tart 1 is beyond EOD, truncated
[ 1344.498213] loop3: p78 start 1 is beyond EOD, truncated
[ 1344.503611] loop3: p79 start 1 is beyond EOD, truncated
[ 1344.509682] loop3: p80 start 1 is beyond EOD, truncated
[ 1344.516159] loop3: p81 start 1 is beyond EOD, truncated
[ 1344.522031] loop3: p82 start 1 is beyond EOD, truncated
[ 1344.528160] loop3: p83 start 1 is beyond EOD, truncated
[ 1344.533651] loop3: p84 start 1 is beyond EOD, truncated
[ 1344.539573] loop3: p85 start 1 is beyond EOD, truncated
[ 1344.554945] loop3: p86 start 1 is beyond EOD, truncated
[ 1344.560433] loop3: p87 start 1 is beyond EOD, truncated
[ 1344.568506] loop3: p88 start 1 is beyond EOD, truncated
[ 1344.574095] loop3: p89 start 1 is beyond EOD, truncated
[ 1344.579994] loop3: p90 start 1 is beyond EOD, truncated
[ 1344.585913] loop3: p91 start 1 is beyond EOD, truncated
[ 1344.591383] loop3: p92 start 1 is beyond EOD, truncated
[ 1344.597213] loop3: p93 start 1 is beyond EOD, truncated
[ 1344.602720] loop3: p94 start 1 is beyond EOD, truncated
[ 1344.608830] loop3: p95 start 1 is beyond EOD, truncated
[ 1344.614302] loop3: p96 start 1 is beyond EOD, truncated
[ 1344.620148] loop3: p97 start 1 is beyond EOD, truncated
[ 1344.626058] loop3: p98 start 1 is beyond EOD, truncated
[ 1344.631526] loop3: p99 start 1 is beyond EOD, truncated
[ 1344.637505] loop3: p100 start 1 is beyond EOD, truncated
[ 1344.643571] loop3: p101 start 1 is beyond EOD, truncated
[ 1344.649709] loop3: p102 start 1 is beyond EOD, truncated
[ 1344.655362] loop3: p103 start 1 is beyond EOD, truncated
[ 1344.660903] loop3: p104 start 1 is beyond EOD, truncated
[ 1344.666617] loop3: p105 start 1 is beyond EOD, truncated
[ 1344.672101] loop3: p106 start 1 is beyond EOD, truncated
[ 1344.677671] loop3: p107 start 1 is beyond EOD, truncated
[ 1344.683129] loop3: p108 start 1 is beyond EOD, truncated
[ 1344.688636] loop3: p109 start 1 is beyond EOD, truncated
[ 1344.694107] loop3: p110 start 1 is beyond EOD, truncated
[ 1344.699634] loop3: p111 start 1 is beyond EOD, truncated
[ 1344.705124] loop3: p112 start 1 is beyond EOD, truncated
[ 1344.710599] loop3: p113 start 1 is beyond EOD, truncated
[ 1344.716429] loop3: p114 start 1 is beyond EOD, truncated
[ 1344.721918] loop3: p115 start 1 is beyond EOD, truncated
[ 1344.727521] loop3: p116 start 1 is beyond EOD, truncated
[ 1344.732983] loop3: p117 start 1 is beyond EOD, truncated
[ 1344.738498] loop3: p118 start 1 is beyond EOD, truncated
[ 1344.743962] loop3: p119 start 1 is beyond EOD, truncated
[ 1344.749483] loop3: p120 start 1 is beyond EOD, truncated
[ 1344.755051] loop3: p121 start 1 is beyond EOD, truncated
[ 1344.760515] loop3: p122 start 1 is beyond EOD, truncated
[ 1344.766022] loop3: p123 start 1 is beyond EOD, truncated
[ 1344.771479] loop3: p124 start 1 is beyond EOD, truncated
[ 1344.777011] loop3: p125 start 1 is beyond EOD, truncated
[ 1344.782490] loop3: p126 start 1 is beyond EOD, truncated
[ 1344.788000] loop3: p127 start 1 is beyond EOD, truncated
[ 1344.793468] loop3: p128 start 1 is beyond EOD, truncated
[ 1344.799007] loop3: p129 start 1 is beyond EOD, truncated
[ 1344.804506] loop3: p130 start 1 is beyond EOD, truncated
[ 1344.810050] loop3: p131 start 1 is beyond EOD, truncated
[ 1344.815594] loop3: p132 start 1 is beyond EOD, truncated
[ 1344.821066] loop3: p133 start 1 is beyond EOD, truncated
[ 1344.826609] loop3: p134 start 1 is beyond EOD, truncated
[ 1344.832090] loop3: p135 start 1 is beyond EOD, truncated
[ 1344.837650] loop3: p136 start 1 is beyond EOD, truncated
[ 1344.843103] loop3: p137 start 1 is beyond EOD, truncated
[ 1344.848679] loop3: p138 start 1 is beyond EOD, truncated
[ 1344.854150] loop3: p139 start 1 is beyond EOD, truncated
[ 1344.859681] loop3: p140 start 1 is beyond EOD, truncated
[ 1344.865194] loop3: p141 start 1 is beyond EOD, truncated
[ 1344.870644] loop3: p142 start 1 is beyond EOD, truncated
[ 1344.876176] loop3: p143 start 1 is beyond EOD, truncated
[ 1344.881669] loop3: p144 start 1 is beyond EOD, truncated
[ 1344.887217] loop3: p145 start 1 is beyond EOD, truncated
[ 1344.892688] loop3: p146 start 1 is beyond EOD, truncated
[ 1344.898217] loop3: p147 start 1 is beyond EOD, truncated
[ 1344.903671] loop3: p148 start 1 is beyond EOD, truncated
[ 1344.909181] loop3: p149 start 1 is beyond EOD, truncated
[ 1344.914723] loop3: p150 start 1 is beyond EOD, truncated
[ 1344.920174] loop3: p151 start 1 is beyond EOD, truncated
[ 1344.925712] loop3: p152 start 1 is beyond EOD, truncated
[ 1344.931189] loop3: p153 start 1 is beyond EOD, truncated
[ 1344.936716] loop3: p154 start 1 is beyond EOD, truncated
[ 1344.942195] loop3: p155 start 1 is beyond EOD, truncated
[ 1344.947775] loop3: p156 start 1 is beyond EOD, truncated
[ 1344.953255] loop3: p157 start 1 is beyond EOD, truncated
[ 1344.958824] loop3: p158 start 1 is beyond EOD, truncated
[ 1344.964283] loop3: p159 start 1 is beyond EOD, truncated
[ 1344.969796] loop3: p160 start 1 is beyond EOD, truncated
[ 1344.975358] loop3: p161 start 1 is beyond EOD, truncated
[ 1344.980818] loop3: p162 start 1 is beyond EOD, truncated
[ 1344.986338] loop3: p163 start 1 is beyond EOD, truncated
[ 1344.991803] loop3: p164 start 1 is beyond EOD, truncated
[ 1344.997329] loop3: p165 start 1 is beyond EOD, truncated
[ 1345.002787] loop3: p166 start 1 is beyond EOD, truncated
[ 1345.008336] loop3: p167 start 1 is beyond EOD, truncated
[ 1345.013803] loop3: p168 start 1 is beyond EOD, truncated
[ 1345.019372] loop3: p169 start 1 is beyond EOD, truncated
[ 1345.024872] loop3: p170 start 1 is beyond EOD, truncated
[ 1345.030328] loop3: p171 start 1 is beyond EOD, truncated
[ 1345.035862] loop3: p172 start 1 is beyond EOD, truncated
[ 1345.041336] loop3: p173 start 1 is beyond EOD, truncated
[ 1345.046841] loop3: p174 start 1 is beyond EOD, truncated
[ 1345.052308] loop3: p175 start 1 is beyond EOD, truncated
[ 1345.057836] loop3: p176 start 1 is beyond EOD, truncated
[ 1345.063302] loop3: p177 start 1 is beyond EOD, truncated
[ 1345.068852] loop3: p178 start 1 is beyond EOD, truncated
[ 1345.074325] loop3: p179 start 1 is beyond EOD, truncated
[ 1345.079848] loop3: p180 start 1 is beyond EOD, truncated
[ 1345.085422] loop3: p181 start 1 is beyond EOD, truncated
[ 1345.090893] loop3: p182 start 1 is beyond EOD, truncated
[ 1345.096437] loop3: p183 start 1 is beyond EOD, truncated
[ 1345.101926] loop3: p184 start 1 is beyond EOD, truncated
[ 1345.107514] loop3: p185 start 1 is beyond EOD, truncated
[ 1345.112987] loop3: p186 start 1 is beyond EOD, truncated
[ 1345.118540] loop3: p187 start 1 is beyond EOD, truncated
[ 1345.124012] loop3: p188 start 1 is beyond EOD, truncated
[ 1345.129564] loop3: p189 start 1 is beyond EOD, truncated
[ 1345.135088] loop3: p190 start 1 is beyond EOD, truncated
[ 1345.140555] loop3: p191 start 1 is beyond EOD, truncated
[ 1345.146109] loop3: p192 start 1 is beyond EOD, truncated
[ 1345.151577] loop3: p193 start 1 is beyond EOD, truncated
[ 1345.157134] loop3: p194 start 1 is beyond EOD, truncated
[ 1345.162600] loop3: p195 start 1 is beyond EOD, truncated
[ 1345.168161] loop3: p196 start 1 is beyond EOD, truncated
[ 1345.173638] loop3: p197 start 1 is beyond EOD, truncated
[ 1345.179184] loop3: p198 start 1 is beyond EOD, truncated
[ 1345.184708] loop3: p199 start 1 is beyond EOD, truncated
[ 1345.190170] loop3: p200 start 1 is beyond EOD, truncated
[ 1345.195758] loop3: p201 start 1 is beyond EOD, truncated
[ 1345.195772] loop3: p202 start 1 is beyond EOD, truncated
[ 1345.195784] loop3: p203 start 1 is beyond EOD, truncated
[ 1345.195795] loop3: p204 start 1 is beyond EOD, truncated
[ 1345.195807] loop3: p205 start 1 is beyond EOD, truncated
[ 1345.195819] loop3: p206 start 1 is beyond EOD, truncated
[ 1345.195831] loop3: p207 start 1 is beyond EOD, truncated
[ 1345.195843] loop3: p208 start 1 is beyond EOD, truncated
[ 1345.195855] loop3: p209 start 1 is beyond EOD, truncated
[ 1345.195866] loop3: p210 start 1 is beyond EOD, truncated
[ 1345.195878] loop3: p211 start 1 is beyond EOD, truncated
[ 1345.195897] loop3: p212 start 1 is beyond EOD, truncated
[ 1345.195909] loop3: p213 start 1 is beyond EOD, truncated
[ 1345.195921] loop3: p214 start 1 is beyond EOD, truncated
[ 1345.195931] loop3: p215 start 1 is beyond EOD, truncated
[ 1345.195940] loop3: p216 start 1 is beyond EOD, truncated
[ 1345.195952] loop3: p217 start 1 is beyond EOD, truncated
[ 1345.195963] loop3: p218 start 1 is beyond EOD, truncated
[ 1345.195976] loop3: p219 start 1 is beyond EOD, truncated
[ 1345.195988] loop3: p220 start 1 is beyond EOD, truncated
[ 1345.196000] loop3: p221 start 1 is beyond EOD, truncated
[ 1345.196012] loop3: p222 start 1 is beyond EOD, truncated
[ 1345.196023] loop3: p223 start 1 is beyond EOD, truncated
[ 1345.196036] loop3: p224 start 1 is beyond EOD, truncated
[ 1345.196057] loop3: p225 start 1 is beyond EOD, truncated
[ 1345.209209] loop3: p226 start 1 is beyond EOD, truncated
[ 1345.339128] loop3: p227 start 1 is beyond EOD, truncated
[ 1345.344708] loop3: p228 start 1 is beyond EOD, truncated
[ 1345.350173] loop3: p229 start 1 is beyond EOD, truncated
[ 1345.355743] loop3: p230 start 1 is beyond EOD, truncated
[ 1345.361200] loop3: p231 start 1 is beyond EOD, truncated
[ 1345.366766] loop3: p232 start 1 is beyond EOD, truncated
[ 1345.372237] loop3: p233 start 1 is beyond EOD, truncated
[ 1345.377736] loop3: p234 start 1 is beyond EOD, truncated
[ 1345.383206] loop3: p235 start 1 is beyond EOD, truncated
[ 1345.388722] loop3: p236 start 1 is beyond EOD, truncated
[ 1345.394205] loop3: p237 start 1 is beyond EOD, truncated
[ 1345.399760] loop3: p238 start 1 is beyond EOD, truncated
[ 1345.405328] loop3: p239 start 1 is beyond EOD, truncated
[ 1345.410767] loop3: p240 start 1 is beyond EOD, truncated
[ 1345.416285] loop3: p241 start 1 is beyond EOD, truncated
[ 1345.421739] loop3: p242 start 1 is beyond EOD, truncated
[ 1345.427239] loop3: p243 start 1 is beyond EOD, truncated
[ 1345.432707] loop3: p244 start 1 is beyond EOD, truncated
[ 1345.438238] loop3: p245 start 1 is beyond EOD, truncated
[ 1345.443716] loop3: p246 start 1 is beyond EOD, truncated
[ 1345.449230] loop3: p247 start 1 is beyond EOD, truncated
[ 1345.454743] loop3: p248 start 1 is beyond EOD, truncated
[ 1345.460190] loop3: p249 start 1 is beyond EOD, truncated
[ 1345.465707] loop3: p250 start 1 is beyond EOD, truncated
[ 1345.471175] loop3: p251 start 1 is beyond EOD, truncated
[ 1345.476711] loop3: p252 start 1 is beyond EOD, truncated
[ 1345.482189] loop3: p253 start 1 is beyond EOD, truncated
[ 1345.487725] loop3: p254 start 1 is beyond EOD, truncated
[ 1345.493185] loop3: p255 start 1 is beyond EOD, truncated
21:37:16 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:37:16 executing program 4:
r0 = syz_open_dev$cec(&(0x7f0000000140)='/dev/cec#\x00', 0x2, 0x2)
write$P9_RREADLINK(r0, &(0x7f0000001180)=ANY=[@ANYBLOB="8e75e90017022207002e2f66696c6530"], 0x10)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000011c0)={0x222, @tick=0x9, 0x13, {0x3, 0xb458}, 0x3f, 0x1, 0x10000000000000})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000001500)={&(0x7f00000014c0)='./file0\x00', 0x0, 0x8}, 0x10)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000001280)={<r2=>0x0, 0x2c, &(0x7f0000001240)=[@in6={0xa, 0x4e24, 0xffff, @mcast1, 0x9}, @in={0x2, 0x4e22, @broadcast}]}, &(0x7f00000012c0)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000001300)={0xa8f8, 0x800d, 0x5, 0x3, r2}, &(0x7f0000001340)=0x10)
read$FUSE(r1, &(0x7f0000000180), 0x1000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001400)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000001380)="7c63524ddc7a5dfb76e41e34c4a83bb5c9646179714648072ac4264312d6ccd063d1526e1b617cfc642b05128eb84ca37fefa9ba339931807c2263eadad37dfe45042c66fe7927990d81ae5c43f439db5cb3d22c6f1827595f4eebce9a83dd6423798f3885c5f648", 0x68, r1}, 0x68)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000001480)=0x6, 0x4)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0xa, &(0x7f0000000080)=[{0x7, 0x9, 0x9, 0x8000}, {0x3, 0x2, 0x9f, 0x8dc8}, {0x9, 0x100000001, 0x8}, {0x1, 0x6, 0x77, 0x5}, {0x1, 0x3f, 0x2, 0x80}, {0x3, 0x680f, 0xfffffffffffffff9, 0x5}, {0x1ff, 0x10001, 0x0, 0x8001}, {0x5, 0x9, 0xffff, 0x80000000}, {0x7, 0xef, 0x6, 0x3}, {0x98d7, 0xa4c0, 0x664, 0x20}]}, 0x10)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x6e, 0x3, 0x4, 0x2, 0x0, 0xfffffffffffffff7, 0x0, 0x2c4345bebc8d41f1, 0x2000000007ff, 0x80000001, 0x6, 0xfffffffffffffff9, 0x790, 0x100000001, 0x1, 0xf7, 0x4eb, 0x2, 0x1, 0x3, 0x2, 0x6, 0x19d, 0x4, 0x9, 0x6, 0x0, 0x3, 0x0, 0x80000000, 0x6, 0xff, 0x0, 0x6, 0xfffffffffffffe00, 0x7fffffff, 0x0, 0x7, 0x4, @perf_config_ext={0x100, 0x4}, 0x1, 0x9, 0xffffffffffffffc0, 0x0, 0x5, 0x1000, 0x1}, 0x0, 0x0, r1, 0xb)

21:37:16 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="006340400100000000000000000000000000000000000000000000000000000000000000000000b5d9ebb67b319065612790e502fe0000000000000000000000000000000000000000000000000000000000"], 0x0, 0x0, 0x0})

21:37:16 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x9000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:16 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x1e00)

