9a4b4c3e5b23d92d688c08a9398ced84cd7565cd41c201f61f36afea39d83dc4135887b598b9cd915f4599cc2f5c11b28cb5913d2a80141fefd00425c06fe64772f89521e4f222c78b9e70fda7826e15fbf5ce15663cba6199d23fc5e2d66b41e30846492de1be8af28673b033aa33711ccdd4db50b1c7dfa950413ea6d1b253c173cd9a51a88a068a23a6567020d3da14ab554a7a54ba326c41f87d3200bdd54a0e6b1b8b8edab8143bfc558a11eea47db762012790510fb6aaf913c18d3bc84e4385e5a5cf9b982a6911b6dc7c3b20d534745cc14b36c81a6b26f3e8768914a2305f4b971f4ee0278ce73b52f1b14db539cb729ed909e426ac8732863781c5fec266a590431e9a30b69a69fbdbe0cd92442ff8a4a9c6611f5fdac330aa0de4cf270bfa77c54001b9fd955f45d3f95f90e2800bf9dc8112fa92e2323652ca6bcf114cf9fe0c37d66ed0efd69817e459f50eb58d53bdb7c9abdb8b548ebcac2265e70351c5e7605c82558c7591474391727e42e8213085a325bf6d2797df61cc56a9889a9fa35f068396bb4625d201d138c38e14d48694df54f5fd598a01374d54964a8852d30d91c50d5baa54a68cbc08eac883bcfc45bc6ee66e6b2eabe4536ae031e4619f32a7b756b48878e323196aa0d9d3fa8459ff9381e1b20a4dd260d09e8a47de73037ed954960b3cc5fcd7842a5c9127691f2f6e58529077a10591b906206d68f02e5d30305236cf343d314c0355514e2cda120e31f9b096d63432a796db62548bdcf92a3bf56401c656fdb"}, 0x1008) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000001880)={r6, 0x0, 0x7f, 0x7a66, 0x4}) ioctl$sock_inet_SIOCSIFADDR(r5, 0x8916, &(0x7f00000018c0)={'team_slave_0\x00', {0x2, 0x4e21, @broadcast}}) r8 = syz_open_dev$mouse(&(0x7f0000001900)='/dev/input/mouse#\x00', 0x1, 0x40000) ioctl$VHOST_SET_VRING_ENDIAN(r8, 0x4008af13, &(0x7f0000001940)={0x3, 0x3}) setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000001980)={@in={{0x2, 0x4e24, @empty}}, 0x0, 0x3, 0x0, "bb61c1974d9cdf56307075e107dc5e3a4dbf817234322bba0b50d349773f4d33e80bfe86fc45f23f6756b873842e2969205621cf1214fbb82a6296edbf7f8856b5a2b36f48d284b2b8c748ad41349d86"}, 0xd8) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r8, 0x29, 0xd2, &(0x7f0000001a80)={{0xa, 0x4e22, 0x6, @mcast2, 0x1}, {0xa, 0x4e23, 0x8, @rand_addr="dba0fe508295413b3fb0c7b84c1f90b1", 0x6}, 0x2, [0x0, 0x2, 0x8, 0x0, 0x95, 0x3, 0x7, 0xfffffffffffeffff]}, 0x5c) [ 1040.264557][T14093] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1040.270162][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1040.305924][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1040.311714][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1040.317510][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1040.323289][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1040.330884][T14092] binder: 14091:14092 transaction failed 29201/-14, size 8192-0 line 3179 [ 1040.340012][ T3876] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1040.347264][ T3876] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1040.359172][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1040.363545][T14097] binder: BINDER_SET_CONTEXT_MGR already set [ 1040.366438][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1040.383437][T13840] kobject: 'batman_adv' (000000000e1390b7): kobject_uevent_env [ 1040.392167][T14093] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1040.420416][T13840] kobject: 'batman_adv' (000000000e1390b7): kobject_uevent_env: filter function caused the event to drop! [ 1040.429218][ T3876] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1040.446477][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.448917][ T3876] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1040.454210][T14092] binder_alloc: 14091: binder_alloc_buf, no vma [ 1040.484392][T13840] kobject: 'batman_adv' (000000000e1390b7): kobject_cleanup, parent (null) [ 1040.511872][T14097] binder: 14091:14097 ioctl 40046207 0 returned -16 [ 1040.527602][T14092] binder: 14091:14092 transaction failed 29189/-3, size 8192-0 line 3147 [ 1040.530364][T13840] kobject: 'batman_adv' (000000000e1390b7): calling ktype release [ 1040.570357][T13840] kobject: (000000000e1390b7): dynamic_kobj_release [ 1040.590338][T13840] kobject: 'batman_adv': free name [ 1040.595732][T13840] kobject: 'rx-0' (000000009e079493): kobject_cleanup, parent 00000000b81d501b [ 1040.612994][T13840] kobject: 'rx-0' (000000009e079493): auto cleanup 'remove' event [ 1040.622030][ T7783] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1040.629392][ T7783] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1040.642397][T13840] kobject: 'rx-0' (000000009e079493): kobject_uevent_env [ 1040.655279][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1040.669038][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1040.690353][T13840] kobject: 'rx-0' (000000009e079493): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1040.701428][T13840] kobject: 'rx-0' (000000009e079493): auto cleanup kobject_del [ 1040.710910][T13840] kobject: 'rx-0' (000000009e079493): calling ktype release [ 1040.725203][T13840] kobject: 'rx-0': free name [ 1040.730350][T13840] kobject: 'tx-0' (000000004e470094): kobject_cleanup, parent 00000000b81d501b [ 1040.739345][T13840] kobject: 'tx-0' (000000004e470094): auto cleanup 'remove' event [ 1040.747255][T13840] kobject: 'tx-0' (000000004e470094): kobject_uevent_env [ 1040.754447][T13840] kobject: 'tx-0' (000000004e470094): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1040.767745][T13840] kobject: 'tx-0' (000000004e470094): auto cleanup kobject_del [ 1040.775664][T13840] kobject: 'tx-0' (000000004e470094): calling ktype release [ 1040.785432][T13840] kobject: 'tx-0': free name [ 1040.790103][T13840] kobject: 'queues' (00000000b81d501b): kobject_cleanup, parent (null) [ 1040.799377][T13840] kobject: 'queues' (00000000b81d501b): calling ktype release [ 1040.809233][T13840] kobject: 'queues' (00000000b81d501b): kset_release [ 1040.816074][T13840] kobject: 'queues': free name [ 1040.823577][T13840] kobject: 'nr0' (0000000064806709): kobject_uevent_env [ 1040.830823][T13840] kobject: 'nr0' (0000000064806709): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1040.872224][ T3876] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1040.880548][T13840] kobject: 'nr0' (0000000064806709): kobject_cleanup, parent (null) [ 1040.899656][ T3876] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1040.912541][T13840] kobject: 'nr0' (0000000064806709): calling ktype release 15:30:44 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:44 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0}, 0x28) r1 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x2f, 0x10000) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f00000001c0)) 15:30:44 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='m\x02dos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1040.932756][T13840] kobject: 'nr0': free name [ 1040.937973][ T3876] kobject: 'loop1' (00000000cb8a8e73): kobject_uevent_env [ 1040.960312][ T3876] kobject: 'loop1' (00000000cb8a8e73): fill_kobj_path: path = '/devices/virtual/block/loop1' 15:30:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4800]}) 15:30:44 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r1) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x70, 0x0, &(0x7f0000000080)) [ 1040.975859][T14213] kobject: 'nr0' (0000000009f20349): kobject_add_internal: parent: 'net', set: 'devices' [ 1041.001753][T14218] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1041.016343][ T3876] kobject: 'loop5' (00000000e540f250): kobject_uevent_env [ 1041.026377][T14213] kobject: 'nr0' (0000000009f20349): kobject_uevent_env 15:30:44 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0}, 0x28) r1 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x2f, 0x10000) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f00000001c0)) [ 1041.036776][T14256] binder: 14212:14256 got transaction with invalid data ptr [ 1041.045314][ T3876] kobject: 'loop5' (00000000e540f250): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1041.047600][T14218] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.070821][T14256] binder: 14212:14256 transaction failed 29201/-14, size 8192-0 line 3179 15:30:44 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/rpc\x00') r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r3, 0x4, 0x70bd27, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0xc0) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x400500, 0x0) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f00000000c0)=0x9, &(0x7f0000000100)=0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') r6 