21:37:16 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xfcffffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1345.603069] binder_alloc_mmap_handler: 12 callbacks suppressed
[ 1345.603087] binder_alloc: binder_alloc_mmap_handler: 22812 20001000-20004000 already mapped failed -16
[ 1345.637269] binder_alloc: 22810: binder_alloc_buf, no vma
[ 1345.642899] binder_transaction: 4 callbacks suppressed
[ 1345.642919] binder: 22810:22816 transaction failed 29189/-3, size 8914571832703582208-208731456554766385 line 2973
[ 1345.658898] binder: release 22810:22816 transaction 6237 out, still active
[ 1345.677791] binder: unexpected work type, 4, not freed
[ 1345.683146] binder: undelivered TRANSACTION_COMPLETE
[ 1345.705973] binder_alloc: binder_alloc_mmap_handler: 22810 20001000-20004000 already mapped failed -16
[ 1345.713273]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
21:37:16 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xf0ffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1345.713288] loop3: partition table partially beyond EOD, 
[ 1345.715983] binder: BINDER_SET_CONTEXT_MGR already set
[ 1345.803699] truncated
[ 1345.836710] binder_alloc: 22810: binder_alloc_buf, no vma
[ 1345.836808] binder: 22810:22830 got transaction to invalid handle
[ 1345.845871] binder: 22810:22828 transaction failed 29189/-3, size 24-8 line 2973
[ 1345.852641] loop3: p1 start 1 is beyond EOD, truncated
[ 1345.871016] loop3: p2 size 2 extends beyond EOD, truncated
[ 1345.888771] loop3: p3 start 201 is beyond EOD, truncated
[ 1345.894505] binder: 22810:22830 transaction failed 29201/-22, size 8914571832703582208-208731456554766385 line 2834
[ 1345.906997] binder_release_work: 4 callbacks suppressed
[ 1345.907005] binder: undelivered TRANSACTION_ERROR: 29189
[ 1345.910255] loop3: p4 start 301 is beyond EOD, truncated
[ 1345.912547] binder: send failed reply for transaction 6237, target dead
[ 1345.932250] loop3: p5 start 1 is beyond EOD, truncated
[ 1345.938212] loop3: p6 start 1 is beyond EOD, truncated
[ 1345.944079] binder: 22810:22816 ioctl 40046207 0 returned -16
[ 1345.950341] loop3: p7 start 1 is beyond EOD, truncated
[ 1345.955706] binder: undelivered TRANSACTION_ERROR: 29189
[ 1345.961947] loop3: p8 start 1 is beyond EOD, truncated
[ 1345.966305] binder: undelivered TRANSACTION_ERROR: 29201
[ 1345.967608] loop3: p9 start 1 is beyond EOD, truncated
[ 1345.979067] loop3: p10 start 1 is beyond EOD, truncated
[ 1345.984857] loop3: p11 start 1 is beyond EOD, truncated
[ 1345.990527] loop3: p12 start 1 is beyond EOD, truncated
[ 1346.005123] loop3: p13 start 1 is beyond EOD, truncated
[ 1346.024784] loop3: p14 start 1 is beyond EOD, truncated
[ 1346.030233] loop3: p15 start 1 is beyond EOD, truncated
[ 1346.035950] loop3: p16 start 1 is beyond EOD, truncated
[ 1346.041340] loop3: p17 start 1 is beyond EOD, truncated
[ 1346.047318] loop3: p18 start 1 is beyond EOD, truncated
[ 1346.055797] loop3: p19 start 1 is beyond EOD, truncated
[ 1346.061170] loop3: p20 start 1 is beyond EOD, truncated
[ 1346.066720] loop3: p21 start 1 is beyond EOD, truncated
[ 1346.072095] loop3: p22 start 1 is beyond EOD, truncated
[ 1346.077757] loop3: p23 start 1 is beyond EOD, truncated
[ 1346.083142] loop3: p24 start 1 is beyond EOD, truncated
[ 1346.088646] loop3: p25 start 1 is beyond EOD, truncated
[ 1346.094017] loop3: p26 start 1 is beyond EOD, truncated
[ 1346.099495] loop3: p27 start 1 is beyond EOD, truncated
[ 1346.105005] loop3: p28 start 1 is beyond EOD, truncated
[ 1346.110398] loop3: p29 start 1 is beyond EOD, truncated
[ 1346.115865] loop3: p30 start 1 is beyond EOD, truncated
[ 1346.121267] loop3: p31 start 1 is beyond EOD, truncated
[ 1346.126797] loop3: p32 start 1 is beyond EOD, truncated
[ 1346.132174] loop3: p33 start 1 is beyond EOD, truncated
[ 1346.137606] loop3: p34 start 1 is beyond EOD, truncated
[ 1346.142980] loop3: p35 start 1 is beyond EOD, truncated
[ 1346.148484] loop3: p36 start 1 is beyond EOD, truncated
[ 1346.153869] loop3: p37 start 1 is beyond EOD, truncated
[ 1346.159322] loop3: p38 start 1 is beyond EOD, truncated
[ 1346.164761] loop3: p39 start 1 is beyond EOD, truncated
[ 1346.170126] loop3: p40 start 1 is beyond EOD, truncated
[ 1346.175550] loop3: p41 start 1 is beyond EOD, truncated
[ 1346.180926] loop3: p42 start 1 is beyond EOD, truncated
[ 1346.186358] loop3: p43 start 1 is beyond EOD, truncated
[ 1346.191743] loop3: p44 start 1 is beyond EOD, truncated
[ 1346.197202] loop3: p45 start 1 is beyond EOD, truncated
[ 1346.202574] loop3: p46 start 1 is beyond EOD, truncated
[ 1346.208002] loop3: p47 start 1 is beyond EOD, truncated
[ 1346.213385] loop3: p48 start 1 is beyond EOD, truncated
[ 1346.218837] loop3: p49 start 1 is beyond EOD, truncated
[ 1346.224224] loop3: p50 start 1 is beyond EOD, truncated
[ 1346.229716] loop3: p51 start 1 is beyond EOD, truncated
[ 1346.235171] loop3: p52 start 1 is beyond EOD, truncated
[ 1346.240546] loop3: p53 start 1 is beyond EOD, truncated
[ 1346.245990] loop3: p54 start 1 is beyond EOD, truncated
[ 1346.251360] loop3: p55 start 1 is beyond EOD, truncated
[ 1346.256791] loop3: p56 start 1 is beyond EOD, truncated
[ 1346.262218] loop3: p57 start 1 is beyond EOD, truncated
[ 1346.267658] loop3: p58 start 1 is beyond EOD, truncated
[ 1346.273029] loop3: p59 start 1 is beyond EOD, truncated
[ 1346.278473] loop3: p60 start 1 is beyond EOD, truncated
[ 1346.283866] loop3: p61 start 1 is beyond EOD, truncated
[ 1346.289280] loop3: p62 start 1 is beyond EOD, truncated
[ 1346.294710] loop3: p63 start 1 is beyond EOD, truncated
[ 1346.300101] loop3: p64 start 1 is beyond EOD, truncated
[ 1346.305521] loop3: p65 start 1 is beyond EOD, truncated
[ 1346.310900] loop3: p66 start 1 is beyond EOD, truncated
[ 1346.316323] loop3: p67 start 1 is beyond EOD, truncated
[ 1346.321693] loop3: p68 start 1 is beyond EOD, truncated
[ 1346.327137] loop3: p69 start 1 is beyond EOD, truncated
[ 1346.332507] loop3: p70 start 1 is beyond EOD, truncated
[ 1346.337931] loop3: p71 start 1 is beyond EOD, truncated
[ 1346.343298] loop3: p72 start 1 is beyond EOD, truncated
[ 1346.348719] loop3: p73 start 1 is beyond EOD, truncated
[ 1346.354125] loop3: p74 start 1 is beyond EOD, truncated
[ 1346.359575] loop3: p75 start 1 is beyond EOD, truncated
[ 1346.365015] loop3: p76 start 1 is beyond EOD, truncated
[ 1346.370385] loop3: p77 start 1 is beyond EOD, truncated
[ 1346.375913] loop3: p78 start 1 is beyond EOD, truncated
[ 1346.381376] loop3: p79 start 1 is beyond EOD, truncated
[ 1346.394768] loop3: p80 start 1 is beyond EOD, truncated
[ 1346.400296] loop3: p81 start 1 is beyond EOD, truncated
[ 1346.406078] loop3: p82 start 1 is beyond EOD, truncated
[ 1346.411713] loop3: p83 start 1 is beyond EOD, truncated
[ 1346.417250] loop3: p84 start 1 is beyond EOD, truncated
[ 1346.422737] loop3: p85 start 1 is beyond EOD, truncated
[ 1346.428311] loop3: p86 start 1 is beyond EOD, truncated
[ 1346.433775] loop3: p87 start 1 is beyond EOD, truncated
[ 1346.444944] loop3: p88 start 1 is beyond EOD, truncated
[ 1346.450567] loop3: p89 start 1 is beyond EOD, truncated
[ 1346.456355] loop3: p90 start 1 is beyond EOD, truncated
[ 1346.461766] loop3: p91 start 1 is beyond EOD, truncated
[ 1346.467410] loop3: p92 start 1 is beyond EOD, truncated
[ 1346.472785] loop3: p93 start 1 is beyond EOD, truncated
[ 1346.478276] loop3: p94 start 1 is beyond EOD, truncated
[ 1346.483653] loop3: p95 start 1 is beyond EOD, truncated
[ 1346.489086] loop3: p96 start 1 is beyond EOD, truncated
[ 1346.494455] loop3: p97 start 1 is beyond EOD, truncated
[ 1346.499889] loop3: p98 start 1 is beyond EOD, truncated
[ 1346.505960] loop3: p99 start 1 is beyond EOD, truncated
[ 1346.511320] loop3: p100 start 1 is beyond EOD, truncated
[ 1346.516861] loop3: p101 start 1 is beyond EOD, truncated
[ 1346.522333] loop3: p102 start 1 is beyond EOD, truncated
[ 1346.527831] loop3: p103 start 1 is beyond EOD, truncated
[ 1346.533305] loop3: p104 start 1 is beyond EOD, truncated
[ 1346.538824] loop3: p105 start 1 is beyond EOD, truncated
[ 1346.544296] loop3: p106 start 1 is beyond EOD, truncated
[ 1346.549791] loop3: p107 start 1 is beyond EOD, truncated
[ 1346.555278] loop3: p108 start 1 is beyond EOD, truncated
[ 1346.560717] loop3: p109 start 1 is beyond EOD, truncated
[ 1346.566206] loop3: p110 start 1 is beyond EOD, truncated
[ 1346.571689] loop3: p111 start 1 is beyond EOD, truncated
[ 1346.577188] loop3: p112 start 1 is beyond EOD, truncated
[ 1346.582663] loop3: p113 start 1 is beyond EOD, truncated
[ 1346.588155] loop3: p114 start 1 is beyond EOD, truncated
[ 1346.593611] loop3: p115 start 1 is beyond EOD, truncated
[ 1346.599111] loop3: p116 start 1 is beyond EOD, truncated
[ 1346.604643] loop3: p117 start 1 is beyond EOD, truncated
[ 1346.610120] loop3: p118 start 1 is beyond EOD, truncated
[ 1346.615606] loop3: p119 start 1 is beyond EOD, truncated
[ 1346.621103] loop3: p120 start 1 is beyond EOD, truncated
[ 1346.626613] loop3: p121 start 1 is beyond EOD, truncated
[ 1346.632085] loop3: p122 start 1 is beyond EOD, truncated
[ 1346.638353] loop3: p123 start 1 is beyond EOD, truncated
[ 1346.643805] loop3: p124 start 1 is beyond EOD, truncated
[ 1346.649350] loop3: p125 start 1 is beyond EOD, truncated
[ 1346.654882] loop3: p126 start 1 is beyond EOD, truncated
[ 1346.660367] loop3: p127 start 1 is beyond EOD, truncated
[ 1346.665895] loop3: p128 start 1 is beyond EOD, truncated
[ 1346.671411] loop3: p129 start 1 is beyond EOD, truncated
[ 1346.676906] loop3: p130 start 1 is beyond EOD, truncated
[ 1346.682392] loop3: p131 start 1 is beyond EOD, truncated
[ 1346.687893] loop3: p132 start 1 is beyond EOD, truncated
[ 1346.693363] loop3: p133 start 1 is beyond EOD, truncated
[ 1346.698885] loop3: p134 start 1 is beyond EOD, truncated
[ 1346.704377] loop3: p135 start 1 is beyond EOD, truncated
[ 1346.709892] loop3: p136 start 1 is beyond EOD, truncated
[ 1346.715398] loop3: p137 start 1 is beyond EOD, truncated
[ 1346.720847] loop3: p138 start 1 is beyond EOD, truncated
[ 1346.726360] loop3: p139 start 1 is beyond EOD, truncated
[ 1346.731841] loop3: p140 start 1 is beyond EOD, truncated
[ 1346.737359] loop3: p141 start 1 is beyond EOD, truncated
[ 1346.742836] loop3: p142 start 1 is beyond EOD, truncated
[ 1346.748389] loop3: p143 start 1 is beyond EOD, truncated
[ 1346.753860] loop3: p144 start 1 is beyond EOD, truncated
[ 1346.759365] loop3: p145 start 1 is beyond EOD, truncated
[ 1346.765529] loop3: p146 start 1 is beyond EOD, truncated
[ 1346.770982] loop3: p147 start 1 is beyond EOD, truncated
[ 1346.776527] loop3: p148 start 1 is beyond EOD, truncated
[ 1346.781984] loop3: p149 start 1 is beyond EOD, truncated
[ 1346.787495] loop3: p150 start 1 is beyond EOD, truncated
[ 1346.792960] loop3: p151 start 1 is beyond EOD, truncated
[ 1346.798472] loop3: p152 start 1 is beyond EOD, truncated
[ 1346.803953] loop3: p153 start 1 is beyond EOD, truncated
[ 1346.809476] loop3: p154 start 1 is beyond EOD, truncated
[ 1346.814965] loop3: p155 start 1 is beyond EOD, truncated
[ 1346.820410] loop3: p156 start 1 is beyond EOD, truncated
[ 1346.825904] loop3: p157 start 1 is beyond EOD, truncated
[ 1346.831361] loop3: p158 start 1 is beyond EOD, truncated
[ 1346.836880] loop3: p159 start 1 is beyond EOD, truncated
[ 1346.842332] loop3: p160 start 1 is beyond EOD, truncated
[ 1346.847847] loop3: p161 start 1 is beyond EOD, truncated
[ 1346.853316] loop3: p162 start 1 is beyond EOD, truncated
[ 1346.858812] loop3: p163 start 1 is beyond EOD, truncated
[ 1346.864317] loop3: p164 start 1 is beyond EOD, truncated
[ 1346.869810] loop3: p165 start 1 is beyond EOD, truncated
[ 1346.875329] loop3: p166 start 1 is beyond EOD, truncated
[ 1346.880770] loop3: p167 start 1 is beyond EOD, truncated
[ 1346.886268] loop3: p168 start 1 is beyond EOD, truncated
[ 1346.891724] loop3: p169 start 1 is beyond EOD, truncated
[ 1346.898054] loop3: p170 start 1 is beyond EOD, truncated
[ 1346.903520] loop3: p171 start 1 is beyond EOD, truncated
[ 1346.909121] loop3: p172 start 1 is beyond EOD, truncated
[ 1346.914649] loop3: p173 start 1 is beyond EOD, truncated
[ 1346.920104] loop3: p174 start 1 is beyond EOD, truncated
[ 1346.925636] loop3: p175 start 1 is beyond EOD, truncated
[ 1346.931108] loop3: p176 start 1 is beyond EOD, truncated
[ 1346.936681] loop3: p177 start 1 is beyond EOD, truncated
[ 1346.942146] loop3: p178 start 1 is beyond EOD, truncated
[ 1346.947678] loop3: p179 start 1 is beyond EOD, truncated
[ 1346.953160] loop3: p180 start 1 is beyond EOD, truncated
[ 1346.958709] loop3: p181 start 1 is beyond EOD, truncated
[ 1346.964172] loop3: p182 start 1 is beyond EOD, truncated
[ 1346.969711] loop3: p183 start 1 is beyond EOD, truncated
[ 1346.975208] loop3: p184 start 1 is beyond EOD, truncated
[ 1346.980652] loop3: p185 start 1 is beyond EOD, truncated
[ 1346.986145] loop3: p186 start 1 is beyond EOD, truncated
[ 1346.991621] loop3: p187 start 1 is beyond EOD, truncated
[ 1346.997140] loop3: p188 start 1 is beyond EOD, truncated
[ 1347.002615] loop3: p189 start 1 is beyond EOD, truncated
[ 1347.008132] loop3: p190 start 1 is beyond EOD, truncated
[ 1347.013584] loop3: p191 start 1 is beyond EOD, truncated
[ 1347.019096] loop3: p192 start 1 is beyond EOD, truncated
[ 1347.025275] loop3: p193 start 1 is beyond EOD, truncated
[ 1347.030733] loop3: p194 start 1 is beyond EOD, truncated
[ 1347.036370] loop3: p195 start 1 is beyond EOD, truncated
[ 1347.041840] loop3: p196 start 1 is beyond EOD, truncated
[ 1347.047335] loop3: p197 start 1 is beyond EOD, truncated
[ 1347.052842] loop3: p198 start 1 is beyond EOD, truncated
[ 1347.058403] loop3: p199 start 1 is beyond EOD, truncated
[ 1347.063857] loop3: p200 start 1 is beyond EOD, truncated
[ 1347.069356] loop3: p201 start 1 is beyond EOD, truncated
[ 1347.074852] loop3: p202 start 1 is beyond EOD, truncated
[ 1347.080292] loop3: p203 start 1 is beyond EOD, truncated
[ 1347.085787] loop3: p204 start 1 is beyond EOD, truncated
[ 1347.091243] loop3: p205 start 1 is beyond EOD, truncated
[ 1347.096736] loop3: p206 start 1 is beyond EOD, truncated
[ 1347.102200] loop3: p207 start 1 is beyond EOD, truncated
[ 1347.108007] loop3: p208 start 1 is beyond EOD, truncated
[ 1347.113472] loop3: p209 start 1 is beyond EOD, truncated
[ 1347.118968] loop3: p210 start 1 is beyond EOD, truncated
[ 1347.124427] loop3: p211 start 1 is beyond EOD, truncated
[ 1347.129942] loop3: p212 start 1 is beyond EOD, truncated
[ 1347.135465] loop3: p213 start 1 is beyond EOD, truncated
[ 1347.140910] loop3: p214 start 1 is beyond EOD, truncated
[ 1347.146423] loop3: p215 start 1 is beyond EOD, truncated
[ 1347.151895] loop3: p216 start 1 is beyond EOD, truncated
[ 1347.158210] loop3: p217 start 1 is beyond EOD, truncated
[ 1347.163664] loop3: p218 start 1 is beyond EOD, truncated
[ 1347.169190] loop3: p219 start 1 is beyond EOD, truncated
[ 1347.174742] loop3: p220 start 1 is beyond EOD, truncated
[ 1347.180181] loop3: p221 start 1 is beyond EOD, truncated
[ 1347.185684] loop3: p222 start 1 is beyond EOD, truncated
[ 1347.191146] loop3: p223 start 1 is beyond EOD, truncated
[ 1347.196934] loop3: p224 start 1 is beyond EOD, truncated
[ 1347.202432] loop3: p225 start 1 is beyond EOD, truncated
[ 1347.208019] loop3: p226 start 1 is beyond EOD, truncated
[ 1347.213488] loop3: p227 start 1 is beyond EOD, truncated
[ 1347.218992] loop3: p228 start 1 is beyond EOD, truncated
[ 1347.224458] loop3: p229 start 1 is beyond EOD, truncated
[ 1347.229972] loop3: p230 start 1 is beyond EOD, truncated
[ 1347.235528] loop3: p231 start 1 is beyond EOD, truncated
[ 1347.240981] loop3: p232 start 1 is beyond EOD, truncated
[ 1347.246584] loop3: p233 start 1 is beyond EOD, truncated
[ 1347.252108] loop3: p234 start 1 is beyond EOD, truncated
[ 1347.257598] loop3: p235 start 1 is beyond EOD, truncated
[ 1347.263078] loop3: p236 start 1 is beyond EOD, truncated
[ 1347.268580] loop3: p237 start 1 is beyond EOD, truncated
[ 1347.274066] loop3: p238 start 1 is beyond EOD, truncated
[ 1347.279656] loop3: p239 start 1 is beyond EOD, truncated
[ 1347.285764] loop3: p240 start 1 is beyond EOD, truncated
[ 1347.291333] loop3: p241 start 1 is beyond EOD, truncated
[ 1347.297235] loop3: p242 start 1 is beyond EOD, truncated
[ 1347.302819] loop3: p243 start 1 is beyond EOD, truncated
21:37:18 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:18 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0xa)

21:37:18 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x1200000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:18 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:18 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xffffffffffffffff, 0x40)
read$FUSE(r0, &(0x7f0000000180), 0x1000)

[ 1347.308963] loop3: p244 start 1 is beyond EOD, truncated
[ 1347.314499] loop3: p245 start 1 is beyond EOD, truncated
[ 1347.320358] loop3: p246 start 1 is beyond EOD, truncated
[ 1347.326248] loop3: p247 start 1 is beyond EOD, truncated
[ 1347.331806] loop3: p248 start 1 is beyond EOD, truncated
[ 1347.337789] loop3: p249 start 1 is beyond EOD, truncated
[ 1347.347019] loop3: p250 start 1 is beyond EOD, truncated
[ 1347.352534] loop3: p251 start 1 is beyond EOD, truncated
[ 1347.402936] loop3: p252 start 1 is beyond EOD, truncated
[ 1347.418685] binder: release 22841:22846 transaction 6244 out, still active
[ 1347.426436] binder_alloc: 22841: binder_alloc_buf, no vma
[ 1347.433521] binder: unexpected work type, 4, not freed
[ 1347.446461] loop3: p253 start 1 is beyond EOD, truncated
[ 1347.454506] binder: undelivered TRANSACTION_COMPLETE
[ 1347.461742] binder: 22841:22846 transaction failed 29189/-3, size 0-0 line 2973
[ 1347.464091] binder_alloc: binder_alloc_mmap_handler: 22840 20001000-20004000 already mapped failed -16
[ 1347.483395] loop3: p254 start 1 is beyond EOD, truncated
[ 1347.493571] loop3: p255 start 1 is beyond EOD, truncated
[ 1347.501152] binder_alloc: binder_alloc_mmap_handler: 22841 20001000-20004000 already mapped failed -16
[ 1347.522512] binder: BINDER_SET_CONTEXT_MGR already set
[ 1347.532347] binder_alloc: 22841: binder_alloc_buf, no vma
21:37:18 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:37:18 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xa000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:18 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xfffffffffffdffff, 0x2)
read$FUSE(r0, &(0x7f0000001180), 0xfffffffffffffffd)
ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0xffffffffffff8001)

21:37:18 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x7a)

[ 1347.561846] binder: 22841:22846 ioctl 40046207 0 returned -16
[ 1347.579104] binder: 22841:22852 transaction failed 29189/-3, size 24-8 line 2973
[ 1347.601128] binder: 22841:22858 got transaction to invalid handle
[ 1347.609908] binder: undelivered TRANSACTION_ERROR: 29189
[ 1347.634923] binder: 22841:22858 transaction failed 29201/-22, size 0-0 line 2834
[ 1347.640524] binder: undelivered TRANSACTION_ERROR: 29189
21:37:18 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x800000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:18 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000040)=0x8, 0x2)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x2, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000100)={0xf, 0x8, 0xfa00, {r1, 0x4}}, 0x10)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x802, 0x0)

[ 1347.677783] binder: send failed reply for transaction 6244, target dead
[ 1347.706409] binder: undelivered TRANSACTION_ERROR: 29201
21:37:18 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0xfffffffffffffe94, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1347.749598] binder_alloc: binder_alloc_mmap_handler: 22865 20001000-20004000 already mapped failed -16
[ 1347.807666]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1347.807681] loop3: partition table partially beyond EOD, 
[ 1347.960015] binder: 22880:22883 ioctl c0306201 20000000 returned -14
[ 1347.961084] binder: release 22880:22883 transaction 6251 out, still active
[ 1347.973088] binder: unexpected work type, 4, not freed
[ 1347.985074] binder_alloc: 22880: binder_alloc_buf, no vma
[ 1347.993295] binder: 22880:22883 transaction failed 29189/-3, size 0-0 line 2973
[ 1348.002490] binder: undelivered TRANSACTION_COMPLETE
[ 1348.010918] binder_alloc: binder_alloc_mmap_handler: 22880 20001000-20004000 already mapped failed -16
[ 1348.014243] truncated
[ 1348.021334] binder: BINDER_SET_CONTEXT_MGR already set
[ 1348.028849] binder: 22880:22883 ioctl 40046207 0 returned -16
[ 1348.035159] binder_alloc: 22880: binder_alloc_buf, no vma
[ 1348.036517] loop3: p1 start 1 is beyond EOD, truncated
[ 1348.046525] binder: 22880:22887 transaction failed 29189/-3, size 24-8 line 2973
[ 1348.047080] loop3: p2 size 2 extends beyond EOD, truncated
[ 1348.054435] binder: 22880:22887 ioctl c0306201 20000000 returned -14
[ 1348.067199] binder: undelivered TRANSACTION_ERROR: 29189
[ 1348.068957] binder: 22880:22887 got transaction to invalid handle
[ 1348.085299] loop3: p3 start 201 is beyond EOD, truncated
[ 1348.090763] loop3: p4 start 301 is beyond EOD, truncated
[ 1348.104558] binder: 22880:22887 transaction failed 29201/-22, size 0-0 line 2834
[ 1348.104713] loop3: p5 start 1 is beyond EOD, truncated
[ 1348.112408] binder: undelivered TRANSACTION_ERROR: 29189
[ 1348.128928] loop3: p6 start 1 is beyond EOD, truncated
[ 1348.135146] binder: send failed reply for transaction 6251, target dead
[ 1348.136318] loop3: p7 start 1 is beyond EOD, truncated
[ 1348.147685] loop3: p8 start 1 is beyond EOD, truncated
[ 1348.153415] loop3: p9 start 1 is beyond EOD, truncated
[ 1348.159170] binder: undelivered TRANSACTION_ERROR: 29201
[ 1348.159483] loop3: p10 start 1 is beyond EOD, truncated
[ 1348.170479] loop3: p11 start 1 is beyond EOD, truncated
[ 1348.176370] loop3: p12 start 1 is beyond EOD, truncated
[ 1348.187228] loop3: p13 start 1 is beyond EOD, truncated
[ 1348.192635] loop3: p14 start 1 is beyond EOD, truncated
[ 1348.198506] loop3: p15 start 1 is beyond EOD, truncated
[ 1348.203923] loop3: p16 start 1 is beyond EOD, truncated
[ 1348.209798] loop3: p17 start 1 is beyond EOD, truncated
[ 1348.215826] loop3: p18 start 1 is beyond EOD, truncated
[ 1348.221211] loop3: p19 start 1 is beyond EOD, truncated
[ 1348.226685] loop3: p20 start 1 is beyond EOD, truncated
[ 1348.232055] loop3: p21 start 1 is beyond EOD, truncated
[ 1348.237523] loop3: p22 start 1 is beyond EOD, truncated
[ 1348.242906] loop3: p23 start 1 is beyond EOD, truncated
[ 1348.248332] loop3: p24 start 1 is beyond EOD, truncated
[ 1348.253724] loop3: p25 start 1 is beyond EOD, truncated
[ 1348.259146] loop3: p26 start 1 is beyond EOD, truncated
[ 1348.264525] loop3: p27 start 1 is beyond EOD, truncated
[ 1348.269973] loop3: p28 start 1 is beyond EOD, truncated
[ 1348.275432] loop3: p29 start 1 is beyond EOD, truncated
[ 1348.280808] loop3: p30 start 1 is beyond EOD, truncated
[ 1348.286245] loop3: p31 start 1 is beyond EOD, truncated
[ 1348.291640] loop3: p32 start 1 is beyond EOD, truncated
[ 1348.297387] loop3: p33 start 1 is beyond EOD, truncated
[ 1348.302814] loop3: p34 start 1 is beyond EOD, truncated
[ 1348.308714] loop3: p35 start 1 is beyond EOD, truncated
[ 1348.314098] loop3: p36 start 1 is beyond EOD, truncated
[ 1348.320066] loop3: p37 start 1 is beyond EOD, truncated
[ 1348.325809] loop3: p38 start 1 is beyond EOD, truncated
[ 1348.331192] loop3: p39 start 1 is beyond EOD, truncated
[ 1348.337028] loop3: p40 start 1 is beyond EOD, truncated
[ 1348.342678] loop3: p41 start 1 is beyond EOD, truncated
[ 1348.348681] loop3: p42 start 1 is beyond EOD, truncated
[ 1348.354159] loop3: p43 start 1 is beyond EOD, truncated
[ 1348.354172] loop3: p44 start 1 is beyond EOD, truncated
[ 1348.354184] loop3: p45 start 1 is beyond EOD, truncated
[ 1348.354196] loop3: p46 start 1 is beyond EOD, truncated
[ 1348.354208] loop3: p47 start 1 is beyond EOD, truncated
[ 1348.354220] loop3: p48 start 1 is beyond EOD, truncated
[ 1348.354232] loop3: p49 start 1 is beyond EOD, truncated
[ 1348.354243] loop3: p50 start 1 is beyond EOD, truncated
[ 1348.373993] loop3: p51 start 1 is beyond EOD, truncated
[ 1348.403799] loop3: p52 start 1 is beyond EOD, truncated
[ 1348.409581] loop3: p53 start 1 is beyond EOD, truncated
[ 1348.415405] loop3: p54 start 1 is beyond EOD, truncated
[ 1348.420811] loop3: p55 start 1 is beyond EOD, truncated
[ 1348.426728] loop3: p56 start 1 is beyond EOD, truncated
[ 1348.432112] loop3: p57 start 1 is beyond EOD, truncated
[ 1348.440063] loop3: p58 start 1 is beyond EOD, truncated
[ 1348.445914] loop3: p59 start 1 is beyond EOD, truncated
[ 1348.451430] loop3: p60 start 1 is beyond EOD, truncated
[ 1348.457310] loop3: p61 start 1 is beyond EOD, truncated
[ 1348.462848] loop3: p62 start 1 is beyond EOD, truncated
[ 1348.468820] loop3: p63 start 1 is beyond EOD, truncated
[ 1348.474337] loop3: p64 start 1 is beyond EOD, truncated
[ 1348.480315] loop3: p65 start 1 is beyond EOD, truncated
[ 1348.486151] loop3: p66 start 1 is beyond EOD, truncated
[ 1348.491680] loop3: p67 start 1 is beyond EOD, truncated
[ 1348.497677] loop3: p68 start 1 is beyond EOD, truncated
[ 1348.503264] loop3: p69 start 1 is beyond EOD, truncated
[ 1348.509276] loop3: p70 start 1 is beyond EOD, truncated
[ 1348.515143] loop3: p71 start 1 is beyond EOD, truncated
[ 1348.520667] loop3: p72 start 1 is beyond EOD, truncated
[ 1348.526572] loop3: p73 start 1 is beyond EOD, truncated
[ 1348.532114] loop3: p74 start 1 is beyond EOD, truncated
[ 1348.538272] loop3: p75 start 1 is beyond EOD, truncated
[ 1348.543832] loop3: p76 start 1 is beyond EOD, truncated
[ 1348.549791] loop3: p77 start 1 is beyond EOD, truncated
[ 1348.555988] loop3: p78 start 1 is beyond EOD, truncated
[ 1348.561538] loop3: p79 start 1 is beyond EOD, truncated
[ 1348.567500] loop3: p80 start 1 is beyond EOD, truncated
[ 1348.573055] loop3: p81 start 1 is beyond EOD, truncated
[ 1348.594750] loop3: p82 start 1 is beyond EOD, truncated
[ 1348.600350] loop3: p83 start 1 is beyond EOD, truncated
[ 1348.605907] loop3: p84 start 1 is beyond EOD, truncated
21:37:19 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:19 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xffffff7f]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:19 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x7a00000000000000)