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SIOCNRDECOBS(r5, 0x89e2) r7 = dup2(r6, r6) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, 0x0) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r8, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1041.089616][T14213] kobject: 'nr0' (0000000009f20349): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1041.118173][T14213] kobject: 'queues' (00000000704dbb05): kobject_add_internal: parent: 'nr0', set: '' [ 1041.134322][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env [ 1041.147657][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' 15:30:44 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0}, 0x28) syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x2f, 0x10000) [ 1041.180380][T14213] kobject: 'queues' (00000000704dbb05): kobject_uevent_env [ 1041.199370][ T3876] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1041.207840][T14213] kobject: 'queues' (00000000704dbb05): kobject_uevent_env: filter function caused the event to drop! [ 1041.224576][ T3876] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1041.235457][T14218] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1041.246759][T14213] kobject: 'rx-0' (00000000c82ba1ea): kobject_add_internal: parent: 'queues', set: 'queues' [ 1041.256288][T14218] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.257914][T14213] kobject: 'rx-0' (00000000c82ba1ea): kobject_uevent_env [ 1041.277209][T14213] kobject: 'rx-0' (00000000c82ba1ea): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1041.282710][ T3876] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1041.295655][T14213] kobject: 'tx-0' (00000000104c78a4): kobject_add_internal: parent: 'queues', set: 'queues' [ 1041.310140][T14218] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env 15:30:44 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x12, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0}, 0x28) [ 1041.320627][T14213] kobject: 'tx-0' (00000000104c78a4): kobject_uevent_env [ 1041.324617][ T3876] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.337058][T14218] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.343190][T14213] kobject: 'tx-0' (00000000104c78a4): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1041.368844][T14213] kobject: 'batman_adv' (000000005c737955): kobject_add_internal: parent: 'nr0', set: '' [ 1041.373632][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env [ 1041.389815][T14334] kobject: 'nr0' (0000000098538d1f): kobject_add_internal: parent: 'net', set: 'devices' [ 1041.403127][T14256] binder: BINDER_SET_CONTEXT_MGR already set [ 1041.412493][T14256] binder: 14212:14256 ioctl 40046207 0 returned -16 [ 1041.419248][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' 15:30:44 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) [ 1041.419934][T14334] kobject: 'nr0' (0000000098538d1f): kobject_uevent_env [ 1041.431408][T14214] binder_alloc: 14212: binder_alloc_buf, no vma [ 1041.439816][T14334] kobject: 'nr0' (0000000098538d1f): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1041.463145][T14214] binder: 14212:14214 transaction failed 29189/-3, size 8192-0 line 3147 [ 1041.463190][T14334] kobject: 'queues' (000000003f25333e): kobject_add_internal: parent: 'nr0', set: '' 15:30:44 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='m\x03dos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1041.489054][T14334] kobject: 'queues' (000000003f25333e): kobject_uevent_env [ 1041.498212][T14334] kobject: 'queues' (000000003f25333e): kobject_uevent_env: filter function caused the event to drop! [ 1041.517223][T14334] kobject: 'rx-0' (0000000014c0ce6a): kobject_add_internal: parent: 'queues', set: 'queues' [ 1041.527794][T14334] kobject: 'rx-0' (0000000014c0ce6a): kobject_uevent_env [ 1041.535176][T14334] kobject: 'rx-0' (0000000014c0ce6a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1041.546119][T14334] kobject: 'tx-0' (0000000064eed0a2): kobject_add_internal: parent: 'queues', set: 'queues' [ 1041.556372][ T7783] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1041.556405][ T7783] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.570555][T14452] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1041.574168][ T3876] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1041.583650][T14452] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.606772][ T3876] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.617520][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1041.624864][T14334] kobject: 'tx-0' (0000000064eed0a2): kobject_uevent_env [ 1041.630515][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1041.633505][T14334] kobject: 'tx-0' (0000000064eed0a2): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1041.655978][T14334] kobject: 'batman_adv' (000000005546d1b3): kobject_add_internal: parent: 'nr0', set: '' [ 1041.666971][T14452] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1041.669263][T14239] device nr0 entered promiscuous mode [ 1041.674527][T14452] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.705062][T14334] kobject: 'batman_adv' (000000005546d1b3): kobject_uevent_env [ 1041.716640][ T3876] kobject: 'loop1' (00000000cb8a8e73): kobject_uevent_env [ 1041.719378][T14334] kobject: 'batman_adv' (000000005546d1b3): kobject_uevent_env: filter function caused the event to drop! [ 1041.729655][ T3876] kobject: 'loop1' (00000000cb8a8e73): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1041.746685][T14334] kobject: 'batman_adv' (000000005546d1b3): kobject_cleanup, parent (null) [ 1041.753086][ T3876] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1041.770208][ T3876] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1041.774826][T14334] kobject: 'batman_adv' (000000005546d1b3): calling ktype release [ 1041.788390][T14334] kobject: (000000005546d1b3): dynamic_kobj_release [ 1041.795497][T14334] kobject: 'batman_adv': free name [ 1041.800858][T14334] kobject: 'rx-0' (0000000014c0ce6a): kobject_cleanup, parent 000000003f25333e [ 1041.809822][T14334] kobject: 'rx-0' (0000000014c0ce6a): auto cleanup 'remove' event [ 1041.817755][T14334] kobject: 'rx-0' (0000000014c0ce6a): kobject_uevent_env [ 1041.824840][T14334] kobject: 'rx-0' (0000000014c0ce6a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1041.835757][T14334] kobject: 'rx-0' (0000000014c0ce6a): auto cleanup kobject_del [ 1041.843357][T14334] kobject: 'rx-0' (0000000014c0ce6a): calling ktype release [ 1041.850730][T14334] kobject: 'rx-0': free name [ 1041.855362][T14334] kobject: 'tx-0' (0000000064eed0a2): kobject_cleanup, parent 000000003f25333e [ 1041.864343][T14334] kobject: 'tx-0' (0000000064eed0a2): auto cleanup 'remove' event [ 1041.872305][T14334] kobject: 'tx-0' (0000000064eed0a2): kobject_uevent_env [ 1041.879321][T14334] kobject: 'tx-0' (0000000064eed0a2): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1041.890239][T14334] kobject: 'tx-0' (0000000064eed0a2): auto cleanup kobject_del [ 1041.897833][T14334] kobject: 'tx-0' (0000000064eed0a2): calling ktype release [ 1041.905203][T14334] kobject: 'tx-0': free name [ 1041.909826][T14334] kobject: 'queues' (000000003f25333e): kobject_cleanup, parent (null) [ 1041.918968][T14334] kobject: 'queues' (000000003f25333e): calling ktype release [ 1041.926470][T14334] kobject: 'queues' (000000003f25333e): kset_release [ 1041.933203][T14334] kobject: 'queues': free name [ 1041.938182][T14334] kobject: 'nr0' (0000000098538d1f): kobject_uevent_env [ 1041.945425][T14334] kobject: 'nr0' (0000000098538d1f): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1041.956966][T14211] kobject: 'batman_adv' (000000005c737955): kobject_uevent_env [ 1041.964622][T14211] kobject: 'batman_adv' (000000005c737955): kobject_uevent_env: filter function caused the event to drop! [ 1041.976007][T14211] kobject: 'batman_adv' (000000005c737955): kobject_cleanup, parent (null) [ 1041.985501][T14211] kobject: 'batman_adv' (000000005c737955): calling ktype release [ 1041.993318][T14211] kobject: (000000005c737955): dynamic_kobj_release [ 1041.999910][T14211] kobject: 'batman_adv': free name [ 1042.005244][T14211] kobject: 'rx-0' (00000000c82ba1ea): kobject_cleanup, parent 00000000704dbb05 [ 1042.014291][T14211] kobject: 'rx-0' (00000000c82ba1ea): auto cleanup 'remove' event [ 1042.022250][T14211] kobject: 