21:37:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x1)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1348.611308] loop3: p85 start 1 is beyond EOD, truncated
[ 1348.616769] loop3: p86 start 1 is beyond EOD, truncated
[ 1348.622155] loop3: p87 start 1 is beyond EOD, truncated
[ 1348.627602] loop3: p88 start 1 is beyond EOD, truncated
[ 1348.659855] loop3: p89 start 1 is beyond EOD, truncated
[ 1348.678598] binder: release 22897:22898 transaction 6258 out, still active
[ 1348.698150] binder_alloc: 22897: binder_alloc_buf, no vma
[ 1348.698768] binder: unexpected work type, 4, not freed
21:37:19 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xf000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1348.709581] loop3: p90 start 1 is beyond EOD, truncated
[ 1348.716573] binder: 22897:22898 transaction failed 29189/-3, size 0-0 line 2973
[ 1348.719107] binder_alloc: binder_alloc_mmap_handler: 22896 20ffd000-21000000 already mapped failed -16
[ 1348.735207] loop3: p91 start 1 is beyond EOD, truncated
[ 1348.742949] binder_alloc: binder_alloc_mmap_handler: 22897 20001000-20004000 already mapped failed -16
[ 1348.746702] binder: undelivered TRANSACTION_COMPLETE
[ 1348.761482] loop3: p92 start 1 is beyond EOD, truncated
[ 1348.772708] loop3: p93 start 1 is beyond EOD, truncated
[ 1348.778433] binder: BINDER_SET_CONTEXT_MGR already set
[ 1348.795150] binder_alloc: binder_alloc_mmap_handler: 22896 20ffd000-21000000 already mapped failed -16
[ 1348.805103] loop3: p94 start 1 is beyond EOD, truncated
[ 1348.806225] binder: 22897:22903 ioctl 40046207 0 returned -16
[ 1348.811198] loop3: p95 start 1 is beyond EOD, truncated
[ 1348.825736] binder: 22897:22910 got transaction to context manager from process owning it
[ 1348.835733] loop3: p96 start 1 is beyond EOD, truncated
[ 1348.845408] binder_alloc: binder_alloc_mmap_handler: 22896 20001000-20004000 already mapped failed -16
[ 1348.856209] loop3: p97 start 1 is beyond EOD, truncated
[ 1348.869201] binder: undelivered TRANSACTION_ERROR: 29189
[ 1348.879083] binder: send failed reply for transaction 6258, target dead
[ 1348.889600] loop3: p98 start 1 is beyond EOD, truncated
[ 1348.897492] loop3: p99 start 1 is beyond EOD, truncated
[ 1348.903019] loop3: p100 start 1 is beyond EOD, truncated
[ 1348.931228] loop3: p101 start 1 is beyond EOD, truncated
[ 1348.955638] loop3: p102 start 1 is beyond EOD, truncated
[ 1348.985450] loop3: p103 start 1 is beyond EOD, truncated
[ 1349.011659] loop3: p104 start 1 is beyond EOD, truncated
[ 1349.025028] loop3: p105 start 1 is beyond EOD, truncated
[ 1349.031105] loop3: p106 start 1 is beyond EOD, truncated
[ 1349.036926] loop3: p107 start 1 is beyond EOD, truncated
[ 1349.042541] loop3: p108 start 1 is beyond EOD, truncated
[ 1349.048235] loop3: p109 start 1 is beyond EOD, truncated
[ 1349.053842] loop3: p110 start 1 is beyond EOD, truncated
[ 1349.060246] loop3: p111 start 1 is beyond EOD, truncated
[ 1349.065967] loop3: p112 start 1 is beyond EOD, truncated
[ 1349.071705] loop3: p113 start 1 is beyond EOD, truncated
[ 1349.078026] loop3: p114 start 1 is beyond EOD, truncated
[ 1349.083930] loop3: p115 start 1 is beyond EOD, truncated
[ 1349.089675] loop3: p116 start 1 is beyond EOD, truncated
[ 1349.095322] loop3: p117 start 1 is beyond EOD, truncated
[ 1349.100871] loop3: p118 start 1 is beyond EOD, truncated
[ 1349.106435] loop3: p119 start 1 is beyond EOD, truncated
[ 1349.111910] loop3: p120 start 1 is beyond EOD, truncated
[ 1349.117450] loop3: p121 start 1 is beyond EOD, truncated
[ 1349.122909] loop3: p122 start 1 is beyond EOD, truncated
[ 1349.128418] loop3: p123 start 1 is beyond EOD, truncated
[ 1349.133889] loop3: p124 start 1 is beyond EOD, truncated
[ 1349.139393] loop3: p125 start 1 is beyond EOD, truncated
[ 1349.144909] loop3: p126 start 1 is beyond EOD, truncated
[ 1349.150356] loop3: p127 start 1 is beyond EOD, truncated
[ 1349.155871] loop3: p128 start 1 is beyond EOD, truncated
[ 1349.161345] loop3: p129 start 1 is beyond EOD, truncated
[ 1349.166918] loop3: p130 start 1 is beyond EOD, truncated
[ 1349.172390] loop3: p131 start 1 is beyond EOD, truncated
[ 1349.177919] loop3: p132 start 1 is beyond EOD, truncated
[ 1349.183388] loop3: p133 start 1 is beyond EOD, truncated
[ 1349.188924] loop3: p134 start 1 is beyond EOD, truncated
[ 1349.194379] loop3: p135 start 1 is beyond EOD, truncated
[ 1349.199897] loop3: p136 start 1 is beyond EOD, truncated
[ 1349.205396] loop3: p137 start 1 is beyond EOD, truncated
[ 1349.210847] loop3: p138 start 1 is beyond EOD, truncated
[ 1349.216377] loop3: p139 start 1 is beyond EOD, truncated
[ 1349.221848] loop3: p140 start 1 is beyond EOD, truncated
[ 1349.227361] loop3: p141 start 1 is beyond EOD, truncated
[ 1349.232847] loop3: p142 start 1 is beyond EOD, truncated
[ 1349.238401] loop3: p143 start 1 is beyond EOD, truncated
[ 1349.243864] loop3: p144 start 1 is beyond EOD, truncated
[ 1349.249439] loop3: p145 start 1 is beyond EOD, truncated
[ 1349.254959] loop3: p146 start 1 is beyond EOD, truncated
[ 1349.260431] loop3: p147 start 1 is beyond EOD, truncated
[ 1349.265943] loop3: p148 start 1 is beyond EOD, truncated
[ 1349.271400] loop3: p149 start 1 is beyond EOD, truncated
[ 1349.276916] loop3: p150 start 1 is beyond EOD, truncated
[ 1349.282392] loop3: p151 start 1 is beyond EOD, truncated
[ 1349.287918] loop3: p152 start 1 is beyond EOD, truncated
[ 1349.293414] loop3: p153 start 1 is beyond EOD, truncated
[ 1349.298946] loop3: p154 start 1 is beyond EOD, truncated
[ 1349.304418] loop3: p155 start 1 is beyond EOD, truncated
[ 1349.309989] loop3: p156 start 1 is beyond EOD, truncated
[ 1349.315511] loop3: p157 start 1 is beyond EOD, truncated
[ 1349.320985] loop3: p158 start 1 is beyond EOD, truncated
[ 1349.326506] loop3: p159 start 1 is beyond EOD, truncated
[ 1349.331972] loop3: p160 start 1 is beyond EOD, truncated
[ 1349.337492] loop3: p161 start 1 is beyond EOD, truncated
[ 1349.342949] loop3: p162 start 1 is beyond EOD, truncated
[ 1349.348462] loop3: p163 start 1 is beyond EOD, truncated
[ 1349.353947] loop3: p164 start 1 is beyond EOD, truncated
[ 1349.359504] loop3: p165 start 1 is beyond EOD, truncated
[ 1349.365000] loop3: p166 start 1 is beyond EOD, truncated
[ 1349.370438] loop3: p167 start 1 is beyond EOD, truncated
[ 1349.375983] loop3: p168 start 1 is beyond EOD, truncated
[ 1349.381472] loop3: p169 start 1 is beyond EOD, truncated
[ 1349.386994] loop3: p170 start 1 is beyond EOD, truncated
[ 1349.392467] loop3: p171 start 1 is beyond EOD, truncated
[ 1349.398006] loop3: p172 start 1 is beyond EOD, truncated
[ 1349.403484] loop3: p173 start 1 is beyond EOD, truncated
[ 1349.408994] loop3: p174 start 1 is beyond EOD, truncated
[ 1349.414456] loop3: p175 start 1 is beyond EOD, truncated
[ 1349.419955] loop3: p176 start 1 is beyond EOD, truncated
[ 1349.425490] loop3: p177 start 1 is beyond EOD, truncated
[ 1349.430940] loop3: p178 start 1 is beyond EOD, truncated
[ 1349.436482] loop3: p179 start 1 is beyond EOD, truncated
[ 1349.441941] loop3: p180 start 1 is beyond EOD, truncated
[ 1349.447476] loop3: p181 start 1 is beyond EOD, truncated
[ 1349.452990] loop3: p182 start 1 is beyond EOD, truncated
[ 1349.458516] loop3: p183 start 1 is beyond EOD, truncated
[ 1349.463976] loop3: p184 start 1 is beyond EOD, truncated
[ 1349.469480] loop3: p185 start 1 is beyond EOD, truncated
[ 1349.474997] loop3: p186 start 1 is beyond EOD, truncated
[ 1349.480467] loop3: p187 start 1 is beyond EOD, truncated
[ 1349.486003] loop3: p188 start 1 is beyond EOD, truncated
[ 1349.491493] loop3: p189 start 1 is beyond EOD, truncated
[ 1349.497032] loop3: p190 start 1 is beyond EOD, truncated
[ 1349.502664] loop3: p191 start 1 is beyond EOD, truncated
[ 1349.508202] loop3: p192 start 1 is beyond EOD, truncated
[ 1349.513693] loop3: p193 start 1 is beyond EOD, truncated
[ 1349.520764] loop3: p194 start 1 is beyond EOD, truncated
[ 1349.526356] loop3: p195 start 1 is beyond EOD, truncated
[ 1349.531836] loop3: p196 start 1 is beyond EOD, truncated
[ 1349.537378] loop3: p197 start 1 is beyond EOD, truncated
[ 1349.542848] loop3: p198 start 1 is beyond EOD, truncated
[ 1349.548395] loop3: p199 start 1 is beyond EOD, truncated
[ 1349.553862] loop3: p200 start 1 is beyond EOD, truncated
[ 1349.559450] loop3: p201 start 1 is beyond EOD, truncated
[ 1349.564975] loop3: p202 start 1 is beyond EOD, truncated
[ 1349.570617] loop3: p203 start 1 is beyond EOD, truncated
[ 1349.576246] loop3: p204 start 1 is beyond EOD, truncated
[ 1349.576270] loop3: p205 start 1 is beyond EOD, truncated
[ 1349.587441] loop3: p206 start 1 is beyond EOD, truncated
[ 1349.598330] loop3: p207 start 1 is beyond EOD, truncated
[ 1349.603830] loop3: p208 start 1 is beyond EOD, truncated
[ 1349.610271] loop3: p209 start 1 is beyond EOD, truncated
[ 1349.615835] loop3: p210 start 1 is beyond EOD, truncated
[ 1349.621300] loop3: p211 start 1 is beyond EOD, truncated
[ 1349.626856] loop3: p212 start 1 is beyond EOD, truncated
[ 1349.632326] loop3: p213 start 1 is beyond EOD, truncated
[ 1349.637841] loop3: p214 start 1 is beyond EOD, truncated
[ 1349.643332] loop3: p215 start 1 is beyond EOD, truncated
[ 1349.648854] loop3: p216 start 1 is beyond EOD, truncated
[ 1349.654337] loop3: p217 start 1 is beyond EOD, truncated
[ 1349.660044] loop3: p218 start 1 is beyond EOD, truncated
[ 1349.665672] loop3: p219 start 1 is beyond EOD, truncated
[ 1349.671155] loop3: p220 start 1 is beyond EOD, truncated
[ 1349.676790] loop3: p221 start 1 is beyond EOD, truncated
[ 1349.682254] loop3: p222 start 1 is beyond EOD, truncated
[ 1349.687773] loop3: p223 start 1 is beyond EOD, truncated
[ 1349.693244] loop3: p224 start 1 is beyond EOD, truncated
[ 1349.698819] loop3: p225 start 1 is beyond EOD, truncated
[ 1349.704310] loop3: p226 start 1 is beyond EOD, truncated
[ 1349.709866] loop3: p227 start 1 is beyond EOD, truncated
[ 1349.715449] loop3: p228 start 1 is beyond EOD, truncated
[ 1349.720925] loop3: p229 start 1 is beyond EOD, truncated
[ 1349.726486] loop3: p230 start 1 is beyond EOD, truncated
[ 1349.731971] loop3: p231 start 1 is beyond EOD, truncated
[ 1349.737491] loop3: p232 start 1 is beyond EOD, truncated
[ 1349.742960] loop3: p233 start 1 is beyond EOD, truncated
[ 1349.748531] loop3: p234 start 1 is beyond EOD, truncated
[ 1349.754010] loop3: p235 start 1 is beyond EOD, truncated
[ 1349.759576] loop3: p236 start 1 is beyond EOD, truncated
[ 1349.765096] loop3: p237 start 1 is beyond EOD, truncated
[ 1349.770559] loop3: p238 start 1 is beyond EOD, truncated
[ 1349.776088] loop3: p239 start 1 is beyond EOD, truncated
[ 1349.781562] loop3: p240 start 1 is beyond EOD, truncated
[ 1349.787075] loop3: p241 start 1 is beyond EOD, truncated
[ 1349.792546] loop3: p242 start 1 is beyond EOD, truncated
[ 1349.798057] loop3: p243 start 1 is beyond EOD, truncated
[ 1349.803523] loop3: p244 start 1 is beyond EOD, truncated
[ 1349.809092] loop3: p245 start 1 is beyond EOD, truncated
[ 1349.814639] loop3: p246 start 1 is beyond EOD, truncated
[ 1349.820080] loop3: p247 start 1 is beyond EOD, truncated
[ 1349.825574] loop3: p248 start 1 is beyond EOD, truncated
[ 1349.831058] loop3: p249 start 1 is beyond EOD, truncated
[ 1349.836781] loop3: p250 start 1 is beyond EOD, truncated
[ 1349.842264] loop3: p251 start 1 is beyond EOD, truncated
[ 1349.847787] loop3: p252 start 1 is beyond EOD, truncated
[ 1349.853258] loop3: p253 start 1 is beyond EOD, truncated
[ 1349.858789] loop3: p254 start 1 is beyond EOD, truncated
21:37:20 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:37:20 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={<r1=>0x0}, &(0x7f0000000040)=0xc)
fcntl$lock(r0, 0x27, &(0x7f0000000080)={0x0, 0x3, 0xfffffffffffffffd, 0xffffffffffffff80, r1})
ioctl$KVM_SET_NESTED_STATE(r0, 0x4080aebf, &(0x7f0000001180)={0x1, 0x0, 0x2080, {0x5000, 0x4000, 0x2}, [], "904c4c46ac563e657742d163d182798308f0a20590aa36648a896aa4143a998c9d760067ca12e16968aefa96118d0d7d9fc3e42cfba75d40cc9c0f166914b45953ff1da5fbfbca5f39898d8098c9b033b6e340c8a84addf9c209d19533a3148ee5857d3bd74311cd061706756102fe2618232450f84599bbf24e1811408fb6f23b71686d1ace25bfa388eee4db80d2fbdaca85ff969ec41f1dcf01b86959c46a92e8ce64c6127257f2d134cb968333c649b49d2f0e5b68e3150cc81672fecb1cffa50da54cde0ac89caf46a4d1a6cb2b9339136007d4eef28f1f53390d15a3458445c67614930f3f9c0bf76869138c5523b87e2b402cac366422e5ed53483e7d8221e957e9d887fc11a59e6d8153127387f1c6bd8df45e69299e85e33a9d52dc555a5ebe670ca79b8f909bf95d60de187c46303300fc935e8ccb98d46a8f8c5282cc29e2a622416ac27bf9530aa3f0110d262c8cbe23542aae24582804762ed4ad451cc68d9f9275ad04890b548cfb53b41551c526f10ed59da0124b55ba1ab8e501390054dec7bc99e85c11041e2f9c0781b0a3f98f4056cafd94ab4c1d5dc584e35bf56fed1420b8f54a223dcddaa9fc1a7757f3cdbba0f0ac20fdbbd817bd9612fcd51bbe255b35a1eeadc6eb4f81dd3b0d4f872f555a3c78e04e0477d9eee80af8d0462a6057e661a4c8662713eb88adc0d7268d9f29c0a93cda4c9ae0062ea1424dfbe02c6a7fcc469d72ac8b81719206c169d30978fdce3c6ef5f6ae68c121a55a9bb2542000e21dec5d3987a0b39d8fa62a6866bb33186ea3cab9e74231f5ee3ddaf8dab071001a8fa96bae5beefd3ba36e2c4fc7d46b5410afb4c6815d596cd8e3fc89cc6c7f8829aa7df936c44f4bac71c4031dfe18a99d46ed1999c9b57c1cd8075a7683973723d96238ba7cc92e34a8b11e9358a9fec625b878829b2427ac9ec4ee7ae0587d2c75fd5113a8c5ac04404de7d62a898b7ec5515cbf2e79554f9a059bc1b7f72181ffb9ff30e0bb63f51ab57917a94eb22e3d7dde8bf246a8281dadeff8e32a5cbccfd672b4b96d098f6e0a4a7e27e71a0d222a91a5d4561187ea99e592faf474d35e80612abacbd051a864c4427748e2b99b3ec98a277f38539f739ba52744720e15c12242a2d581ac2f89a5e43f541b2a02007f0ce67913a43a39a702c62a81d7b7560e0afaaf212f69862f3ed357ed6dd8e7e9307dd854257cf528606d73d8d564c1274d732417facc4166b36af263c2c7fc5a4e91230eb2b9196093ad9a1206fd240695dffae87d186b65e7421b6ba1b365b5ba86a5abd557e91ce00f51fc096916c985a8c7b1e5cff3ef9d9f388082a2a3d1fe58c48b39a3d2c395dbb395df0bc1a410d5803f7b40a9da3962c942773c1a72e4311abcb8d3e2711200055fb64d6d19e60da2e9a2b75e04b9f677d6a9da2c9bf7981463797d822b0273720a57dbfcd38ebf4bad0454a539d63e1bf22fac753df73cb7a0ec0fcebffae366f6a9a5ebbfa6c634cec083f4ced81e08937685eeb00a4d9aa6c8d78fe18b45e41d815115ec07b9a7513a32d96268ab0305ce72975c3dab3dfd1c1095f1ae0a19f45f1a63695ac38499bdf8856e262ea9e1cecb132ae96e187eb3ac2061679587dec0fc4f9d0eec21c9381b20d493ac1b3ddcbfe567378bce37c376f31bd7e75dab150d61c0a3b7c1491901a6b1f14b6362abbd2f9727df159f94e258bf5b1c27622a009cda964ea371fcfea7efc1ae8451dbcd245a6ec5519d17839b205dd099ed1cd974d5eead604f6469f176cabbffcb856fc5efb40a344e8867a6d8e41174a34ca62b3f44bc4418a3c76559558cfef0d0a837bc0208159b4809f067f0cd609cf1e9aba51eb3a0acbba189e66949959533268377b1ec6f5dec6d72edb1027bc4634df7a36978572a14d3210d09735ff23fabe3bac05ecb2e3bd3176b5d5c20d7634ed3c117087c8fa681d4d769f7edd2909ee3ee90dafbd73931942b956ba0b7f690ee55cdbef0c5ae3c5205a1bbb0b2e0c17c5b8487ffc50372c3239abe2df3f432ceef61e7acfda049a531ee2ed4ca83fdf6923d7c0be7c50f2a071f642438c66de57d0a4cf60f6bd5490c2a4d7fea2a275aea6bb95d562a155e3a9d5cc08b4f00d4ba3a68aecfb682e88262793c3ba1818e2e5b945836a64e85d1851cb808359b384a987cbc1a1e7c5643781d92f646ef782a9808487ebc768afa350921defb924d4891824790dbf1e429c9ba10d7d90c5b90d7386f587f9d139ce76fa94ce2a040698453d611154b712ce328d9249e8fe9ef3b7ddbd0a797fe23817b7eb6ce3c7f717a0c0ccf83e00ceeaa784f4f83d98ccbfecea8689f7440cfbbcfed97777c5d89b4c5a9bc5b2eff6c4a9eff173ce540f8a26864b89c3d1edd4a85d93104f5ad83152bd93af7ddd42bcf9ec3fc658c8e0b9b9fe5c80d363a543c082334e5e7675155c116c9df4b7d5136c846f304d998ceeb23cba9bc8c37b0a1b22b40e779c469d78c8295714be9f2e7b8999c4b34670b4508a07145a99ec069c0245248024132e51ddd72374d00771de87f63c665336029ae1b51fd773bb160a080bcf6e2c90e793b7a447c63664ca8ba5afdac20ecbb0de31f5f13761141fa63a82cb14de14a3d3887d4c17013de58e63b2ebba890f574b9a25f79bb24563e57cc25cbcacf2eac7f967f980cf154b0806c4e5f06f881798fa754d97348fdbb0b1540382f7fab7e9e7a630a285baa18506521befbf30f7623229629cd1bb16fc56262653489a970f992798bbd4a2751a97718dde7b06ee2e05a140d0f493288ef75274a384ea614172e8b4ae20ea34b2adab4d2c8d6f72b50994ffa737613bcd7803c83f22f658ddbe879e60e91d86c51640c0163d548f1d6528608356e84b015ab8ece1a24c9f3f10641baeada8def3e8aa84f3e957faff104a38262551fdb412146d1abe23dac20bd8726468365ffe08baae451cd35c8d792a55ada9e03a86845a9fe80da2624bcb3d5e2fcf874ba379e49ad407b3dde966e2e23474298fb10ee70caf3f2297130d3c0dbcfff9c74d04e131543f56737f4fd52f62307275dd25e67e0ac4e8a04c1208345bd9d12b8cbe2ee4d94bf57e3edf6f9011ec54219c19c48c1fe6478634c3538e19bf9ffda48e901f14f24c4274cca3a118ae1cca3cf6046545c592b7beeb0ddf51afdf3aad73ff800d7034d74bd80ceff8ab1c97339c1523030518abdd40cf47dfae0c0b2bbefbd22c4ead2cdf29484b605ecdc5d45836802afe7ea74ca114a63dd603d227311111b5d25c068d8ba1478f53f179512726f90b690ea40c5bae4ee00b38be8213525206979ce6077ca7a145df724172b207224a9baa4c24b6c03f044cd85bc420590de658c202fc52df87e80bd6234df89e74cef72615abb08a67b23bf5f817a74b4d6fd541cd78d82d0371781603cf58d44f5df526ea3b1387ab55d70b0e1b7cf0a87cd685c6e232034fa57ff987560f8943b2fdefd8f6bc2b86a14fc1d2954f057f052f4d93205acaef405f23757a66eb4cbc07dd044bdcc634603df924c0f1ebf4c4dded3ba23428a513d18b9ffbf1878287f8381ebef218bf75b35c91ad85a7f4d243fc8aee06b36c199ab4f85141d55f2ab6e5bcb5f6c2042012d3d86d55e6050b21ec9cbcede1e59ad0fe92c989a5b496a043ad8976304f686998a416fc6453866aebb3bd915b55865136f62685eb8184fce07a949f1b188a63664767c3722d6f9f2ab7b14d175395ec97d9a68d1d4ab022e7f113606e8e3590daca0bf88d926e16e21535f5f8b08d1439aa1a2c14560b83b003d9515a817bb7d8141c79f7196c3141b4535569355546118192661ce8a62f48d1821f90331f3cbbacf14aaa5d4b76cbc93fe99e500acacf82e17c5ba4be27b650a05c6887ef3a26607a5b983f8c028b4c44210c2864e2a3c64ab77fe6c9bd8e295dba68847ef50d185e2ad660ce7d7666fe2e922a9bc9e4e8bb6211b7db19da215e4184cd1bb9985986f150fa4167095a896997daa24ced00de61bb2bdaade99b77babd43957a1b9c16b909b334cb778f75865638fa8500dc302c1f7758af16c9048ce93b03826c62b5226817c03229cf93ecda8b6748293aaf9e539d1bde466768c5f35529a9bebf1ab79ec32d0c29758cc4a7ede2271a3bf122f188fb6cbafe70e434d8bbb5c2bbcd6c8e1afda879c78070f29060edf95ac623ac41a5068d766b23946d722d91d5b1eb73f3316822352451a7883ee55009958fbf6954618c7789ca41509bf0c2e72a2cc9bb89fff52f38cd6fe9fff54de5b95eaaf624b2fcb66fdbcc520f6fe0bf434b5feccd4f74706b60fa0df4787c6327d76e995eae567d2319b5336a6d9c7a37b0e116e718bcfa8c1930c52c3f2f02c0624e1d022e6b45374f9e08189b61ae02ba668009c7e98bdf905fd125111a079d9e3b91bb6cea26718e45cbfc4726ae61d810f1cb4529f4cfb7e8f2c5c88acda49a7182cea5eedfb655e0fa9e4b20969085a35ecf087af3554abb9e36183c8848b07c357360a9a2ebcd0410577acb2128557677e3e710789fcc39bb39f2bbf941b8ee0317ee130e569b897d03c735511e48410bd0dfce4eb382872a5a0a074862cf3624162969459592efdd2919af5bf213122d803686c26d727ade64c5aadd134e82c54f4a03ce70935eeb91c8095a6fb06807376667501bc90121a810f173256024061c0610f6800b94094ab0156dadc234aa001a778656c169b00e39e07df68355af4e9d795d56e491100f42afa96e6891ca1f8d7abf763377f2eabc61ac5572a1203d87f137463824dec622396822740f0a1f21d3d85503a8e185e13fd210739ffc0ba5767846548504bc6e2201bf0584b2e9c80068495e3083477b4c0f085bb18e0ca893e2be129e410841b453315273b0f0eaf02f3942060e9568570b4d47dcdf16fab024f578f74d3d9655611ba9c0be3531ada6fb2116f0c53d01d4ff61e56cea17372704b6e7a0d408c9120ff19253304faef60a3d70c1f43345908ef3ac1d8a4b24f7a6925b2684377178499159706db901844f6333bfd98b12df8e0bf21d1db4dcd283a026834f39e6a36ea953657e4e4b35582793c2ee9ab9bafd6d3b891b9c820150a821f5b0c1111aaac04eef9f33ccb21ac6ce91155d2868f8196eb68d1c43da9b42957762db7bb4e7b56f6e6fa1f85c98304619573285514f810d5db8659f06f20a47135f226b6783018a8714c89ff2917729a143db60e263fd1286e1551d37b7d756492ea9295eb96edbbb45e63463831de3b362224941f17ce42f2deb0161ad7f0e0245bc06b8e36e39a82440ff8fecde7bcd05b853f9fb8d2c9f642411640cdc2bb53bf5c3a25a92c0a465551a8c71c0451dc9009101d27c3705c3e9f29ac31e4dd84ccf647df6056b8004aab3b4c3e04d95193020c32137a4716e80c7682fd8e037870eec3117cf17d2ecdbf390550ada809d4682597294dd799ee783d0c84804bcec9df6bbde1f8acbcfa25eef83cb7696cb5bae24592d858e29a3023d4569a260692ea798196010962ce47c5f93ac643d88544ea1150bcb7b7480a888683c4980d96ca03313843b0d682febf5c86bca454d4fa051eae8a0c9148e15e6e7329728f3e384df5af5c732145c14837b2fda410590457ec16a9f0943372d7aaba7ecb9e5ab9a7bb5f076f350f1c36675466093e3758e272c836a454d9ac935d461e3282b27ba12ff80401657649c6ab23d6f633087f4dbfe1c20dd5d0947c89f00114d5f7d63d254463d37e0b4092bd", "33093daa1c5d2d4827ab4cfa92dcb2d8b2b7ea14c6cf1e5e9a30c37b29936d9b56498d3eba2fd3bf1fa240308474cbbae896658825b14f81dc93ddd9e1e490a08f0323e75af7a3d0506e4a9f581def20ace4cc3e7c5b2adf3473b2751a079297beb8bfe25941b8d3e5b09c6ffffca2fa3777f07ad4a686139b9bfb600bffc0f382b9327ad905f1d5699ea213c9dfa617b166e5a5b1229c8400cd14030bdb5d3ac761c4c7ce8b9bc544e5826afc610a74d1c71453d3420c90ebb4b93c5baf1c133fc6afce9fcc34e2f58e008b560cc59bfc64edd0128b70a7f0ddd9d5abcfe1327039c1a2e101217217b64ac444208868e1c59e6ae4ac9c766b3917ccad682c3837fa8cf554f48655b12f225b6aadacb729f475cce100f7af8c37a44ac87a98823438f68acc999814a0dc460348eb4fc05ab383b3e7e63a1914704a084c88c5a74bf2a682b0e822abc07bbc890bc6c2156c854a0348b1afa31bfcaa96de5df641b4aff0ff52f7a240c740e93472a80a0b07ad7bd15f4abee7a1a4eaa2c0ada4accf9f9d88a4227e1f0114d808e48b4a8ebd6124ef5bd2b1adcf8f8d9a50814812cc6c492b378a7b7f1e31f1e85aa50163cdb2da465ed094fd948baa7ca4c2a5e3fa15b125a38ffac4d8f63d3fbf20482aaa09cae106e37c0a65f44d5c1112b11a6ff76a0c7e9d9802f0d23c4749d5427070a887b6523e7442b8d9ff827742c498c2e51d8a818d9d31aade11c1872c33ca92f0a148545c63bb65cd658ab0d0b7ebef82d6e89417a44c8938ca0191e6ac1b35b0d92682d09bfd8beaa2f2271fe282c9d9014294aaf410e9a8edd4f94e9d9b9e212fccc713bba1b6010d79569d94f51faa30676076f9d74f67f73c739035a9f89ec3b7ce70553d718abc12c8df44615495eb36013209dd89e2d56f168b678d423528c239f3a35ab3dfeebaed752bd991e0497fe7ffa3021c1a2fe5b83fa1f5f699abc587626aaff2d1a60bf0ed3dbf1b8c95348716a47aae30fbaa7847bddd5bea9086cc2aa3965fd456483e7f13cae3dd84a3e6f8b8e6a90808173cb7296380549c1c2e1b2199d004d64722a60f0ad2356f5542ed03b9273a43fbe382b69660d638f1cd8e1e89e6641a6c71a440729141be4114883f594a6559bc96766bb350dc52e97305bf952a620e76d172181c55f652bb28a343b3b4d5afe612af87c3486744e5ef31215f4901759b3c2586d4952a1684c04e696dd1d95c77270354beea947611675825860ef4b2c0b70c136ae1ef2890506685f61ab88e05fe18a09e15d748d31d3c4c1e4ed4ea22f8db32b37fe9b8d8aa5b9f64d56f69f981af8a985fdce3913096a3befec6b00d43af8155a4e698fdbc2aa332f0db0618b4faf8456d975ef57e46fd451f98d2bc571df48c7df87235a94a4aa5aa37dd3ad4890ed02c08cce07698a5887636a3599884caf6cfc980d3a7a99a40cac1ed30ed2309ddbdac7bcd26d7eb9745d1b6e8be8965b0ac12fbdc80c752f67f23a3d98db9ceeb7c5b22c4249193a44e98c26acf4890daaabae9d1870c07af6866aa574b14e289c4dcada5f99ce5fb8cb4572728d7484aa965f2c5738d62cb3d5bc2fcc770f018c537736be02409ce3a36630c48deef4340c17c0a290ca4afbed9f543a66327481abb16ab61ec6410e0bdaab524e19a6978161adc7d114c36c73ba8e3709577d1d4afb57fec66fd5665e3e9c09715a4a9428f434408296ef326f603249d795879f3689d666d116715bdaceecff8f85c4dda59cd5f2888248627f407e847bfaa36c1a5bbab294da4fd8498f2caaf0063a0b17587b3df199ac2a2a51c5b99397ac08f7a8f083611598d1171cddd1e2ae3256952e103e4ca519ac8407b2f307b66c19b3d98c806245eb1cbd66ce259a084b2c800ff09bddd783cac57b0fe22f9ab112f46d718eda9a5d7b43eaeccfd5b1eb4be3432ef93fc550d36d0b03ba9df6da820e257bf539116483058c833a008e2815a837887f3207e543393f3fa82b3923f2093aaf010e8a1ce12cd4fc7b5bf807d3f6d763e4fa4a018e68fa3bd65aca5e3d1bcfc090d9e7196373cd6e508f76a0dfceb3376cd55d3ce2fc15b10c3ecd48f3db8a1ab9d2eaf7de7d8b6ba30b1e33a691cf9eeccf30882cd4bb2ece798977224222ceb9b74a6725b1117ffc47a722a1f797e6607c8b17a6cee9273793a99c27c9507b74a82d8998853b25f0b1a8f1ea728774b32d9434968188982d8166f50bdc848604ae11070329afdd24c2408e3ba0d72421250c908e9a811416c6871b0ba95e075a16266ee7350b04882edef7adab01a7ec288e97099a16f9bf00738db613a0259c77f949adeedb96ec50f8f1aba1cbed787a588966cd33255ed6ff35edc7d489d1987c4ccecf5fec242138e3df90a6532fc18980a35bc249bdb98484459ed136fdb35a02ccd3eb6cc95adf64e49c3826f97706aaef1fa399e55f81030446f56149bd7240e0593cea3efb2301450bac3cab741dd6e56dc1c5c1e58f9fef57fc85adb3004e83f7801d6cd82020f893fffaafce8aa6eae04f588953b4b46d9d5f96acc041e165d56ae2a891ee3db52c0d90fe1b975fe8f8c7750d864948387458ee55d9aee00f557e7827b34634aa98b2770e86e6838653a834592f75bca8875b99b8fb74e4ea1db73c141cf0822264148bf8e3c25099490ab4a82fdad7ff469b8508f1b15fbe1667f8dc6d32ca22e423de62318195cdb5a1ceaea2bd02a5753e4c5fbe557536cd8b68bf57121bb5fdb86057b91c471249df421bced24be83d02252dba2f04c48e38822f7fa4d07798cdca66c3042d6fd7d7a60ab02551731a083d600aeb99a07ba2edaa6387a6ab3bdf74934192b57a2f88d505781f251a8faaad3b35910ef3ca6a4d21c9ed5396c6cbd17ff7b49ea78e23566837365d4cc85490c496d7fe2aa85e9fe7f004948310c4cc6c0a0d24dd8b86672165dad2194f36b773e91365cd74546a801bc9ffd9f80345ad8651cbc4ca743ce1a12a7886cd676c3e48fe1c34a7c3a48bf04217a4407dbc1644032bb3c344eedfbda9285b72df9934266d6ad5d47f0b764111b55a76bb5ea2ad3647e136be957a43624ea6b76a287c834884cf7d92c690ef20f8a38c995f716c4ee40fc7e1a22f36721db503f502868e27f38c2d4e5760eac67fe6e9e4fe4dac51289eeb87f792a2fd6ae417be5a32501cb20c3b6eb3f6f3b1d0f33f0770b7c8944256e390f1b499a9756e7fc5a10d1f9e5184da0bbd063e5beeb5b0d2da7eb4c6346ab6141806a65e22f267fdc984c9fa816292fafcb1379c2ae984ff4e07db31c71dce3243ff68f308db78821e79de4aed8e0a65c55254772fddb57be22b91b008c39f3a26400fbba947c68da108bdd4e5b354d7e11501d2230c86b8072ac8ffd8fc73f04d0840b4bfb503d71a8c682578f11eb5ed70cdeb6e445913ddb4cb765653ad597c91bf995a39b3651138419d45ad5faed648c0780ce7592e68bf6306cee877b1ebf6069bd9800f16525af6413901b703f5bf2fc89481d99ffdf658deb13c86e1f6874bc2b5c6826efdeffefc1f4f06d45454c56d204f17f6109bc3f5da77ae0a0d56b4065746318b673f1d3ddb1fe25c5058d6b55f6326e01d6a1956b09b541c177bd88a442bc7d5f084adc99ac293483397ab86c5bbb032648c98e75a593a48f5acd6890f34e1b25f58e364e232b0abeca7870f9e44aafd25500c93c50d06ef6b3d717981af8862b727bc90a3c32dec5be03d63426013a7fda8bd5c7c73e6ab30184b5f1eeb51178c9e02b71a815b13d84d1cd537d089c03324898d02f48775e7535b9004bd7b1087b6c82143cab807d9985baf63424cf912979a0d5200118c908773390eca5eb56cb1ad7f3b66ac2c3ddc382e4019fdbb3c965e11f4fc46a5d3a3684814176172d41463b3b485bb925847a8f11d3c81e1119b1636dd45fd9c5e97b71413d7b9407293d458b5580a749afc87acb9e3df90fcc38e013d92f1847b96caf47a63583976ab821cd2dde9bb8cf23258712e00b6239cd5d658864a9adad695166aed7a0a74b4995af395c7fe3ff96eb78c4e4c627a27ed35cbd5d3a2507640fc7e1e0a5bfa34ee6e189f18c3e5a999603f327252e17bedf0fb69d745e3023e6055aa6ddd3cc7934ecf1f6ed35c67b4664893daaf2f57dfc9d4d8c39f13413015b0b052984a116f670b1d6a5cd83bca7b7dca395d3c1976c0f4d2f4de57e943f4f739dffe01c06c8fc0a6d802a192599645858265e035a1867bbf66f9247e90e7e353e1183794bbd71303b23426919ed68c6d2b3f279f9aca1751df282417d0f33ac0a1932953286bd42cf4d3e51f1fc40b6d0621ffd5aaa3313d09f66aa198513cb90a31ebf314b702f496e7439b5f5f765403562fcf8a435969bfd042c8c4f82ef39cfea61298f5156f5a9effa043b55582d39aa638ba73d2a19fc554f3ffc5fdbdc9a3919755b855ae2223fb273ba05f94fe27c6138baf097cab203fce23dd8c071872e78f3578b39eb21add9e89042c05ecc259d5befda7f958648032e0c3ab2a563a0802ccc20c8574a0469a50de6a5bad77f856a5247411fcd59a49b54c2b062ce074f8ba2a9412cf50ce954c96651ae1cd96cf2ce8f3b752182afcf16881a69d1f03e2fccc17c6c33f363143d8c86d24243cc121cedbaa89998772319384077db2f5ffc0ee84df69b8c07fc7444577c9b43ab3608a6bf5b9855b68581e8e5a1272e3ad44e619ed5937c2a2cfe86b2a7436c84a0519b3499a7a9abbe36366d7c6d77a93834ec904fc0817ebc9d234a0e4ae99cc59763b130bb936b6c4679d1ec3462e8a816fdbed162ac1dca0a9a9cd4ec6772f98935b57329dcab61ba613b7ce74d348206e7ce32838227216950b9ccd3c0fcd559dfefe398cf172a4f3e196105176f330b2836ff7985dfeea7d11e78cc051f5488897d037d5269786ceec64b7a7ace6b4cdc38cd5e27f23b9f48e9d691e6c62f9b5947b68a2530cf59240c2e82e952a0dec08628abe7fdf6339fc6c45bc66d3acc194db65d670765704991b056e359c283cdc35f761c551fdbf5dbd54b9dc7cb0b5c189bdc1921474ce7e1565cb84a733313144086b27a4fe9da410b002a88533c09570e67db6639ab33c5c32bbcb8411282d658dc10c29926fd09216ee67055daa90a83d102ff8eef4a2d6440e01b2283d933fe6f0c8467acfc49330c31bd92dc29cd5d380cc6a3ddd62a40f3ac99be69b97f24e86391a1591fa170dfe445d8b79c83cc36af0e77a4598988b734ea8b27afd599d293d45280a76b520c69a3177035423354c9c5db4e83adb9b2e57b7bd9e36ba04330c5247d663ea9c7dbb3885be3a6ebd15a0a30135fb9710409da1dbad5446964640ec0111a82d8541f45427a5e560d71af160a30e5442a64dcf3395b957197bbc60d144c1504682fdb4dac09c4ec90b81ab8aae28b58aadd9b2869754d880da7c56deaad9d96fe2fc9aa19036e8835c2358191d8034412fb3e595514b9768a02cbf0a3c531060706f7ced42ecc2b6ff15433dcd16775e550cee37f3e27a0a50fd9fe73d347c7c9a8eb1723c84335cc5425910650929e716147060bf37bfe61da6239c42a8f7d6dac774ceb599e5326cd9421c8d8c69b0ee7891c79c548eb434eb56cac9aee68d37253fa81efd8e0902c3eff1acb5194a0b5f412b9142e07a5df7193cf75eb589a2024de05b08f56947cef927f85b8e325f6fc5db96f2a162a6ef97c7481cc2c8c3101df33fdaab8dd387b8e5dff2a7c87f0c452506ab05dcf92509ebedb4f5e"})