'rx-0' (00000000c82ba1ea): kobject_uevent_env [ 1042.029297][T14211] kobject: 'rx-0' (00000000c82ba1ea): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1042.040213][T14211] kobject: 'rx-0' (00000000c82ba1ea): auto cleanup kobject_del [ 1042.047813][T14211] kobject: 'rx-0' (00000000c82ba1ea): calling ktype release [ 1042.055130][T14211] kobject: 'rx-0': free name [ 1042.059759][T14211] kobject: 'tx-0' (00000000104c78a4): kobject_cleanup, parent 00000000704dbb05 [ 1042.068715][T14211] kobject: 'tx-0' (00000000104c78a4): auto cleanup 'remove' event [ 1042.076617][T14211] kobject: 'tx-0' (00000000104c78a4): kobject_uevent_env [ 1042.083688][T14211] kobject: 'tx-0' (00000000104c78a4): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1042.094702][T14211] kobject: 'tx-0' (00000000104c78a4): auto cleanup kobject_del [ 1042.102333][T14211] kobject: 'tx-0' (00000000104c78a4): calling ktype release [ 1042.109628][T14211] kobject: 'tx-0': free name [ 1042.114331][T14211] kobject: 'queues' (00000000704dbb05): kobject_cleanup, parent (null) [ 1042.123460][T14211] kobject: 'queues' (00000000704dbb05): calling ktype release [ 1042.130950][T14211] kobject: 'queues' (00000000704dbb05): kset_release [ 1042.137638][T14211] kobject: 'queues': free name [ 1042.142766][T14211] kobject: 'nr0' (0000000009f20349): kobject_uevent_env [ 1042.149801][T14211] kobject: 'nr0' (0000000009f20349): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1042.159814][T14334] kobject: 'nr0' (0000000098538d1f): kobject_cleanup, parent (null) [ 1042.168863][T14334] kobject: 'nr0' (0000000098538d1f): calling ktype release [ 1042.176310][T14334] kobject: 'nr0': free name [ 1042.181318][T14211] kobject: 'nr0' (0000000009f20349): kobject_cleanup, parent (null) [ 1042.185453][ T3876] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1042.190619][T14211] kobject: 'nr0' (0000000009f20349): calling ktype release [ 1042.197517][ T3876] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1042.205264][T14211] kobject: 'nr0': free name 15:30:45 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000340)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000fffffdfd0000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:45 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) 15:30:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4c00]}) 15:30:45 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='m\x04dos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:45 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/rpc\x00') r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r3, 0x4, 0x70bd27, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0xc0) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x400500, 0x0) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f00000000c0)=0x9, &(0x7f0000000100)=0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') r6 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SIOCNRDECOBS(r5, 0x89e2) r7 = dup2(r6, r6) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, 0x0) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r8, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:45 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 1042.362795][T14473] binder: 14463:14473 got transaction with invalid data ptr [ 1042.363926][T14469] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1042.370868][T14472] kobject: 'nr0' (00000000f753bed1): kobject_add_internal: parent: 'net', set: 'devices' [ 1042.384049][T14469] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1042.390616][T14473] binder: 14463:14473 transaction failed 29201/-14, size 8192-0 line 3179 [ 1042.411955][ T3876] kobject: 'loop5' (00000000e540f250): kobject_uevent_env [ 1042.419114][ T3876] kobject: 'loop5' (00000000e540f250): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1042.434074][T14472] kobject: 'nr0' (00000000f753bed1): kobject_uevent_env [ 1042.436809][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env [ 1042.451180][T14484] binder: BINDER_SET_CONTEXT_MGR already set 15:30:45 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 1042.455882][T14472] kobject: 'nr0' (00000000f753bed1): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1042.458657][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1042.468253][T14472] kobject: 'queues' (00000000ab84d754): kobject_add_internal: parent: 'nr0', set: '' [ 1042.478378][T14484] binder: 14463:14484 ioctl 40046207 0 returned -16 [ 1042.494560][T14472] kobject: 'queues' (00000000ab84d754): kobject_uevent_env [ 1042.494570][T14472] kobject: 'queues' (00000000ab84d754): kobject_uevent_env: filter function caused the event to drop! [ 1042.494595][T14472] kobject: 'rx-0' (000000002c7349d0): kobject_add_internal: parent: 'queues', set: 'queues' [ 1042.505454][ T12] binder_release_work: 3 callbacks suppressed [ 1042.505460][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1042.513069][T14469] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1042.523412][T14473] binder_alloc: 14463: binder_alloc_buf, no vma [ 1042.561643][T14473] binder: 14463:14473 transaction failed 29189/-3, size 8192-0 line 3147 [ 1042.562031][T14469] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1042.579105][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 1042.583735][T14472] kobject: 'rx-0' (000000002c7349d0): kobject_uevent_env [ 1042.594160][T14472] kobject: 'rx-0' (000000002c7349d0): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' 15:30:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000060ff0000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1042.614791][T14472] kobject: 'tx-0' (0000000016a19beb): kobject_add_internal: parent: 'queues', set: 'queues' [ 1042.629898][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1042.639066][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1042.644095][T14469] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1042.650209][T14472] kobject: 'tx-0' (0000000016a19beb): kobject_uevent_env 15:30:46 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) [ 1042.669742][T14469] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1042.671402][T14472] kobject: 'tx-0' (0000000016a19beb): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1042.695739][T14472] kobject: 'batman_adv' (00000000fa84705d): kobject_add_internal: parent: 'nr0', set: '' [ 1042.708660][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env 15:30:46 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) 15:30:46 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='m\x05dos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1042.722615][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1042.733369][T14485] kobject: 'nr0' (000000008127b198): kobject_add_internal: parent: 'net', set: 'devices' [ 1042.751912][T14485] kobject: 'nr0' (000000008127b198): kobject_uevent_env [ 1042.761932][T14485] kobject: 'nr0' (000000008127b198): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1042.773550][T14485] kobject: 'queues' (00000000e769d06b): kobject_add_internal: parent: 'nr0', set: '' [ 1042.780356][T14599] binder: 14571:14599 got transaction with invalid data ptr [ 1042.789867][T14485] kobject: 'queues' (00000000e769d06b): kobject_uevent_env [ 1042.798154][T14485] kobject: 'queues' (00000000e769d06b): kobject_uevent_env: filter function caused the event to drop! [ 1042.809480][T14485] kobject: 'rx-0' (000000003d72471d): kobject_add_internal: parent: 'queues', set: 'queues' [ 1042.819755][T14485] kobject: 'rx-0' (000000003d72471d): kobject_uevent_env [ 1042.826838][T14485] kobject: 'rx-0' (000000003d72471d): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1042.837783][T14485] kobject: 'tx-0' (000000003c877190): kobject_add_internal: parent: 'queues', set: 'queues' [ 1042.848088][T14485] kobject: 'tx-0' (000000003c877190): kobject_uevent_env [ 1042.855182][T14485] kobject: 'tx-0' (000000003c877190): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1042.866527][T14485] kobject: 'batman_adv' (0000000024cf632d): kobject_add_internal: parent: 'nr0', set: '' [ 1042.877387][T14498] device nr0 entered promiscuous mode [ 1042.883125][ T7783] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1042.891848][T14599] binder: BINDER_SET_CONTEXT_MGR already set [ 1042.897845][T14599] binder: 14571:14599 ioctl 40046207 0 returned -16 [ 1042.905061][T14472] kobject: 