21:37:20 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x4000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:20 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x100000000000000)

21:37:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x1)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a626300000000e324983083d9281832be37a92bf89690e78211aafcc7ddf269f9d29caab4bcdf4632a0cdae3db728", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f00000000c0)=0x1, 0x4)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1349.864258] loop3: p255 start 1 is beyond EOD, truncated
[ 1349.930508] binder: 22925:22929 got transaction to context manager from process owning it
[ 1349.943198] binder: 22925:22929 got transaction to invalid handle
[ 1349.968906] binder: 22925:22933 got transaction to context manager from process owning it
21:37:21 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x13]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1349.995347] binder: 22925:22929 got transaction to invalid handle
[ 1350.069648]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1350.069663] loop3: partition table partially beyond EOD, 
[ 1350.140218] binder: release 22942:22944 transaction 6270 out, still active
[ 1350.175370] binder_alloc: 22942: binder_alloc_buf, no vma
[ 1350.186295] binder: BINDER_SET_CONTEXT_MGR already set
[ 1350.190339] binder: unexpected work type, 4, not freed
[ 1350.193204] binder_alloc: 22942: binder_alloc_buf, no vma
[ 1350.203379] binder: 22942:22944 ioctl 40046207 0 returned -16
[ 1350.210312] binder: 22942:22948 got transaction to invalid handle
[ 1350.211686] binder: undelivered TRANSACTION_COMPLETE
[ 1350.235071] binder: send failed reply for transaction 6270, target dead
[ 1350.239124] truncated
[ 1350.245921] loop3: p1 start 1 is beyond EOD, truncated
[ 1350.252289] loop3: p2 size 2 extends beyond EOD, truncated
[ 1350.263473] loop3: p3 start 201 is beyond EOD, truncated
[ 1350.269928] loop3: p4 start 301 is beyond EOD, truncated
[ 1350.277043] loop3: p5 start 1 is beyond EOD, truncated
[ 1350.282708] loop3: p6 start 1 is beyond EOD, truncated
[ 1350.291618] loop3: p7 start 1 is beyond EOD, truncated
[ 1350.297721] loop3: p8 start 1 is beyond EOD, truncated
[ 1350.303210] loop3: p9 start 1 is beyond EOD, truncated
[ 1350.309134] loop3: p10 start 1 is beyond EOD, truncated
[ 1350.314749] loop3: p11 start 1 is beyond EOD, truncated
[ 1350.320166] loop3: p12 start 1 is beyond EOD, truncated
[ 1350.325752] loop3: p13 start 1 is beyond EOD, truncated
[ 1350.331142] loop3: p14 start 1 is beyond EOD, truncated
[ 1350.336600] loop3: p15 start 1 is beyond EOD, truncated
[ 1350.342011] loop3: p16 start 1 is beyond EOD, truncated
[ 1350.347448] loop3: p17 start 1 is beyond EOD, truncated
[ 1350.352822] loop3: p18 start 1 is beyond EOD, truncated
[ 1350.358267] loop3: p19 start 1 is beyond EOD, truncated
[ 1350.363656] loop3: p20 start 1 is beyond EOD, truncated
[ 1350.369107] loop3: p21 start 1 is beyond EOD, truncated
[ 1350.374820] loop3: p22 start 1 is beyond EOD, truncated
[ 1350.380217] loop3: p23 start 1 is beyond EOD, truncated
[ 1350.385650] loop3: p24 start 1 is beyond EOD, truncated
[ 1350.391030] loop3: p25 start 1 is beyond EOD, truncated
[ 1350.396836] loop3: p26 start 1 is beyond EOD, truncated
[ 1350.402205] loop3: p27 start 1 is beyond EOD, truncated
[ 1350.407666] loop3: p28 start 1 is beyond EOD, truncated
[ 1350.413036] loop3: p29 start 1 is beyond EOD, truncated
[ 1350.419258] loop3: p30 start 1 is beyond EOD, truncated
[ 1350.424705] loop3: p31 start 1 is beyond EOD, truncated
[ 1350.430088] loop3: p32 start 1 is beyond EOD, truncated
[ 1350.435569] loop3: p33 start 1 is beyond EOD, truncated
[ 1350.440941] loop3: p34 start 1 is beyond EOD, truncated
[ 1350.446394] loop3: p35 start 1 is beyond EOD, truncated
[ 1350.451764] loop3: p36 start 1 is beyond EOD, truncated
[ 1350.457189] loop3: p37 start 1 is beyond EOD, truncated
[ 1350.462557] loop3: p38 start 1 is beyond EOD, truncated
[ 1350.467968] loop3: p39 start 1 is beyond EOD, truncated
[ 1350.473349] loop3: p40 start 1 is beyond EOD, truncated
[ 1350.478886] loop3: p41 start 1 is beyond EOD, truncated
[ 1350.484257] loop3: p42 start 1 is beyond EOD, truncated
[ 1350.489715] loop3: p43 start 1 is beyond EOD, truncated
[ 1350.495116] loop3: p44 start 1 is beyond EOD, truncated
[ 1350.500471] loop3: p45 start 1 is beyond EOD, truncated
[ 1350.505919] loop3: p46 start 1 is beyond EOD, truncated
[ 1350.511316] loop3: p47 start 1 is beyond EOD, truncated
[ 1350.516734] loop3: p48 start 1 is beyond EOD, truncated
[ 1350.522120] loop3: p49 start 1 is beyond EOD, truncated
[ 1350.527530] loop3: p50 start 1 is beyond EOD, truncated
[ 1350.532899] loop3: p51 start 1 is beyond EOD, truncated
[ 1350.538339] loop3: p52 start 1 is beyond EOD, truncated
[ 1350.543720] loop3: p53 start 1 is beyond EOD, truncated
[ 1350.549955] loop3: p54 start 1 is beyond EOD, truncated
[ 1350.555413] loop3: p55 start 1 is beyond EOD, truncated
[ 1350.560787] loop3: p56 start 1 is beyond EOD, truncated
[ 1350.566240] loop3: p57 start 1 is beyond EOD, truncated
[ 1350.571610] loop3: p58 start 1 is beyond EOD, truncated
[ 1350.577048] loop3: p59 start 1 is beyond EOD, truncated
[ 1350.582414] loop3: p60 start 1 is beyond EOD, truncated
[ 1350.587824] loop3: p61 start 1 is beyond EOD, truncated
[ 1350.593206] loop3: p62 start 1 is beyond EOD, truncated
[ 1350.598644] loop3: p63 start 1 is beyond EOD, truncated
[ 1350.604030] loop3: p64 start 1 is beyond EOD, truncated
[ 1350.609475] loop3: p65 start 1 is beyond EOD, truncated
[ 1350.614902] loop3: p66 start 1 is beyond EOD, truncated
[ 1350.620274] loop3: p67 start 1 is beyond EOD, truncated
[ 1350.625714] loop3: p68 start 1 is beyond EOD, truncated
[ 1350.631100] loop3: p69 start 1 is beyond EOD, truncated
[ 1350.636562] loop3: p70 start 1 is beyond EOD, truncated
[ 1350.641941] loop3: p71 start 1 is beyond EOD, truncated
[ 1350.647512] loop3: p72 start 1 is beyond EOD, truncated
[ 1350.652885] loop3: p73 start 1 is beyond EOD, truncated
[ 1350.658327] loop3: p74 start 1 is beyond EOD, truncated
[ 1350.663700] loop3: p75 start 1 is beyond EOD, truncated
[ 1350.669144] loop3: p76 start 1 is beyond EOD, truncated
[ 1350.674531] loop3: p77 start 1 is beyond EOD, truncated
[ 1350.680786] loop3: p78 start 1 is beyond EOD, truncated
[ 1350.686214] loop3: p79 start 1 is beyond EOD, truncated
[ 1350.691582] loop3: p80 start 1 is beyond EOD, truncated
[ 1350.697023] loop3: p81 start 1 is beyond EOD, truncated
[ 1350.702410] loop3: p82 start 1 is beyond EOD, truncated
[ 1350.707855] loop3: p83 start 1 is beyond EOD, truncated
[ 1350.713226] loop3: p84 start 1 is beyond EOD, truncated
[ 1350.718647] loop3: p85 start 1 is beyond EOD, truncated
[ 1350.724028] loop3: p86 start 1 is beyond EOD, truncated
[ 1350.729603] loop3: p87 start 1 is beyond EOD, truncated
[ 1350.735348] loop3: p88 start 1 is beyond EOD, truncated
[ 1350.740741] loop3: p89 start 1 is beyond EOD, truncated
[ 1350.746513] loop3: p90 start 1 is beyond EOD, truncated
[ 1350.751893] loop3: p91 start 1 is beyond EOD, truncated
[ 1350.758099] loop3: p92 start 1 is beyond EOD, truncated
[ 1350.763502] loop3: p93 start 1 is beyond EOD, truncated
[ 1350.769345] loop3: p94 start 1 is beyond EOD, truncated
[ 1350.775236] loop3: p95 start 1 is beyond EOD, truncated
[ 1350.780635] loop3: p96 start 1 is beyond EOD, truncated
[ 1350.786424] loop3: p97 start 1 is beyond EOD, truncated
[ 1350.791813] loop3: p98 start 1 is beyond EOD, truncated
[ 1350.797915] loop3: p99 start 1 is beyond EOD, truncated
[ 1350.803339] loop3: p100 start 1 is beyond EOD, truncated
[ 1350.809692] loop3: p101 start 1 is beyond EOD, truncated
[ 1350.815227] loop3: p102 start 1 is beyond EOD, truncated
[ 1350.820684] loop3: p103 start 1 is beyond EOD, truncated
[ 1350.826203] loop3: p104 start 1 is beyond EOD, truncated
[ 1350.831658] loop3: p105 start 1 is beyond EOD, truncated
[ 1350.837170] loop3: p106 start 1 is beyond EOD, truncated
[ 1350.842672] loop3: p107 start 1 is beyond EOD, truncated
[ 1350.848186] loop3: p108 start 1 is beyond EOD, truncated
[ 1350.853673] loop3: p109 start 1 is beyond EOD, truncated
[ 1350.859170] loop3: p110 start 1 is beyond EOD, truncated
[ 1350.864700] loop3: p111 start 1 is beyond EOD, truncated
[ 1350.870239] loop3: p112 start 1 is beyond EOD, truncated
[ 1350.875750] loop3: p113 start 1 is beyond EOD, truncated
[ 1350.881215] loop3: p114 start 1 is beyond EOD, truncated
[ 1350.886742] loop3: p115 start 1 is beyond EOD, truncated
[ 1350.892207] loop3: p116 start 1 is beyond EOD, truncated
[ 1350.897744] loop3: p117 start 1 is beyond EOD, truncated
[ 1350.903228] loop3: p118 start 1 is beyond EOD, truncated
[ 1350.908785] loop3: p119 start 1 is beyond EOD, truncated
[ 1350.914242] loop3: p120 start 1 is beyond EOD, truncated
[ 1350.919767] loop3: p121 start 1 is beyond EOD, truncated
[ 1350.925271] loop3: p122 start 1 is beyond EOD, truncated
[ 1350.930714] loop3: p123 start 1 is beyond EOD, truncated
[ 1350.937125] loop3: p124 start 1 is beyond EOD, truncated
[ 1350.942618] loop3: p125 start 1 is beyond EOD, truncated
[ 1350.948180] loop3: p126 start 1 is beyond EOD, truncated
[ 1350.953651] loop3: p127 start 1 is beyond EOD, truncated
[ 1350.959214] loop3: p128 start 1 is beyond EOD, truncated
[ 1350.964720] loop3: p129 start 1 is beyond EOD, truncated
[ 1350.970174] loop3: p130 start 1 is beyond EOD, truncated
[ 1350.975943] loop3: p131 start 1 is beyond EOD, truncated
[ 1350.981416] loop3: p132 start 1 is beyond EOD, truncated
[ 1350.986955] loop3: p133 start 1 is beyond EOD, truncated
[ 1350.992423] loop3: p134 start 1 is beyond EOD, truncated
[ 1350.997948] loop3: p135 start 1 is beyond EOD, truncated
[ 1351.003406] loop3: p136 start 1 is beyond EOD, truncated
[ 1351.008906] loop3: p137 start 1 is beyond EOD, truncated
[ 1351.014362] loop3: p138 start 1 is beyond EOD, truncated
[ 1351.019865] loop3: p139 start 1 is beyond EOD, truncated
[ 1351.025409] loop3: p140 start 1 is beyond EOD, truncated
[ 1351.030860] loop3: p141 start 1 is beyond EOD, truncated
[ 1351.036795] loop3: p142 start 1 is beyond EOD, truncated
[ 1351.042243] loop3: p143 start 1 is beyond EOD, truncated
[ 1351.047779] loop3: p144 start 1 is beyond EOD, truncated
[ 1351.053245] loop3: p145 start 1 is beyond EOD, truncated
[ 1351.058750] loop3: p146 start 1 is beyond EOD, truncated
[ 1351.064216] loop3: p147 start 1 is beyond EOD, truncated
[ 1351.070484] loop3: p148 start 1 is beyond EOD, truncated
[ 1351.076039] loop3: p149 start 1 is beyond EOD, truncated
[ 1351.081497] loop3: p150 start 1 is beyond EOD, truncated
[ 1351.087044] loop3: p151 start 1 is beyond EOD, truncated
[ 1351.092503] loop3: p152 start 1 is beyond EOD, truncated
[ 1351.098025] loop3: p153 start 1 is beyond EOD, truncated
[ 1351.103501] loop3: p154 start 1 is beyond EOD, truncated
[ 1351.109029] loop3: p155 start 1 is beyond EOD, truncated
[ 1351.114487] loop3: p156 start 1 is beyond EOD, truncated
[ 1351.119994] loop3: p157 start 1 is beyond EOD, truncated
[ 1351.125482] loop3: p158 start 1 is beyond EOD, truncated
[ 1351.130922] loop3: p159 start 1 is beyond EOD, truncated
[ 1351.136480] loop3: p160 start 1 is beyond EOD, truncated
[ 1351.141948] loop3: p161 start 1 is beyond EOD, truncated
[ 1351.147466] loop3: p162 start 1 is beyond EOD, truncated
[ 1351.152938] loop3: p163 start 1 is beyond EOD, truncated
[ 1351.158486] loop3: p164 start 1 is beyond EOD, truncated
[ 1351.163956] loop3: p165 start 1 is beyond EOD, truncated
[ 1351.169549] loop3: p166 start 1 is beyond EOD, truncated
[ 1351.175041] loop3: p167 start 1 is beyond EOD, truncated
[ 1351.180495] loop3: p168 start 1 is beyond EOD, truncated
[ 1351.186000] loop3: p169 start 1 is beyond EOD, truncated
[ 1351.191480] loop3: p170 start 1 is beyond EOD, truncated
[ 1351.197793] loop3: p171 start 1 is beyond EOD, truncated
[ 1351.203245] loop3: p172 start 1 is beyond EOD, truncated
[ 1351.208791] loop3: p173 start 1 is beyond EOD, truncated
[ 1351.214267] loop3: p174 start 1 is beyond EOD, truncated
[ 1351.219802] loop3: p175 start 1 is beyond EOD, truncated
[ 1351.225294] loop3: p176 start 1 is beyond EOD, truncated
[ 1351.230733] loop3: p177 start 1 is beyond EOD, truncated
[ 1351.236251] loop3: p178 start 1 is beyond EOD, truncated
[ 1351.241728] loop3: p179 start 1 is beyond EOD, truncated
[ 1351.247256] loop3: p180 start 1 is beyond EOD, truncated
[ 1351.252734] loop3: p181 start 1 is beyond EOD, truncated
[ 1351.258249] loop3: p182 start 1 is beyond EOD, truncated
[ 1351.263717] loop3: p183 start 1 is beyond EOD, truncated
[ 1351.269218] loop3: p184 start 1 is beyond EOD, truncated
[ 1351.274743] loop3: p185 start 1 is beyond EOD, truncated
[ 1351.280186] loop3: p186 start 1 is beyond EOD, truncated
[ 1351.285718] loop3: p187 start 1 is beyond EOD, truncated
[ 1351.291177] loop3: p188 start 1 is beyond EOD, truncated
[ 1351.296698] loop3: p189 start 1 is beyond EOD, truncated
[ 1351.302171] loop3: p190 start 1 is beyond EOD, truncated
[ 1351.307690] loop3: p191 start 1 is beyond EOD, truncated
[ 1351.313164] loop3: p192 start 1 is beyond EOD, truncated
[ 1351.318693] loop3: p193 start 1 is beyond EOD, truncated
[ 1351.324146] loop3: p194 start 1 is beyond EOD, truncated
[ 1351.330370] loop3: p195 start 1 is beyond EOD, truncated
[ 1351.335944] loop3: p196 start 1 is beyond EOD, truncated
[ 1351.341406] loop3: p197 start 1 is beyond EOD, truncated
[ 1351.346937] loop3: p198 start 1 is beyond EOD, truncated
[ 1351.352399] loop3: p199 start 1 is beyond EOD, truncated
[ 1351.357901] loop3: p200 start 1 is beyond EOD, truncated
[ 1351.363375] loop3: p201 start 1 is beyond EOD, truncated
[ 1351.368891] loop3: p202 start 1 is beyond EOD, truncated
[ 1351.374355] loop3: p203 start 1 is beyond EOD, truncated
[ 1351.379857] loop3: p204 start 1 is beyond EOD, truncated
[ 1351.385347] loop3: p205 start 1 is beyond EOD, truncated
[ 1351.390804] loop3: p206 start 1 is beyond EOD, truncated
[ 1351.396299] loop3: p207 start 1 is beyond EOD, truncated
[ 1351.401780] loop3: p208 start 1 is beyond EOD, truncated
[ 1351.407316] loop3: p209 start 1 is beyond EOD, truncated
[ 1351.412784] loop3: p210 start 1 is beyond EOD, truncated
[ 1351.418281] loop3: p211 start 1 is beyond EOD, truncated
[ 1351.423767] loop3: p212 start 1 is beyond EOD, truncated
[ 1351.429278] loop3: p213 start 1 is beyond EOD, truncated
[ 1351.434800] loop3: p214 start 1 is beyond EOD, truncated
[ 1351.440254] loop3: p215 start 1 is beyond EOD, truncated
[ 1351.445774] loop3: p216 start 1 is beyond EOD, truncated
[ 1351.451239] loop3: p217 start 1 is beyond EOD, truncated
[ 1351.457516] loop3: p218 start 1 is beyond EOD, truncated
[ 1351.462961] loop3: p219 start 1 is beyond EOD, truncated
[ 1351.468497] loop3: p220 start 1 is beyond EOD, truncated
[ 1351.473965] loop3: p221 start 1 is beyond EOD, truncated
[ 1351.479496] loop3: p222 start 1 is beyond EOD, truncated
[ 1351.484981] loop3: p223 start 1 is beyond EOD, truncated
[ 1351.490423] loop3: p224 start 1 is beyond EOD, truncated
[ 1351.495914] loop3: p225 start 1 is beyond EOD, truncated
[ 1351.501369] loop3: p226 start 1 is beyond EOD, truncated
[ 1351.506880] loop3: p227 start 1 is beyond EOD, truncated
[ 1351.512376] loop3: p228 start 1 is beyond EOD, truncated
[ 1351.518653] loop3: p229 start 1 is beyond EOD, truncated
[ 1351.524113] loop3: p230 start 1 is beyond EOD, truncated
[ 1351.529678] loop3: p231 start 1 is beyond EOD, truncated
[ 1351.535170] loop3: p232 start 1 is beyond EOD, truncated
[ 1351.540608] loop3: p233 start 1 is beyond EOD, truncated
[ 1351.546118] loop3: p234 start 1 is beyond EOD, truncated
[ 1351.551573] loop3: p235 start 1 is beyond EOD, truncated
[ 1351.557091] loop3: p236 start 1 is beyond EOD, truncated
[ 1351.562554] loop3: p237 start 1 is beyond EOD, truncated
[ 1351.568052] loop3: p238 start 1 is beyond EOD, truncated
[ 1351.573517] loop3: p239 start 1 is beyond EOD, truncated
[ 1351.579016] loop3: p240 start 1 is beyond EOD, truncated
[ 1351.584481] loop3: p241 start 1 is beyond EOD, truncated
[ 1351.590807] loop3: p242 start 1 is beyond EOD, truncated
[ 1351.596328] loop3: p243 start 1 is beyond EOD, truncated
[ 1351.601784] loop3: p244 start 1 is beyond EOD, truncated
[ 1351.607298] loop3: p245 start 1 is beyond EOD, truncated
[ 1351.612785] loop3: p246 start 1 is beyond EOD, truncated
[ 1351.618289] loop3: p247 start 1 is beyond EOD, truncated
[ 1351.623761] loop3: p248 start 1 is beyond EOD, truncated
[ 1351.629268] loop3: p249 start 1 is beyond EOD, truncated
[ 1351.634759] loop3: p250 start 1 is beyond EOD, truncated
21:37:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