'batman_adv' (00000000fa84705d): kobject_uevent_env [ 1042.913453][ T7783] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1042.925367][T14472] kobject: 'batman_adv' (00000000fa84705d): kobject_uevent_env: filter function caused the event to drop! [ 1042.937939][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 [ 1042.955189][ T3876] kobject: 'loop1' (00000000cb8a8e73): kobject_uevent_env [ 1042.973398][T14472] kobject: 'batman_adv' (00000000fa84705d): kobject_cleanup, parent (null) [ 1042.976546][ T3876] kobject: 'loop1' (00000000cb8a8e73): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1042.991265][T14607] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1043.002145][T14607] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1043.002290][T14472] kobject: 'batman_adv' (00000000fa84705d): calling ktype release [ 1043.013938][T14472] kobject: (00000000fa84705d): dynamic_kobj_release [ 1043.029714][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1043.038136][T14472] kobject: 'batman_adv': free name [ 1043.044789][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1043.055412][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env [ 1043.056282][T14472] kobject: 'rx-0' (000000002c7349d0): kobject_cleanup, parent 00000000ab84d754 [ 1043.062731][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1043.074316][T14472] kobject: 'rx-0' (000000002c7349d0): auto cleanup 'remove' event [ 1043.093311][T14472] kobject: 'rx-0' (000000002c7349d0): kobject_uevent_env [ 1043.101277][T14472] kobject: 'rx-0' (000000002c7349d0): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1043.112401][T14472] kobject: 'rx-0' (000000002c7349d0): auto cleanup kobject_del [ 1043.120671][T14472] kobject: 'rx-0' (000000002c7349d0): calling ktype release [ 1043.120987][T14607] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1043.128017][T14472] kobject: 'rx-0': free name [ 1043.140041][T14472] kobject: 'tx-0' (0000000016a19beb): kobject_cleanup, parent 00000000ab84d754 [ 1043.144846][T14607] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1043.149064][T14472] kobject: 'tx-0' (0000000016a19beb): auto cleanup 'remove' event [ 1043.173228][T14472] kobject: 'tx-0' (0000000016a19beb): kobject_uevent_env [ 1043.180324][T14472] kobject: 'tx-0' (0000000016a19beb): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1043.186418][T14607] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1043.191347][T14472] kobject: 'tx-0' (0000000016a19beb): auto cleanup kobject_del [ 1043.199330][T14607] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1043.206069][T14472] kobject: 'tx-0' (0000000016a19beb): calling ktype release [ 1043.228992][T14472] kobject: 'tx-0': free name [ 1043.235439][T14472] kobject: 'queues' (00000000ab84d754): kobject_cleanup, parent (null) [ 1043.245380][T14472] kobject: 'queues' (00000000ab84d754): calling ktype release [ 1043.256950][T14472] kobject: 'queues' (00000000ab84d754): kset_release [ 1043.267876][T14472] kobject: 'queues': free name [ 1043.274695][T14472] kobject: 'nr0' (00000000f753bed1): kobject_uevent_env [ 1043.282002][T14472] kobject: 'nr0' (00000000f753bed1): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1043.297175][T14479] kobject: 'batman_adv' (0000000024cf632d): kobject_uevent_env [ 1043.304982][T14479] kobject: 'batman_adv' (0000000024cf632d): kobject_uevent_env: filter function caused the event to drop! [ 1043.316348][T14479] kobject: 'batman_adv' (0000000024cf632d): kobject_cleanup, parent (null) [ 1043.325853][T14479] kobject: 'batman_adv' (0000000024cf632d): calling ktype release [ 1043.333666][T14479] kobject: (0000000024cf632d): dynamic_kobj_release [ 1043.340311][T14479] kobject: 'batman_adv': free name [ 1043.345533][T14479] kobject: 'rx-0' (000000003d72471d): kobject_cleanup, parent 00000000e769d06b [ 1043.354548][T14479] kobject: 'rx-0' (000000003d72471d): auto cleanup 'remove' event [ 1043.362519][ T7783] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1043.362553][ T7783] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1043.380155][T14479] kobject: 'rx-0' (000000003d72471d): kobject_uevent_env [ 1043.387377][T14479] kobject: 'rx-0' (000000003d72471d): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1043.398337][T14479] kobject: 'rx-0' (000000003d72471d): auto cleanup kobject_del [ 1043.405951][T14479] kobject: 'rx-0' (000000003d72471d): calling ktype release [ 1043.413260][T14479] kobject: 'rx-0': free name [ 1043.417869][T14479] kobject: 'tx-0' (000000003c877190): kobject_cleanup, parent 00000000e769d06b [ 1043.426810][T14479] kobject: 'tx-0' (000000003c877190): auto cleanup 'remove' event [ 1043.434814][T14479] kobject: 'tx-0' (000000003c877190): kobject_uevent_env [ 1043.441902][T14479] kobject: 'tx-0' (000000003c877190): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1043.452919][T14479] kobject: 'tx-0' (000000003c877190): auto cleanup kobject_del [ 1043.460605][T14479] kobject: 'tx-0' (000000003c877190): calling ktype release [ 1043.467899][T14479] kobject: 'tx-0': free name [ 1043.472531][T14479] kobject: 'queues' (00000000e769d06b): kobject_cleanup, parent (null) [ 1043.481672][T14479] kobject: 'queues' (00000000e769d06b): calling ktype release [ 1043.489112][T14479] kobject: 'queues' (00000000e769d06b): kset_release [ 1043.495793][T14479] kobject: 'queues': free name [ 1043.500897][T14479] kobject: 'nr0' (000000008127b198): kobject_uevent_env [ 1043.507921][T14479] kobject: 'nr0' (000000008127b198): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1043.517976][T14472] kobject: 'nr0' (00000000f753bed1): kobject_cleanup, parent (null) [ 1043.527062][T14472] kobject: 'nr0' (00000000f753bed1): calling ktype release [ 1043.534411][T14472] kobject: 'nr0': free name [ 1043.540878][ T3876] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1043.541974][T14479] kobject: 'nr0' (000000008127b198): kobject_cleanup, parent (null) [ 1043.548013][ T3876] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1043.556975][T14479] kobject: 'nr0' (000000008127b198): calling ktype release [ 1043.574871][T14479] kobject: 'nr0': free name 15:30:47 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) getpeername(r0, &(0x7f0000000080)=@tipc, &(0x7f0000000100)=0x80) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x6800]}) 15:30:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000fdfdffff0000", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:47 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000130000005d000000000000009500003008000000f65b959af234c66900000000000000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) 15:30:47 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='m\x06dos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:47 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/rpc\x00') r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r3, 0x4, 0x70bd27, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0xc0) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x400500, 0x0) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f00000000c0)=0x9, &(0x7f0000000100)=0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') r6 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$SIOCNRDECOBS(r5, 0x89e2) r7 = dup2(r6, r6) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, 0x0) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r8, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) [ 1043.648804][ T3876] kobject: 'loop5' (00000000e540f250): kobject_uevent_env [ 1043.665159][T14624] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1043.666841][T14627] binder: 14623:14627 got transaction with invalid data ptr [ 1043.677832][T14624] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' 15:30:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x6c00]}) 15:30:47 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 1043.687325][ T3876] kobject: 'loop5' (00000000e540f250): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1043.694377][T14630] kobject: 'nr0' (000000006b36d0ba): kobject_add_internal: parent: 'net', set: 'devices' [ 1043.713475][T14627] binder_transaction: 1 callbacks suppressed [ 1043.713490][T14627] binder: 14623:14627 transaction failed 29201/-14, size 8192-0 line 3179 [ 1043.724201][T14630] kobject: 'nr0' (000000006b36d0ba): kobject_uevent_env [ 1043.745341][ T3876] kobject: 'loop1' (00000000cb8a8e73): kobject_uevent_env [ 1043.749915][T14630] kobject: 'nr0' (000000006b36d0ba): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1043.760545][ T3876] kobject: 'loop1' (00000000cb8a8e73): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1043.771994][T14630] kobject: 'queues' (000000000e6bb564): kobject_add_internal: parent: 'nr0', set: '' [ 1043.785248][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env [ 1043.792707][T14624] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1043.794978][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1043.804475][T14624] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1043.820612][T14644] binder: BINDER_SET_CONTEXT_MGR already set [ 1043.830630][T14644] binder: 14623:14644 ioctl 40046207 0 returned -16 15:30:47 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 1043.844280][T14630] kobject: 'queues' (000000000e6bb564): kobject_uevent_env [ 1043.856616][T14630] kobject: 'queues' (000000000e6bb564): kobject_uevent_env: filter function caused the event to drop! [ 1043.857260][T14627] binder_alloc: 14623: binder_alloc_buf, no vma [ 1043.882919][ T3876] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1043.892988][T14630] kobject: 'rx-0' (0000000087694202): kobject_add_internal: parent: 'queues', set: 'queues' [ 1043.893346][ T3876] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1043.905907][T14624] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1043.913870][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 1043.927291][T14627] binder: 14623:14627 transaction failed 29189/-3, size 8192-0 line 3147 [ 1043.930754][T14630] kobject: 'rx-0' (0000000087694202): kobject_uevent_env [ 1043.942274][ T17] binder: undelivered TRANSACTION_ERROR: 29189 15:30:47 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 15:30:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1043.944658][T14624] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1043.959907][T14630] kobject: 'rx-0' (0000000087694202): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1043.974614][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env [ 1043.977621][T14630] kobject: 'tx-0' (0000000092f72dfc): kobject_add_internal: parent: 'queues', set: 'queues' [ 1043.992689][T14630] kobject: 'tx-0' (0000000092f72dfc): kobject_uevent_env [ 1044.000800][T14630] kobject: 'tx-0' (0000000092f72dfc): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1044.014125][T14630] kobject: 'batman_adv' (000000004b79eb9d): kobject_add_internal: parent: 'nr0', set: '' [ 1044.017959][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1044.035156][T14633] kobject: 'nr0' (00000000f2928682): kobject_add_internal: parent: 'net', set: 'devices' 15:30:47 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='m\ados\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1044.053464][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1044.063459][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1044.068513][T14633] kobject: 'nr0' (00000000f2928682): kobject_uevent_env [ 1044.094124][T14758] binder: 14687:14758 got transaction with invalid data ptr [ 1044.104972][T14633] kobject: 'nr0' (00000000f2928682): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1044.105429][T14758] binder: 14687:14758 transaction failed 29201/-14, size 8192-0 line 3179 [ 1044.118505][T14633] kobject: 'queues' (000000001b71eba3): kobject_add_internal: parent: 'nr0', set: '' [ 1044.123528][ T7783] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1044.133910][T14633] kobject: 'queues' (000000001b71eba3): kobject_uevent_env [ 1044.140903][ T7783] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1044.150763][T14633] kobject: 'queues' (000000001b71eba3): kobject_uevent_env: filter function caused the event to drop! [ 1044.180019][T14633] kobject: 'rx-0' (00000000a5800677): kobject_add_internal: parent: 'queues', set: 'queues' [ 1044.193365][T14633] kobject: 'rx-0' (00000000a5800677): kobject_uevent_env [ 1044.196062][T14761] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1044.200815][T14633] kobject: 'rx-0' (00000000a5800677): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1044.207642][T14761] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1044.221296][T14633] kobject: 'tx-0' (00000000ab6fafc7): kobject_add_internal: parent: 'queues', set: 'queues' [ 1044.239705][T14633] kobject: 'tx-0' (00000000ab6fafc7): kobject_uevent_env [ 1044.247771][T14633] kobject: 'tx-0' (00000000ab6fafc7): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1044.259404][T14633] kobject: 'batman_adv' (00000000c55e1853): kobject_add_internal: parent: 'nr0', set: '' [ 1044.271936][T14628] kobject: 'batman_adv' (000000004b79eb9d): kobject_uevent_env [ 1044.279515][T14628] kobject: 'batman_adv' (000000004b79eb9d): kobject_uevent_env: filter function caused the event to drop! [ 1044.291337][T14761] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1044.291817][T14628] kobject: 'batman_adv' (000000004b79eb9d): kobject_cleanup, parent (null) [ 1044.303332][T14761] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1044.308624][T14628] kobject: 'batman_adv' (000000004b79eb9d): calling ktype release [ 1044.326362][T14628] kobject: (000000004b79eb9d): dynamic_kobj_release [ 1044.330343][T14758] binder: BINDER_SET_CONTEXT_MGR already set [ 1044.333298][T14628] kobject: 'batman_adv': free name [ 1044.339191][T14758] binder: 14687:14758 ioctl 40046207 0 returned -16 [ 1044.348238][T14761] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1044.358471][T14628] kobject: 'rx-0' (0000000087694202): kobject_cleanup, parent 000000000e6bb564 [ 1044.367574][T14628] kobject: 'rx-0' (0000000087694202): auto cleanup 'remove' event [ 1044.376189][T14761] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1044.376559][T14727] binder_alloc: 14687: binder_alloc_buf, no vma [ 1044.386702][T14628] kobject: 'rx-0' (0000000087694202): kobject_uevent_env [ 1044.395604][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 1044.400153][T14628] kobject: 'rx-0' (0000000087694202): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1044.406509][T14727] binder: 14687:14727 transaction failed 29189/-3, size 8192-0 line 3147 [ 1044.418860][T14628] kobject: 'rx-0' (0000000087694202): auto cleanup kobject_del [ 1044.428832][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 1044.442985][T14628] kobject: 'rx-0' (0000000087694202): calling ktype release [ 1044.452818][T14628] kobject: 'rx-0': free name [ 1044.457649][T14628] kobject: 'tx-0' (0000000092f72dfc): kobject_cleanup, parent 000000000e6bb564 [ 1044.466751][T14628] kobject: 'tx-0' (0000000092f72dfc): auto cleanup 'remove' event [ 1044.475123][T14628] kobject: 'tx-0' (0000000092f72dfc): kobject_uevent_env [ 1044.482212][T14628] kobject: 'tx-0' (0000000092f72dfc): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1044.493208][T14628] kobject: 'tx-0' (0000000092f72dfc): auto cleanup kobject_del [ 1044.500906][T14628] kobject: 'tx-0' (0000000092f72dfc): calling ktype release [ 1044.508200][T14628] kobject: 'tx-0': free name [ 1044.512916][T14628] kobject: 'queues' (000000000e6bb564): kobject_cleanup, parent (null) [ 1044.522091][T14628] kobject: 'queues' (000000000e6bb564): calling ktype release [ 1044.529531][T14628] kobject: 'queues' (000000000e6bb564): kset_release [ 1044.536274][T14628] kobject: 'queues': free name [ 1044.541284][T14628] kobject: 'nr0' (000000006b36d0ba): kobject_uevent_env [ 1044.548313][T14628] kobject: 'nr0' (000000006b36d0ba): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1044.559777][T14632] kobject: 'batman_adv' (00000000c55e1853): kobject_uevent_env [ 1044.569175][T14632] kobject: 'batman_adv' (00000000c55e1853): kobject_uevent_env: filter function caused the event to drop! [ 1044.573225][ T7783] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1044.582928][T14632] kobject: 'batman_adv' (00000000c55e1853): kobject_cleanup, parent (null) [ 1044.587901][ T7783] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1044.597391][T14632] kobject: 'batman_adv' (00000000c55e1853): calling ktype release [ 1044.615853][T14632] kobject: (00000000c55e1853): dynamic_kobj_release [ 1044.619254][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1044.622489][T14632] kobject: 'batman_adv': free name [ 1044.640586][T14632] kobject: 