[ 1351.640218] loop3: p251 start 1 is beyond EOD, truncated
[ 1351.645724] loop3: p252 start 1 is beyond EOD, truncated
[ 1351.651186] loop3: p253 start 1 is beyond EOD, truncated
[ 1351.656714] loop3: p254 start 1 is beyond EOD, truncated
[ 1351.662189] loop3: p255 start 1 is beyond EOD, truncated
21:37:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:22 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x6800)

21:37:22 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xa00000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:22 executing program 4:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2040, 0x0)
name_to_handle_at(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0xea, 0x6, "5cea60ba51a1f22ba18c46730fd2ad3dc082189aeedb56c27dbe30204a5ab49e2481f25f4a37dd83bc7ecf747be0919e9e9bea9a42154a89663c409ce4f8ef53a92965b85f6d2ff62f37902d48c5e2e70af558dff623cfcbbd464e445bf7c853a8b48d767d5b22d74f9db1a5ac171585a0d17286eee3e18b3fb1a51571a69f2b4b47bae348bf30b33ff80e90eb9e2729c3093cd51555f2f74dd97d7020ce0a55e3c11c8c06e3d3448b700dce0f056a7c88f093dbc286ade4b199572cec41890911f6acfe0b5e2d79dc1fae48bce041bc29599685a37d2f2d64a5c3dc69b7ab3d67f3"}, &(0x7f0000001180), 0x1400)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000180), 0x1000)

21:37:22 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:37:22 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x12]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1351.769898] binder_alloc_mmap_handler: 5 callbacks suppressed
[ 1351.769916] binder_alloc: binder_alloc_mmap_handler: 22955 20001000-20004000 already mapped failed -16
[ 1351.804133] binder: 22957:22961 got transaction to invalid handle
[ 1351.819954] binder_transaction: 8 callbacks suppressed
[ 1351.819975] binder: 22957:22961 transaction failed 29201/-22, size 0-0 line 2834
[ 1351.861225] binder_alloc: binder_alloc_mmap_handler: 22957 20001000-20004000 already mapped failed -16
21:37:22 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x6)

[ 1351.919097] binder: 22957:22973 got transaction to invalid handle
[ 1351.930087] binder: 22957:22973 transaction failed 29201/-22, size 0-0 line 2834
[ 1351.938793] binder_release_work: 8 callbacks suppressed
[ 1351.938800] binder: undelivered TRANSACTION_ERROR: 29201
[ 1351.957965] binder: undelivered TRANSACTION_ERROR: 29201
21:37:23 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x500000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1351.979125]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1351.979140] loop3: partition table partially beyond EOD, 
21:37:23 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
fsetxattr$trusted_overlay_nlink(r1, &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'U+', 0x1ff}, 0x28, 0x0)
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = semget(0x3, 0x7, 0x24a)
semctl$SETVAL(r2, 0x0, 0x10, &(0x7f0000000140)=0x1)

[ 1352.079568] truncated
[ 1352.082520] loop3: p1 start 1 is beyond EOD, truncated
[ 1352.113802] loop3: p2 size 2 extends beyond EOD, truncated
[ 1352.148107] loop3: p3 start 201 is beyond EOD, truncated
[ 1352.174779] loop3: p4 start 301 is beyond EOD, truncated
[ 1352.191558] loop3: p5 start 1 is beyond EOD, truncated
[ 1352.197565] loop3: p6 start 1 is beyond EOD, truncated
[ 1352.203210] loop3: p7 start 1 is beyond EOD, truncated
[ 1352.209636] loop3: p8 start 1 is beyond EOD, truncated
[ 1352.217317] loop3: p9 start 1 is beyond EOD, truncated
[ 1352.223121] loop3: p10 start 1 is beyond EOD, truncated
[ 1352.229043] loop3: p11 start 1 is beyond EOD, truncated
[ 1352.236157] loop3: p12 start 1 is beyond EOD, truncated
[ 1352.240533] binder: release 22986:22990 transaction 6281 out, still active
[ 1352.241826] loop3: p13 start 1 is beyond EOD, truncated
[ 1352.249230] binder_alloc: 22986: binder_alloc_buf, no vma
[ 1352.254944] loop3: p14 start 1 is beyond EOD, truncated
[ 1352.262823] binder: unexpected work type, 4, not freed
[ 1352.265821] loop3: p15 start 1 is beyond EOD, truncated
[ 1352.275025] binder: undelivered TRANSACTION_COMPLETE
[ 1352.276660] binder: 22986:22990 transaction failed 29189/-3, size 0-0 line 2973
[ 1352.289599] loop3: p16 start 1 is beyond EOD, truncated
21:37:23 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x2000000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:23 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x6000000)

[ 1352.295659] loop3: p17 start 1 is beyond EOD, truncated
[ 1352.301932] loop3: p18 start 1 is beyond EOD, truncated
[ 1352.308005] loop3: p19 start 1 is beyond EOD, truncated
[ 1352.313667] loop3: p20 start 1 is beyond EOD, truncated
[ 1352.319814] loop3: p21 start 1 is beyond EOD, truncated
[ 1352.325812] loop3: p22 start 1 is beyond EOD, truncated
[ 1352.333302] loop3: p23 start 1 is beyond EOD, truncated
[ 1352.340254] binder_alloc: binder_alloc_mmap_handler: 22986 20001000-20004000 already mapped failed -16
[ 1352.350581] loop3: p24 start 1 is beyond EOD, truncated
[ 1352.364080] loop3: p25 start 1 is beyond EOD, truncated
[ 1352.371887] binder: BINDER_SET_CONTEXT_MGR already set
[ 1352.377837] loop3: p26 start 1 is beyond EOD, truncated
[ 1352.386947] binder: 22986:22990 ioctl 40046207 0 returned -16
[ 1352.401109] loop3: p27 start 1 is beyond EOD, truncated
[ 1352.411908] binder_alloc: 22986: binder_alloc_buf, no vma
[ 1352.415529] binder_alloc: binder_alloc_mmap_handler: 22996 20ffd000-21000000 already mapped failed -16
[ 1352.424075] loop3: p28 start 1 is beyond EOD, truncated
[ 1352.430952] binder_alloc: binder_alloc_mmap_handler: 22996 20001000-20004000 already mapped failed -16
[ 1352.439275] binder: 22986:22992 transaction failed 29189/-3, size 24-8 line 2973
[ 1352.448387] binder_alloc: binder_alloc_mmap_handler: 22996 20ffd000-21000000 already mapped failed -16
[ 1352.450648] loop3: p29 start 1 is beyond EOD, truncated
[ 1352.465919] binder: 22986:22990 got transaction to invalid handle
[ 1352.472412] loop3: p30 start 1 is beyond EOD, truncated
[ 1352.478689] loop3: p31 start 1 is beyond EOD, truncated
[ 1352.484448] binder: undelivered TRANSACTION_ERROR: 29189
[ 1352.490722] binder: send failed reply for transaction 6281, target dead
[ 1352.498703] binder: 22986:22990 transaction failed 29201/-22, size 0-0 line 2834
[ 1352.506652] loop3: p32 start 1 is beyond EOD, truncated
[ 1352.513543] loop3: p33 start 1 is beyond EOD, truncated
[ 1352.520523] binder: undelivered TRANSACTION_ERROR: 29189
[ 1352.525295] loop3: p34 start 1 is beyond EOD, truncated
[ 1352.534326] binder: undelivered TRANSACTION_ERROR: 29201
[ 1352.560189] loop3: p35 start 1 is beyond EOD, truncated
[ 1352.579062] loop3: p36 start 1 is beyond EOD, truncated
[ 1352.604845] loop3: p37 start 1 is beyond EOD, truncated
[ 1352.611151] loop3: p38 start 1 is beyond EOD, truncated
[ 1352.622672] loop3: p39 start 1 is beyond EOD, truncated
[ 1352.628836] loop3: p40 start 1 is beyond EOD, truncated
[ 1352.634402] loop3: p41 start 1 is beyond EOD, truncated
[ 1352.641180] loop3: p42 start 1 is beyond EOD, truncated
[ 1352.646990] loop3: p43 start 1 is beyond EOD, truncated
[ 1352.658664] loop3: p44 start 1 is beyond EOD, truncated
[ 1352.669880] loop3: p45 start 1 is beyond EOD, truncated
[ 1352.675836] loop3: p46 start 1 is beyond EOD, truncated
[ 1352.681411] loop3: p47 start 1 is beyond EOD, truncated
[ 1352.687028] loop3: p48 start 1 is beyond EOD, truncated
[ 1352.692740] loop3: p49 start 1 is beyond EOD, truncated
[ 1352.698520] loop3: p50 start 1 is beyond EOD, truncated
[ 1352.704219] loop3: p51 start 1 is beyond EOD, truncated
[ 1352.709816] loop3: p52 start 1 is beyond EOD, truncated
[ 1352.715590] loop3: p53 start 1 is beyond EOD, truncated
[ 1352.721064] loop3: p54 start 1 is beyond EOD, truncated
[ 1352.726570] loop3: p55 start 1 is beyond EOD, truncated
[ 1352.731938] loop3: p56 start 1 is beyond EOD, truncated
[ 1352.737459] loop3: p57 start 1 is beyond EOD, truncated
[ 1352.742841] loop3: p58 start 1 is beyond EOD, truncated
[ 1352.748268] loop3: p59 start 1 is beyond EOD, truncated
[ 1352.753655] loop3: p60 start 1 is beyond EOD, truncated
[ 1352.759088] loop3: p61 start 1 is beyond EOD, truncated
[ 1352.764458] loop3: p62 start 1 is beyond EOD, truncated
[ 1352.770728] loop3: p63 start 1 is beyond EOD, truncated
[ 1352.776167] loop3: p64 start 1 is beyond EOD, truncated
[ 1352.781543] loop3: p65 start 1 is beyond EOD, truncated
[ 1352.786972] loop3: p66 start 1 is beyond EOD, truncated
[ 1352.792368] loop3: p67 start 1 is beyond EOD, truncated
[ 1352.797800] loop3: p68 start 1 is beyond EOD, truncated
[ 1352.803184] loop3: p69 start 1 is beyond EOD, truncated
[ 1352.808612] loop3: p70 start 1 is beyond EOD, truncated
[ 1352.813990] loop3: p71 start 1 is beyond EOD, truncated
[ 1352.819415] loop3: p72 start 1 is beyond EOD, truncated
[ 1352.824834] loop3: p73 start 1 is beyond EOD, truncated
[ 1352.830191] loop3: p74 start 1 is beyond EOD, truncated
[ 1352.835599] loop3: p75 start 1 is beyond EOD, truncated
[ 1352.840994] loop3: p76 start 1 is beyond EOD, truncated
[ 1352.846484] loop3: p77 start 1 is beyond EOD, truncated
[ 1352.851852] loop3: p78 start 1 is beyond EOD, truncated
[ 1352.857258] loop3: p79 start 1 is beyond EOD, truncated
[ 1352.862652] loop3: p80 start 1 is beyond EOD, truncated
[ 1352.868062] loop3: p81 start 1 is beyond EOD, truncated
[ 1352.873451] loop3: p82 start 1 is beyond EOD, truncated
[ 1352.878982] loop3: p83 start 1 is beyond EOD, truncated
[ 1352.884356] loop3: p84 start 1 is beyond EOD, truncated
[ 1352.889789] loop3: p85 start 1 is beyond EOD, truncated
[ 1352.895946] loop3: p86 start 1 is beyond EOD, truncated
[ 1352.901441] loop3: p87 start 1 is beyond EOD, truncated
[ 1352.906962] loop3: p88 start 1 is beyond EOD, truncated
[ 1352.912333] loop3: p89 start 1 is beyond EOD, truncated
[ 1352.917742] loop3: p90 start 1 is beyond EOD, truncated
[ 1352.923137] loop3: p91 start 1 is beyond EOD, truncated
[ 1352.928617] loop3: p92 start 1 is beyond EOD, truncated
[ 1352.934010] loop3: p93 start 1 is beyond EOD, truncated
[ 1352.939433] loop3: p94 start 1 is beyond EOD, truncated
[ 1352.944866] loop3: p95 start 1 is beyond EOD, truncated
[ 1352.950241] loop3: p96 start 1 is beyond EOD, truncated
[ 1352.955872] loop3: p97 start 1 is beyond EOD, truncated
[ 1352.961257] loop3: p98 start 1 is beyond EOD, truncated
[ 1352.966753] loop3: p99 start 1 is beyond EOD, truncated
[ 1352.972136] loop3: p100 start 1 is beyond EOD, truncated
[ 1352.977658] loop3: p101 start 1 is beyond EOD, truncated
[ 1352.983114] loop3: p102 start 1 is beyond EOD, truncated
[ 1352.988634] loop3: p103 start 1 is beyond EOD, truncated
[ 1352.994099] loop3: p104 start 1 is beyond EOD, truncated
[ 1352.999614] loop3: p105 start 1 is beyond EOD, truncated
[ 1353.005119] loop3: p106 start 1 is beyond EOD, truncated
[ 1353.010560] loop3: p107 start 1 is beyond EOD, truncated
[ 1353.016084] loop3: p108 start 1 is beyond EOD, truncated
[ 1353.021541] loop3: p109 start 1 is beyond EOD, truncated
[ 1353.027087] loop3: p110 start 1 is beyond EOD, truncated
[ 1353.032578] loop3: p111 start 1 is beyond EOD, truncated
[ 1353.038108] loop3: p112 start 1 is beyond EOD, truncated
[ 1353.043563] loop3: p113 start 1 is beyond EOD, truncated
[ 1353.049062] loop3: p114 start 1 is beyond EOD, truncated
[ 1353.054533] loop3: p115 start 1 is beyond EOD, truncated
[ 1353.060042] loop3: p116 start 1 is beyond EOD, truncated
[ 1353.065559] loop3: p117 start 1 is beyond EOD, truncated
[ 1353.070998] loop3: p118 start 1 is beyond EOD, truncated
[ 1353.076491] loop3: p119 start 1 is beyond EOD, truncated
[ 1353.081961] loop3: p120 start 1 is beyond EOD, truncated
[ 1353.087475] loop3: p121 start 1 is beyond EOD, truncated
[ 1353.092942] loop3: p122 start 1 is beyond EOD, truncated
[ 1353.098499] loop3: p123 start 1 is beyond EOD, truncated
[ 1353.103969] loop3: p124 start 1 is beyond EOD, truncated
[ 1353.109515] loop3: p125 start 1 is beyond EOD, truncated
[ 1353.116484] loop3: p126 start 1 is beyond EOD, truncated
[ 1353.122174] loop3: p127 start 1 is beyond EOD, truncated
[ 1353.127779] loop3: p128 start 1 is beyond EOD, truncated
[ 1353.133244] loop3: p129 start 1 is beyond EOD, truncated
[ 1353.138773] loop3: p130 start 1 is beyond EOD, truncated
[ 1353.144229] loop3: p131 start 1 is beyond EOD, truncated
[ 1353.149790] loop3: p132 start 1 is beyond EOD, truncated
[ 1353.155289] loop3: p133 start 1 is beyond EOD, truncated
[ 1353.160729] loop3: p134 start 1 is beyond EOD, truncated
[ 1353.166221] loop3: p135 start 1 is beyond EOD, truncated
[ 1353.171686] loop3: p136 start 1 is beyond EOD, truncated
[ 1353.177187] loop3: p137 start 1 is beyond EOD, truncated
[ 1353.182659] loop3: p138 start 1 is beyond EOD, truncated
[ 1353.188155] loop3: p139 start 1 is beyond EOD, truncated
[ 1353.193618] loop3: p140 start 1 is beyond EOD, truncated
[ 1353.199121] loop3: p141 start 1 is beyond EOD, truncated
[ 1353.204633] loop3: p142 start 1 is beyond EOD, truncated
[ 1353.210087] loop3: p143 start 1 is beyond EOD, truncated
[ 1353.215617] loop3: p144 start 1 is beyond EOD, truncated
[ 1353.221098] loop3: p145 start 1 is beyond EOD, truncated
[ 1353.226595] loop3: p146 start 1 is beyond EOD, truncated
[ 1353.232067] loop3: p147 start 1 is beyond EOD, truncated
[ 1353.237559] loop3: p148 start 1 is beyond EOD, truncated
[ 1353.243024] loop3: p149 start 1 is beyond EOD, truncated
[ 1353.248516] loop3: p150 start 1 is beyond EOD, truncated
[ 1353.253983] loop3: p151 start 1 is beyond EOD, truncated
[ 1353.259501] loop3: p152 start 1 is beyond EOD, truncated
[ 1353.264996] loop3: p153 start 1 is beyond EOD, truncated
[ 1353.270450] loop3: p154 start 1 is beyond EOD, truncated
[ 1353.275990] loop3: p155 start 1 is beyond EOD, truncated
[ 1353.281455] loop3: p156 start 1 is beyond EOD, truncated
[ 1353.286990] loop3: p157 start 1 is beyond EOD, truncated
[ 1353.292495] loop3: p158 start 1 is beyond EOD, truncated
[ 1353.297999] loop3: p159 start 1 is beyond EOD, truncated
[ 1353.303470] loop3: p160 start 1 is beyond EOD, truncated
[ 1353.308970] loop3: p161 start 1 is beyond EOD, truncated
[ 1353.314435] loop3: p162 start 1 is beyond EOD, truncated
[ 1353.319935] loop3: p163 start 1 is beyond EOD, truncated
[ 1353.325465] loop3: p164 start 1 is beyond EOD, truncated
[ 1353.330948] loop3: p165 start 1 is beyond EOD, truncated
[ 1353.336454] loop3: p166 start 1 is beyond EOD, truncated
[ 1353.341926] loop3: p167 start 1 is beyond EOD, truncated
[ 1353.347443] loop3: p168 start 1 is beyond EOD, truncated
[ 1353.352899] loop3: p169 start 1 is beyond EOD, truncated
[ 1353.358426] loop3: p170 start 1 is beyond EOD, truncated
[ 1353.363910] loop3: p171 start 1 is beyond EOD, truncated
[ 1353.369419] loop3: p172 start 1 is beyond EOD, truncated
[ 1353.374914] loop3: p173 start 1 is beyond EOD, truncated
[ 1353.380357] loop3: p174 start 1 is beyond EOD, truncated
[ 1353.385850] loop3: p175 start 1 is beyond EOD, truncated
[ 1353.391338] loop3: p176 start 1 is beyond EOD, truncated
[ 1353.396840] loop3: p177 start 1 is beyond EOD, truncated
[ 1353.402336] loop3: p178 start 1 is beyond EOD, truncated
[ 1353.407836] loop3: p179 start 1 is beyond EOD, truncated
[ 1353.413319] loop3: p180 start 1 is beyond EOD, truncated
[ 1353.418820] loop3: p181 start 1 is beyond EOD, truncated
[ 1353.424283] loop3: p182 start 1 is beyond EOD, truncated
[ 1353.429775] loop3: p183 start 1 is beyond EOD, truncated
[ 1353.435307] loop3: p184 start 1 is beyond EOD, truncated
[ 1353.440759] loop3: p185 start 1 is beyond EOD, truncated
[ 1353.446271] loop3: p186 start 1 is beyond EOD, truncated
[ 1353.451775] loop3: p187 start 1 is beyond EOD, truncated
[ 1353.457294] loop3: p188 start 1 is beyond EOD, truncated
[ 1353.462764] loop3: p189 start 1 is beyond EOD, truncated
[ 1353.468258] loop3: p190 start 1 is beyond EOD, truncated
[ 1353.473735] loop3: p191 start 1 is beyond EOD, truncated
[ 1353.479270] loop3: p192 start 1 is beyond EOD, truncated
[ 1353.484763] loop3: p193 start 1 is beyond EOD, truncated
[ 1353.490202] loop3: p194 start 1 is beyond EOD, truncated
[ 1353.495714] loop3: p195 start 1 is beyond EOD, truncated
[ 1353.501172] loop3: p196 start 1 is beyond EOD, truncated
[ 1353.506903] loop3: p197 start 1 is beyond EOD, truncated
[ 1353.512361] loop3: p198 start 1 is beyond EOD, truncated
[ 1353.519235] loop3: p199 start 1 is beyond EOD, truncated
[ 1353.524810] loop3: p200 start 1 is beyond EOD, truncated
[ 1353.530265] loop3: p201 start 1 is beyond EOD, truncated
[ 1353.535815] loop3: p202 start 1 is beyond EOD, truncated
[ 1353.541281] loop3: p203 start 1 is beyond EOD, truncated
[ 1353.546858] loop3: p204 start 1 is beyond EOD, truncated
[ 1353.552333] loop3: p205 start 1 is beyond EOD, truncated
[ 1353.557854] loop3: p206 start 1 is beyond EOD, truncated
[ 1353.563361] loop3: p207 start 1 is beyond EOD, truncated
[ 1353.568873] loop3: p208 start 1 is beyond EOD, truncated
[ 1353.574355] loop3: p209 start 1 is beyond EOD, truncated
[ 1353.579851] loop3: p210 start 1 is beyond EOD, truncated
[ 1353.585385] loop3: p211 start 1 is beyond EOD, truncated
[ 1353.590836] loop3: p212 start 1 is beyond EOD, truncated
[ 1353.596796] loop3: p213 start 1 is beyond EOD, truncated
[ 1353.602247] loop3: p214 start 1 is beyond EOD, truncated
[ 1353.607805] loop3: p215 start 1 is beyond EOD, truncated
[ 1353.613265] loop3: p216 start 1 is beyond EOD, truncated
[ 1353.618799] loop3: p217 start 1 is beyond EOD, truncated
[ 1353.624255] loop3: p218 start 1 is beyond EOD, truncated
[ 1353.629771] loop3: p219 start 1 is beyond EOD, truncated
[ 1353.635264] loop3: p220 start 1 is beyond EOD, truncated
[ 1353.640703] loop3: p221 start 1 is beyond EOD, truncated
[ 1353.646208] loop3: p222 start 1 is beyond EOD, truncated
[ 1353.651719] loop3: p223 start 1 is beyond EOD, truncated
[ 1353.657222] loop3: p224 start 1 is beyond EOD, truncated
[ 1353.662699] loop3: p225 start 1 is beyond EOD, truncated
[ 1353.668215] loop3: p226 start 1 is beyond EOD, truncated
[ 1353.673698] loop3: p227 start 1 is beyond EOD, truncated
[ 1353.679196] loop3: p228 start 1 is beyond EOD, truncated
[ 1353.684703] loop3: p229 start 1 is beyond EOD, truncated
[ 1353.690144] loop3: p230 start 1 is beyond EOD, truncated
[ 1353.695649] loop3: p231 start 1 is beyond EOD, truncated
[ 1353.701124] loop3: p232 start 1 is beyond EOD, truncated
[ 1353.706735] loop3: p233 start 1 is beyond EOD, truncated
[ 1353.712202] loop3: p234 start 1 is beyond EOD, truncated
[ 1353.717705] loop3: p235 start 1 is beyond EOD, truncated
[ 1353.723201] loop3: p236 start 1 is beyond EOD, truncated
[ 1353.728716] loop3: p237 start 1 is beyond EOD, truncated
[ 1353.734197] loop3: p238 start 1 is beyond EOD, truncated
[ 1353.739722] loop3: p239 start 1 is beyond EOD, truncated
[ 1353.745242] loop3: p240 start 1 is beyond EOD, truncated
[ 1353.750700] loop3: p241 start 1 is beyond EOD, truncated
[ 1353.756237] loop3: p242 start 1 is beyond EOD, truncated
[ 1353.761696] loop3: p243 start 1 is beyond EOD, truncated
[ 1353.767210] loop3: p244 start 1 is beyond EOD, truncated
[ 1353.772690] loop3: p245 start 1 is beyond EOD, truncated
[ 1353.778211] loop3: p246 start 1 is beyond EOD, truncated
[ 1353.783681] loop3: p247 start 1 is beyond EOD, truncated
[ 1353.789186] loop3: p248 start 1 is beyond EOD, truncated
[ 1353.794720] loop3: p249 start 1 is beyond EOD, truncated
[ 1353.800163] loop3: p250 start 1 is beyond EOD, truncated
[ 1353.805689] loop3: p251 start 1 is beyond EOD, truncated
[ 1353.811144] loop3: p252 start 1 is beyond EOD, truncated
[ 1353.816646] loop3: p253 start 1 is beyond EOD, truncated
[ 1353.822121] loop3: p254 start 1 is beyond EOD, truncated
[ 1353.827620] loop3: p255 start 1 is beyond EOD, truncated
[ 1353.965183] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
[ 1353.973118] print_req_error: 1 callbacks suppressed
[ 1353.973128] print_req_error: I/O error, dev loop3, sector 0
[ 1353.978573] print_req_error: I/O error, dev loop3, sector 0
[ 1353.989801] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1353.997322] print_req_error: I/O error, dev loop3, sector 0
[ 1354.003073] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1354.010638] print_req_error: I/O error, dev loop3, sector 0
[ 1354.016546] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1354.023967] print_req_error: I/O error, dev loop3, sector 0
[ 1354.029756] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1354.037371] print_req_error: I/O error, dev loop3, sector 0
[ 1354.043120] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1354.050615] print_req_error: I/O error, dev loop3, sector 0
[ 1354.056427] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1354.063827] print_req_error: I/O error, dev loop3, sector 0
[ 1354.069642] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1354.077201] print_req_error: I/O error, dev loop3, sector 0
[ 1354.082929] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1354.090514] print_req_error: I/O error, dev loop3, sector 0
[ 1354.096273] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1354.103753] Buffer I/O error on dev loop3p2, logical block 0, async page read
21:37:26 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x460a000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:26 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x6c000000)