'rx-0' (00000000a5800677): kobject_cleanup, parent 000000001b71eba3 [ 1044.645916][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1044.651226][T14632] kobject: 'rx-0' (00000000a5800677): auto cleanup 'remove' event [ 1044.661204][ T3876] kobject: 'loop1' (00000000cb8a8e73): kobject_uevent_env [ 1044.667664][T14632] kobject: 'rx-0' (00000000a5800677): kobject_uevent_env [ 1044.677342][ T3876] kobject: 'loop1' (00000000cb8a8e73): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1044.682057][T14632] kobject: 'rx-0' (00000000a5800677): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1044.708890][T14632] kobject: 'rx-0' (00000000a5800677): auto cleanup kobject_del [ 1044.718071][T14632] kobject: 'rx-0' (00000000a5800677): calling ktype release [ 1044.725534][T14632] kobject: 'rx-0': free name [ 1044.730252][T14632] kobject: 'tx-0' (00000000ab6fafc7): kobject_cleanup, parent 000000001b71eba3 [ 1044.739292][T14632] kobject: 'tx-0' (00000000ab6fafc7): auto cleanup 'remove' event [ 1044.747244][T14632] kobject: 'tx-0' (00000000ab6fafc7): kobject_uevent_env [ 1044.754346][T14632] kobject: 'tx-0' (00000000ab6fafc7): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1044.765346][T14632] kobject: 'tx-0' (00000000ab6fafc7): auto cleanup kobject_del [ 1044.772994][T14632] kobject: 'tx-0' (00000000ab6fafc7): calling ktype release [ 1044.780349][T14632] kobject: 'tx-0': free name [ 1044.784943][T14632] kobject: 'queues' (000000001b71eba3): kobject_cleanup, parent (null) [ 1044.794156][T14632] kobject: 'queues' (000000001b71eba3): calling ktype release [ 1044.801622][T14632] kobject: 'queues' (000000001b71eba3): kset_release [ 1044.808275][T14632] kobject: 'queues': free name [ 1044.813361][T14632] kobject: 'nr0' (00000000f2928682): kobject_uevent_env [ 1044.820419][T14632] kobject: 'nr0' (00000000f2928682): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1044.830445][T14628] kobject: 'nr0' (000000006b36d0ba): kobject_cleanup, parent (null) [ 1044.839391][T14628] kobject: 'nr0' (000000006b36d0ba): calling ktype release [ 1044.846758][T14628] kobject: 'nr0': free name [ 1044.853311][ T3876] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1044.860572][ T3876] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1044.890647][T14632] kobject: 'nr0' (00000000f2928682): kobject_cleanup, parent (null) [ 1044.899588][T14632] kobject: 'nr0' (00000000f2928682): calling ktype release [ 1044.906951][T14632] kobject: 'nr0': free name 15:30:48 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='m\bdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:48 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 15:30:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000ffffffffff60", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:48 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r3 = syz_open_dev$vcsn(&(0x7f0000001980)='/dev/vcs#\x00', 0x5957, 0x4004001) sendmsg$kcm(r3, &(0x7f0000000600)={&(0x7f00000000c0)=@in6={0xa, 0x4e24, 0x6, @mcast1, 0xdf83}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000180)="625f5b315c78c0f7bb100d4d17", 0xd}, {&(0x7f0000000340)="347e1a77a15e050b3509f2bf52d24904a13f1ca7bd7ef305ba1716653496b29885c326c226297e1e34fa696bbf4ca8f48cf5f1a0ca6e2803d65d6fa00f9e32738cdbc4964c45694d45347407bc56b4a66eccef6fc3b9e7202b24e99d559b5e7d5ebedaa033b97b883cc6a813a11754d7d349dd436786e4da51cce89c6b3160023eff17854468ecf28beb525ebab5f98a0cb0fd9686fc683d572debb086cacecf95dd9d43725b118fa01dc1d1915e38a6656317fae1dc5b5e8fe87b80fb59484829", 0xc1}, {&(0x7f0000000840)="baad905ce523b8a19cb37f35ea5d9dba8d3c9d5361fb782bd70b734e66040adc7e63c91a7756a17352358a0fbdefac715f8f0a06a59b3f4ea2294700753da66830e85cf02e12d70955f60ce0637c9006475efb7560d813f126a0c685f9ecdd35d818564c1c7d47141b538b6d5132caad985cd834c5d1bd4202d0aeb8a47c2326f6997ddc608653ddda21e9c95243848600db42311f3dfa1a944e85144a27776d473e7b49e2fdd68f7ac380210793426ae7815dddaf0066681fea7b163cf0f3308e8760cb3de0e55c0905782abbd9b7541fed3f5769d6ee0e7ee70d3a22ff5247eebc9321b860d3ebca38f1d6142a9a49bee9b0ac22df0c228b608219f0204574c7b719634ab4a59088f8c1422a333a74a5f2743aa9eca87eeaf35cfde8e5bc24e665a0cc0feaf41359f19a536d9e473f2062a1d3607432e143ca8fe02c9cac4489d8c6462d2904eab8188044dda1817dec4d1be22ca68c0886d10de553cfa36664e1ad5ebb623ddc3ba1ea5af987a4f36eaf2dd37d9ac03931239e7aa7143b88dfc20f7915f638bbad47dd1017ffad809fb79039ec6ed46bf7f8e21d476dbb25e506e6773a12fd4cecdd53265366ce35eb3a443660f8620a252c5c05e42e55689466a091d7186b26b5c8df070c2e90bd9eb78a3629ad80f4fa3b7904057f70039a883a858bdddeab65328e7b07116f1500d5ddbe45a2fe298729b55094eecbcd033972ed73cbf2ae3ae0375662ce64adfaab916a30325110c2e8fa004241b97edc91e5ff25fb4a6333e47d68aee57c43214ea2f7f9fa9a7ade27c130310ae1b99b32f242f02246c3407c70f54343978e20e537552ea8aaff430060aa78fceb3b2a7caa0105e54829bc0606f842f18930a301340f59348e14e8afef505f0464225737c9a4291e0e136fbb325c6a53859b17e9c8b5145444dae5f548524dbe68de69fba8be4bc3772a6104d8469ad7730284e17b46504e0423edb2624d13309ca64e418660b3a70d7e5eb199ad37aedcedc56c9b6563955b6ef763808384305487561b93ebbd7d8a5b15e305cc48890671dedcba5ac386f772f9ea47d8a27e7eb6537c1fc0bb1c3178ed074abde3d659b34f611721edda341298b5f7744656fef3345a77cf4b158e5a163a13b5d9f996d86b1be94ed5140ac94a401ea068002c6a00b4705b57cde664b2cffdd55bcb54a0a34cde1521fd44d224c395611689b75e463a48810ad43833f805438bddb270912e9fb753eead63321c1804eedefe166f9643ce43f94d48e70683025cefa6438485f80a2a195c0051ddfe9b5ff817970f74de30f6de183ffcf2653925f4cf3c542b85ddd464d8cbfefb6fe92c153d3ed8e3323f37a98d2a3fc5d70d5cd4b7240a567b1503fb74e13ea1fd2c41c27336bbb0d4e5b15c9b5109b5d574988332b0f33ee7557f5992e88154f8004c3903afeb78c554f56dc0d2e4504d119a3f71b46af098b37fb81e2657a5490d2eec383fed19f0f3ef395901eada78bd03a2d7139cabbf91a07ccc0989968f3e18344afd3061a6a1752cb4bf6ffbd9bc25b1d7162d40dd73b6fe55f76e8e681f92c3269958da153952e014ab7fb25c19f82f7b36b20ad7a578b45be4fa1bf20585cd96304c23139edd4e381096169a81b3d35a4238be393bc73e93c8260ec7b43467d160dfb6773afb4c5f1f40cd4df3dfa390a5b8f4ab345f9f891883fd530fb221df0a67d1d587e3b9ac01880502672b1d9f6ee1da1741986c37a113efb4286c6039da7b411f203f22098750fad4599694470e4ea5798afa06a17636fefe28c256eb101aefe6a6a143d1bc4a852c3f9a24ad0534cdf40ca44371e4bf96b39a24cbdb1702ab77f86627c59d85093ff745ddc826045ab556578594c7f84e5bfb4133f65f69b83eab4f1d06281f6c9b5b87a13abbdc0d1b0064fb2426b95a42b25fa4308e6aa95f9d2fd230cee476d82602691dd9e9b9f136272c14264434a9d0604e2e6e6b0c81a7f18d43b6fb352fa7df7f636e9c680c6174f159025bd7353aeab300c442ec2e94939424f87af50c9c0f00bc72032b958c5cf89131440363af0a685befecf23c2d3e33d7bc108840deed6491703806892875901cdf1da109f0452a340f0424a85a3ae6b41fa797f1111812a4be60744c4a399b225b644e963452ad2c57832dd56f6913459e699b38231c9193403ba0cdbb0b790fd0b8b96e5955d86285e9660c2cb6316eb1a997a30f6fdcefe66d7ec17bf4db09043f823580b9b81483d6d94066b3f3d69e7dcdc2f47f73e4ea9e510ebe04e106887c176de8948b512633a261116e25ce0877066bddf1d0599a7f025cdf564ef988732d8307123ba80bf2daace070802eff01bcf2ac723762cb1a2b9e2223bd97cc4c8b7447dc297c94d04209828e28b1c8fd35945becc2ca2d041f60e493e88c9286e3149f603599144c1865e86d70a410e3a01d5cde859f0df9c498b5e19918d2d8038dc6ac8395de934ca46677aea1b3f6b823bcc4a06c6ccd3d606f98cdaeda2d6f4b2678ea738375d7af489699bb6329b24275d7e253e44b2e61340ef22bc89cbdabea45fb9cfa121027b074b87a97d5ba219a77f446445f00a7a598edd381a05ec01070a8b66b288d9e009dfd6259fe13dbcb1401c763294f633a6c54690c9c7bf5844b6b83fed985f7af01d69d510ea957080d419085f327ae0655df098e9f2aa090a8cde85b45f6fbc3071ceb7e91b224c8e4db61ac65a83004650548264d5cb834e06997cc8458d6ed402ae5b639e8e6fbe916e459a1ec436d7db24f6a2340e7f3ff1c5034d763bd8fb7c3b770095f0917087d0e83cd3d4f8d158297e9458d717dab0df40b1a7b6b89432450130807ab6c450ff23146a0ad1857d0b0fd8b2cf20d70c464ae59fcd2f304bdc529d03a0b5a26345c76af0a640b4128caff678d614dde32d23fd7885ba068e6ae3c51dd9c984ed76cd5009b399d4191979839dfab67c4ab034b69085be18c4c0c7b19926fd823146716df75d7d89cc059c7a894472d7941584a90ffbfcc4eb2f3d3a8d49f1216deacbf9ea640022811a7550a7d02ace070c77aeb00546537c390b325423a0f6c98b356d90772ef9e10202a00c733de81f95e3886a50ee4f73ca3c5f40f5138a7c453351d9217dbce46b362cea6d17b863a3d18fb03fdb1934bbbc6708e1ed8c459b6cf36334313ddb04c2b9e8c661c52b088015d7a1ec00d438198a63739e4b50dd80e36b89d8e46daf09d9e7c4e8796c2a4c2744f223b400899ae321f87ded03af269ceb9e165dc90504b0ce4da6b8fc049a98f15f3d27ce538aea084e940d27e3fcc036f3d3d3a80b9873fdea3481ce3b50021a401b14be2448e505c9b6f073117d188c978f4ae3b273aea64b8e8c39698dcee8ebd6e715724827aeb0a1f10cc25a379f234cdbf797b8f9054bee40eb2d8bed0c656b4baa3a87c102c1879a127b4277a92a6ec520a453011e552abb82303dbe378080fed01691f3edc9348df485c8888eae07b3860483f41ea949ca32bc22dba154119b26c98c10b25afdebd17c03140aa0952919cd95af1111ec7a5acb4fcc631f74a2fc92ededec3554bf7b45deea98e7e84c5566acef55f6c194d4cd95c670da6ddb82c902a868577389e7a1b46aeb8bda0ee9073bcef191387fa206ec9cd8b499829930159aa16fbe2e99d4316e6dfa2085413cf7e3b1102944dc6895a476ef980618a94c18eea4be8570e15fca0cebd5982fce0d0ba436a0b346cdf70cd5bbc7db27465f775f5bede1d1f0d48e75399fe973c578c0fdc38e851e20cfd2bd5929cb46eb6cc6c2cec0cbc7a87d85a09639746523ce25bbb93dd25a5721d2fd67433395f865ec380be76bf1f3ae350bb51a4d046c912b386090c893793ec8747b72e2e2b34f113e1fcab7a50ea61d3fb176a2a59c1a23f0ed2904e8591ab31940f4115224fff9d2c218b5f59028e033820965a50f42fa511a1d64556ece393b77276c0681c5ede469713dea182f7ee7ee874246b8f5ed15701fe72db931649ac6a50ebaa56e44b0df2d7e0b1f0a5fd109f274976be9fe611334e93729ea191059fb04bd5ac75b675f5b7a225d5c012e4fd3f5b5227333edd72e1aafcd1894cc30afe621caa13ef41213a4626d6ae2aafc0980e02c072dc4f614d9e66c89c5eda2516e3cfebf711f91c0b6791ae0f6c6912cc1d6df5f6ab0f7408f0717aa97d5cbbae7a8be08d3ef72b9a0e3c76fbe6a8cb236e609a70c27b68810c58fb28710d2ac2fcf5c843fdbea519d9afdb0cdfbc1576a8a9bbc445d2c50a5d520fba272ab0d20dd3d6d1cf578873b703ac0c3ed881624c5b5360e5f0d7d9ae6334e6070b480d98c36f320b3859811fa1df74cd7433abd709a85d4872e33b3fa1ce3d0c30989ae1bc2d9a848036be16320dd4c153fefbedc50448f56ad4988495adb7d6f45bcff077549c623b5d2b02f060482f108a6407b6a3a2d5228f43037c823cceb9c1b56ceb7caeb9b515105cc64280410963f98ed5d89a2c03c91c5bb5f0a3397348ea2b0f5c6a88d8314bebe27daf7c01e27a2ab34e2708138e6ad2f1ebf57e65ea7457b22f83e1f7f8cc17056e1b783ab53dab5b5b9ad0a8035f07eead4456a2257d97d3580f66815a85a119a1e27c0b0cc1ff5381d82036a7f7fce5ac07e27159c9e45e7627f132df8185e52b69c48ac2f62449b5328d6234ad182a20dce3b20bbac1d2b916e1a36697f9e84685a158b0195461d623b91445e3b8b28e66bc84a262d70bfbbc3e451e5d8c2902a238249ac3f4a25f6ca856118543a8de3f69d095141e3dc4a17416f534f18623b1eff78bb51fe5a7f9ad0312a281efd4f4ffa2864acd231482e86d366de4867371bbb62ee621fb4a4e06bab488ecf0dc8c2dab5a4fa3e5b924a71fdaa9cd4c5aedb4d99a9160eaae427cbc26c5bd8a830eb51bb12e4fd629049dfeca3090a7b2feda7ba545c67fe56d6153d9a3c8e98fbadf83381759556e4bdcf2e24986dd9cd7f3173b33805745345fc7cef9ec6ab6ffbda221f091eb4a92d13c410e88aaf51971f43e7637da552236653acff3008ea8c580393d8105d6f429b8fd43e98e260784aed57a1b5c427c924a2472eff411b792cc1bac0e1da5d3e25f2e1e9294bf6d23d1fb4b0b92d0408e04507bb09be42acde8f6a797ca742ec430cac988f0b41c17ea33e270719ea9914cf0a397256d2bbd380523798f18b232078431446063a168334e5d5475805df5cca8750eb3c37fa153510fa24e96cece3c79cabbf9c59edf2ca74814a82dae8e7cb75e3e7b0331e210a88b09b486117edae728b51dd2b31f3f80b8e4f378fe262c41cead12e380b79c311231432d9e23766435690a6ad0c4427cc6ed32f09b4ea50e3eff7681d64a3b026643dcc2ce0d9113badb69193200a01c4ba3df1253a660a7130073a0737e5b689528675e36192f3252d5621b06e27abde498dca0a79d2c18043196d37da9aa2c6d4d746ca9fdecd0c68c90d78ec39e8d1a0090f5c50989562b033e9ca2de7c9be0aa82bac1726d86d561db04a8b58fdf1bf14dfc0290f8dee2f3a9cc98cf23a5f5b42a877f4df7e3e98cdeaa0e836e5159844fb3d1c777ea3de4d2c720260b9526694f32bfa21329359f1155fba33b1645b201ba3f25dfc2bc7399382e6e7540c585d949a2c584b0a8e5622cf2286dc5c870b0ae3414907d68178911d256a68a4ddcf975616b5d9a255520839f37e582520e7c913358d8fe50264696977c1f9120aba65798ba284fdc8a596436afe5cd6251f21f3f8a3356d0445f78cf4d", 0x1000}, {&(0x7f00000001c0)="22cce4af51719137bbb2717aee24a12f150ed4bf89f3d2fa3c641cfa891b92173a06277d997f769ee1cd6ec794e5deacc493a9cb70cce5bc3042909530e48f1e054b22c7024b98ded5f8570d961df3d3baffa5f127ad3d7ad5ef83c928eecc6021c84126ba8e3bc7711ab051", 0x6c}, {&(0x7f0000000440)="c051f7a61ac9726ad2dd9d963ddb9e1a5f762a239530f6967cd2a43feaf22156a1b93990c0c4f28edad0833b22e49ae3ad10262f7f70efa94bad28b65019a257b1362383dbeeb52848ce528dea2a2e903f588862e03b99c2c1c97b2b7a05a504dec35d566a2d14d2a9d818a025f288f424a0a44a6070d1a3b94aebe476c32367a6c8d955e61471878d578d8a46465771d617d7039e19725c0bee161298", 0x9d}, {&(0x7f0000000280)="b4609bca0adc933f3e4a9f3229171f36d27242acf835ee293b05a635e13d06e17f4a2ba17622a7bd751562a3b902964c21898761b65d8387c1254a7590354d3032fe189ec927a95f9852766cd669ffb31c3a1835bf20590012dcf0f66644e6d3643dc16fde53d3926d5e44", 0x6b}, {&(0x7f0000000500)="7312eb34bda0a4069a38f663b52b59dc68b91bef6cef2c1e86219abb6e461e678e01002473fa032e4bc8f0b5d42cf0b2c3b5d4fb0d29c0774ed29cf57ac08573be970cdbbea3d0d2d19eb427786111587c88158e0b5a2a5826d7a793909c52859bcb6d2df51cf97d574971ba2e13436009cea6265be47040328e1653821a53ec04e8ed7f127b1b6ac5196df08380b3b30b20e186c50c182e97da749500e8693e981b47add5fc356877b8945ece3e6a0e9972454e037605d0343e4f829c3eb100ce268d26a1c35b9e718347cf7999529ecff99d14a8c6ece9b354cb209e19c34304b952fee2c8f03ab8e11a4ac4f15bfa0a2ec82a0fd7bfb2f3543c77", 0xfc}, {&(0x7f0000001840)="81d7fe0e6b653e095eca72743bcc0c2b3fdb1fd77edd881171ec566839f44a5c3e6b87bf661233f178b765f793137bdd3b5a61bcffc96422b16bc59ddf399e55df7e23d79d3c33e34fb31544b7a5cc072b107ee80481d86d423da47c52bdb63caf72dbfe3fb1a08a20efa3a94bd27b8e74db3d85a6beb6e1ec0c3119f4f651f7", 0x80}], 0x8, &(0x7f00000020c0)=ANY=[@ANYBLOB="e80000000000000017010000830e000033f543b51f1102ed6ad0920ee7c07d6eabe2434a786ae8a648b1f158a4f0c17aee0e4277dfa404402a4a3a2091adfef331f303be12e99964e6d773ee893b661202d56874ef677c88d7cd26ffdbd55abfdfaa0fa610741747e05e46bf42e233362891afb819edc9eda4837af62bb97ded087a31dda10ad7070daedb2f59e3acda2986635749390ddb61b01c3f87d7de850ec28bfda85ee093e595f8ad7cb2ae8580a96e9d85d705db5b9bd74fb86effe9e5ddee769cd43588857bb17ea28ed6a0e33bb3e361980d1b87b6e22074894e00c87a000000000000a8000000000000009b01000001000000a5698ecb6b2fdebf1142895f1792f0e31d76db61f8a1c1e42cb4fce7ee21e703bb9318b2ecf61752a2328673b6fe8f46f18c5091deb4d2c03b6e473560228ec6276a59d983c413ff6e8998ec358c13ff8adaafa5d5c1febe8293acdbbfc142543bc2a9e56dcd0aa4196689410c55bafe06be55f401e397f29ce794ef5e550e73ebcaf12cd6812f767839ba5442cb9d74c1ad0000000000002000000000ffff000f0100000900000055faf8e7fca2ec772ca581dcd742ed0090000000000000003a00000079060000d334640f01703124debb28115125cc7d99e9c4ce1bcb72c88463c19c67a0f515137cf19a7c5f5ae4ef0bb6a1abacf53a78d0eef59b7a5621bb3ac14fc7d716795129565b41957a40a49a157a912eb798cb5ee36efc7cda55fe2c28f4dd9f20567777391c72936f2c3e7e32db2b5dc3724ff151dc218d76c682df0000000000008800009e000000000088000000060000003d198206ba5704000000b62115fde0eb9af3175e3e390269988b244f33ee1232e4bfb11b87dac76056638ba2ebcab3aca1d111b82098f3a1773b48226a8d98a2c74ade88af42bcdd66f6ef4d6785abcf546dcd00f0b736435c157dc9e167d0deaa16bcbaacb7388c9b6b2f15498f3ccdbc53ee29dbff000036a1d30f3969c14fdc3484cc9d2898062bc4582ca60251f403773d7caf665545798f0aa8aa186a68d516cdadc178b2baa416a72ad1a276a3dc851284fb5ca339c69591b02eb59e5fa3a200660bc28dfa52425489fc91415820f201509b8a768f6ff8c51d"], 0x2c8}, 0x40000) write$vhci(r3, &(0x7f0000001a40)=@HCI_EVENT_PKT={0x4, "e0b2c170b279664003c30aa79148262dff8b1a4b81f952231afa3996299032e81d180aa904a8c7ced4c76ae4617678714a76af9438fdb62959f7256fcf9fc79b9bc2b81474b4b0a68e6d539ac59d130b59c6da25793c924dbc1bc9af89d6cce03076fc93275a100fc721287d386a00bd133729bc448767dd625d69ed97dc3c188d7d9642659da9476d2ed1ad811bd47182bbd207"}, 0x95) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000001940)) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f00000019c0)={0x6, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}]}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r5, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:48 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='m\ados\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7400]}) [ 1045.011206][ T3876] kobject: 'loop5' (00000000e540f250): kobject_uevent_env [ 1045.018364][ T3876] kobject: 'loop5' (00000000e540f250): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1045.041459][T14778] binder: 14774:14778 transaction failed 29201/-28, size 8192-0 line 3147 [ 1045.052484][T14780] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env 15:30:48 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 15:30:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7a00]}) [ 1045.067113][T14787] kobject: 'nr0' (000000002d3c4f20): kobject_add_internal: parent: 'net', set: 'devices' [ 1045.068145][T14780] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1045.094595][T14789] binder: BINDER_SET_CONTEXT_MGR already set [ 1045.109071][T14787] kobject: 'nr0' (000000002d3c4f20): kobject_uevent_env [ 1045.117952][T14789] binder: 14774:14789 ioctl 40046207 0 returned -16 [ 1045.118568][T14782] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1045.125265][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 [ 1045.132462][T14787] kobject: 'nr0' (000000002d3c4f20): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 1045.148073][T14782] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1045.160734][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env 15:30:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00t', @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) [ 1045.177514][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1045.202040][ T3876] kobject: 'loop1' (00000000cb8a8e73): kobject_uevent_env [ 1045.206296][T14787] kobject: 'queues' (00000000eba415dd): kobject_add_internal: parent: 'nr0', set: '' 15:30:48 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 1045.209971][ T3876] kobject: 'loop1' (00000000cb8a8e73): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1045.241269][T14780] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1045.247860][T14787] kobject: 'queues' (00000000eba415dd): kobject_uevent_env [ 1045.248823][T14780] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1045.259017][T14787] kobject: 'queues' (00000000eba415dd): kobject_uevent_env: filter function caused the event to drop! 15:30:48 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='m\ados\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) [ 1045.280666][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1045.281772][T14787] kobject: 'rx-0' (00000000e6533adc): kobject_add_internal: parent: 'queues', set: 'queues' [ 1045.306586][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1045.315899][T14787] kobject: 'rx-0' (00000000e6533adc): kobject_uevent_env 15:30:48 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 1045.337024][T14780] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1045.347439][T14787] kobject: 'rx-0' (00000000e6533adc): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1045.351686][T14780] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1045.367222][T14787] kobject: 'tx-0' (00000000b331b08b): kobject_add_internal: parent: 'queues', set: 'queues' [ 1045.377510][T14814] binder: 14808:14814 got transaction with invalid data ptr [ 1045.379389][T14787] kobject: 'tx-0' (00000000b331b08b): kobject_uevent_env [ 1045.389370][T14814] binder: 14808:14814 transaction failed 29201/-14, size 8192-0 line 3179 [ 1045.393929][T14787] kobject: 'tx-0' (00000000b331b08b): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1045.413906][T14787] kobject: 'batman_adv' (000000002617a845): kobject_add_internal: parent: 'nr0', set: '' [ 1045.420360][T14796] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1045.425123][T14802] device nr0 entered promiscuous mode [ 1045.435054][T14796] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1045.461787][ T3876] kobject: 'loop2' (00000000a7933c64): kobject_uevent_env [ 1045.468926][ T3876] kobject: 'loop2' (00000000a7933c64): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1045.471000][T14814] binder: BINDER_SET_CONTEXT_MGR already set [ 1045.491371][T14814] binder: 14808:14814 ioctl 40046207 0 returned -16 [ 1045.498465][T14811] binder_alloc: 14808: binder_alloc_buf, no vma [ 1045.506042][ T3876] kobject: 'loop1' (00000000cb8a8e73): kobject_uevent_env [ 1045.509109][ T7784] binder: undelivered TRANSACTION_ERROR: 29201 [ 1045.519872][T14811] binder: 14808:14811 transaction failed 29189/-3, size 8192-0 line 3147 [ 1045.525630][ T3876] kobject: 'loop1' (00000000cb8a8e73): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1045.541081][ T17] binder: undelivered TRANSACTION_ERROR: 29189 [ 1045.548068][T14802] kobject: 'batman_adv' (000000002617a845): kobject_uevent_env [ 1045.564151][T14802] kobject: 'batman_adv' (000000002617a845): kobject_uevent_env: filter function caused the event to drop! [ 1045.570402][ T7783] kobject: 'loop3' (000000008d8518d2): kobject_uevent_env [ 1045.575777][T14802] kobject: 'batman_adv' (000000002617a845): kobject_cleanup, parent (null) [ 1045.591569][ T7783] kobject: 'loop3' (000000008d8518d2): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1045.592229][T14802] kobject: 'batman_adv' (000000002617a845): calling ktype release [ 1045.605984][T14818] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1045.610366][T14802] kobject: (000000002617a845): dynamic_kobj_release [ 1045.617976][T14818] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1045.623984][T14802] kobject: 'batman_adv': free name [ 1045.639378][T14802] kobject: 'rx-0' (00000000e6533adc): kobject_cleanup, parent 00000000eba415dd [ 1045.652753][ T3876] kobject: 'loop4' (000000003af4df6b): kobject_uevent_env [ 1045.656422][T14802] kobject: 'rx-0' (00000000e6533adc): auto cleanup 'remove' event [ 1045.668002][ T3876] kobject: 'loop4' (000000003af4df6b): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 1045.668898][T14802] kobject: 'rx-0' (00000000e6533adc): kobject_uevent_env [ 1045.685614][T14802] kobject: 'rx-0' (00000000e6533adc): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 1045.697369][T14802] kobject: 'rx-0' (00000000e6533adc): auto cleanup kobject_del [ 1045.708654][T14802] kobject: 'rx-0' (00000000e6533adc): calling ktype release [ 1045.716095][T14802] kobject: 'rx-0': free name [ 1045.720782][T14802] kobject: 'tx-0' (00000000b331b08b): kobject_cleanup, parent 00000000eba415dd [ 1045.729700][T14802] kobject: 'tx-0' (00000000b331b08b): auto cleanup 'remove' event [ 1045.737558][T14802] kobject: 'tx-0' (00000000b331b08b): kobject_uevent_env [ 1045.744668][T14802] kobject: 'tx-0' (00000000b331b08b): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 1045.755611][T14802] kobject: 'tx-0' (00000000b331b08b): auto cleanup kobject_del [ 1045.763207][T14802] kobject: 'tx-0' (00000000b331b08b): calling ktype release [ 1045.770567][T14802] kobject: 'tx-0': free name [ 1045.775166][T14802] kobject: 'queues' (00000000eba415dd): kobject_cleanup, parent (null) [ 1045.784329][T14802] kobject: 'queues' (00000000eba415dd): calling ktype release [ 1045.790441][T14820] kobject: 'loop0' (00000000b0485b03): kobject_uevent_env [ 1045.792100][T14802] kobject: 'queues' (00000000eba415dd): kset_release [ 1045.798984][T14820] kobject: 'loop0' (00000000b0485b03): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1045.805618][T14802] kobject: 'queues': free name [ 1045.805965][T14802] kobject: 'nr0' (000000002d3c4f20): kobject_uevent_env [ 1045.827747][T14802] kobject: 'nr0' (000000002d3c4f20): fill_kobj_path: path = '/devices/virtual/net/nr0' 15:30:49 executing program 5: sysfs$2(0x2, 0x5, &(0x7f0000000180)=""/176) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x2003, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x40000, 0x0) ioctl$PPPIOCSMRRU(r3, 0x4004743b, &(0x7f00000002c0)=0x1) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000080), 0x0) ioctl$CAPI_REGISTER(r1, 0x400c4301, &(0x7f00000000c0)={0x0, 0x4000000009}) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000640)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\x94r\x00\x00\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&N\x03\xb2K\xac\xe6x\x05\x98\xe5\x8b\xa5\f\x00\x81[K\xa6yfF\xfb\xceJ\xf2\xc0\x85\xc9l\vf\xcd\x97\xb9\xab\xb8\xa0A\f-\xd0\a&g') pipe2(&(0x7f0000000340), 0x84000) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r5, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0xfffffd8b}]) 15:30:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000280)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\x03\x00\x00\x00\xef\x00\x00\x03\xff\x02\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x06\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0xbf00]}) 15:30:49 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 15:30:49 executing program 3: syz_mount_image$msdos(&(0x7f0000000180)='m\tdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000040)="eb57906d6b66732e66617400020401000200027400f0", 0x16}], 0x0, 0x0) 15:30:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000ffefffffff7f", @ANYPTR, @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0}) 15:30:49 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x805, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4002}) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0