21:37:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:26 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x1, 0xfffffffffffffdfc)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x50b)
write$FUSE_STATFS(r1, &(0x7f0000000040)={0x60, 0x0, 0x2, {{0x19, 0xffffffff, 0x7, 0x2, 0xe7e, 0x4, 0x6}}}, 0x60)
ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f00000000c0))

21:37:26 executing program 3:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1355.260981] binder: release 23023:23029 transaction 6288 out, still active
[ 1355.269216] binder_alloc: 23023: binder_alloc_buf, no vma
[ 1355.275725] binder: unexpected work type, 4, not freed
[ 1355.282973] binder: 23023:23029 transaction failed 29189/-3, size 0-0 line 2973
[ 1355.291863] binder: undelivered TRANSACTION_COMPLETE
[ 1355.302097] binder_alloc: binder_alloc_mmap_handler: 23023 20001000-20004000 already mapped failed -16
[ 1355.319700]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
21:37:26 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1090048}, 0xc, &(0x7f0000000080)={&(0x7f00000014c0)=ANY=[@ANYBLOB="2803009600", @ANYRES16=r1, @ANYBLOB="08092cbd7000fedbdf25150000000c0009000800010001800000100007000c0003000100000000000000240007000c000400070000000000000008000100050000000c0003000200000000000000cc00010008000300020000001c0002000800020007000000080003001f000000080002000400000044000400200001000a004e24030000000000000000000000000000000000000077000000200002000a004e237fc20000fe8000000000000000000000000000bb92ffffff14000200080001001d0000000800020000080000100001007564703a73797a30000000002c0004001400010002004e23000000b400000000000000001400020002004e230000000000000000000000000800030009000000080003000900000050010100240002000800020001000000080001001f000000080001000900000008000100140000000800030006000000380004001400010002004e23000000060000000000000000200002000a004e240400000000000000000000000000000000000000050000004c000200080001000d00000008000300040000000800040000800000080001000800000008000200000800000800040034b8200a080001001000000008000300070000000800030000000080380004001400010002004e24ac1414aa0000000000000000200002000a000009100d000000000000000000000000ffffac1414bb080000000c0001006574683a65716c00100001007564703a73797a32000000000800030000000100380004001400010002004e23ac1414aa0000000000000000200002000a004e2202000000000000000000000000000000000000010200000008000300f7ffffffb80005004c00020008000300030000000800030001800000080001001b000000080002000100010008000300020000000800010008000000080004000300000008000200b3000000080001001a0000002400020008000400010000000800020007000000080001000c00000008000100190000003400020008000200ff03000008000300ff01000008000300ff0f00000800020000000000080001001a000000080003000000000008000100696200000800010065746800"], 0x328}, 0x1, 0x0, 0x0, 0x800}, 0xc1)

[ 1355.319715] loop3: partition table partially beyond EOD, 
[ 1355.337385] binder_alloc: binder_alloc_mmap_handler: 23021 20ffd000-21000000 already mapped failed -16
[ 1355.436997] binder: BINDER_SET_CONTEXT_MGR already set
[ 1355.442470] binder: 23023:23029 ioctl 40046207 0 returned -16
[ 1355.456421] binder_alloc: 23023: binder_alloc_buf, no vma
21:37:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xf]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1355.457796] truncated
[ 1355.465793] loop3: p1 start 1 is beyond EOD, truncated
[ 1355.471489] loop3: p2 size 2 extends beyond EOD, truncated
[ 1355.479914] loop3: p3 start 201 is beyond EOD, truncated
[ 1355.490183] loop3: p4 start 301 is beyond EOD, truncated
[ 1355.502251] binder: 23023:23036 got transaction to invalid handle
[ 1355.511098] loop3: p5 start 1 is beyond EOD, truncated
[ 1355.516695] binder: 23023:23040 transaction failed 29189/-3, size 24-8 line 2973
[ 1355.524916] binder: 23023:23036 transaction failed 29201/-22, size 0-0 line 2834
[ 1355.537209] loop3: p6 start 1 is beyond EOD, truncated
[ 1355.550117] loop3: p7 start 1 is beyond EOD, truncated
[ 1355.558721] binder: undelivered TRANSACTION_ERROR: 29189
[ 1355.564332] binder: send failed reply for transaction 6288, target dead
[ 1355.572434] loop3: p8 start 1 is beyond EOD, truncated
[ 1355.578573] binder: undelivered TRANSACTION_ERROR: 29201
[ 1355.584243] loop3: p9 start 1 is beyond EOD, truncated
[ 1355.590249] loop3: p10 start 1 is beyond EOD, truncated
[ 1355.596964] loop3: p11 start 1 is beyond EOD, truncated
[ 1355.602668] loop3: p12 start 1 is beyond EOD, truncated
21:37:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x3]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1355.609031] loop3: p13 start 1 is beyond EOD, truncated
[ 1355.611732] binder: undelivered TRANSACTION_ERROR: 29189
[ 1355.627712] loop3: p14 start 1 is beyond EOD, truncated
[ 1355.633422] loop3: p15 start 1 is beyond EOD, truncated
[ 1355.639563] loop3: p16 start 1 is beyond EOD, truncated
[ 1355.646057] loop3: p17 start 1 is beyond EOD, truncated
[ 1355.662078] loop3: p18 start 1 is beyond EOD, truncated
[ 1355.667866] loop3: p19 start 1 is beyond EOD, truncated
[ 1355.674502] binder_alloc: binder_alloc_mmap_handler: 23021 20001000-20004000 already mapped failed -16
[ 1355.684410] loop3: p20 start 1 is beyond EOD, truncated
[ 1355.697671] binder_alloc: binder_alloc_mmap_handler: 23021 20ffd000-21000000 already mapped failed -16
21:37:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000180)='/dev/swradio#\x00', 0x1, 0x2)
syz_open_dev$binder(&(0x7f0000000200)='/dev/binder#\x00', 0x0, 0x800)
r3 = syz_open_dev$cec(&(0x7f00000001c0)='/dev/cec#\x00', 0x0, 0x2)
ioctl$VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f0000000280)={0xa, 0xc408, 0x8, 0x4000, <r4=>r3})
ioctl$FS_IOC_SETFSLABEL(r4, 0x41009432, &(0x7f0000000940)="1bfc01d5c252b76583f6fa414e7111864f2235869389bdf13fb4e7bed7e2f5a31c460ad45aa548a92dbd8670cd7e10a84613e22c2965dd2217b6824de846c450dd27dd76c37e6bbd2f5a86ceb14d0f1536fbec55aa1263c8e57946e2170673372949ebb8a2c96cd69d2bf55d6cb25dfbd52e839d42902c2d15e2d43bdb5df177535ed404a2d8745ab8f05401df6f2229e6f3b04e92f12ff2304cb7b8d0d1f0dc76f63b07ac7032c4376d1278dfd4f96057b7fd05d0c57246f23794357dc3d919df9597fe177084f2406cc512d6bd6774cf4c4aa6477c4bb1271a2121cfd5073901aedf5ddc6c8d90d83e5a875a2d2080a12560c22d00f5e1985de71cd46cd312")
ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000380)={0xffffffffffffffaf, 0x4, 0x9, 0xfffffffffffff78f, 0x8, 0x7ff, 0x40, 0x1, 0x7, 0x7fff, 0x3f, 0xff})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x81010, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000002c0)={0x7, 0x0, 0xffffffff80000005})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f00000005c0)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB="37a24fa1150000000000000000"], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x4000, 0x0)
r5 = creat(&(0x7f00000003c0)='./file0\x00', 0x63)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000400)=<r6=>0x0)
syz_mount_image$nfs4(&(0x7f0000000600)='nfs4\x00', &(0x7f0000000640)='./file0\x00', 0x5, 0x3, &(0x7f0000000880)=[{&(0x7f0000000680)="6622f2dabfbc03599e00d110161e709c66a6923dd019dfbb7da3f8cabb5f92e75c8a200a786996a24f6a41ffb1ce2aa72d8dc1ada002971a8724cb35d85211aed6f9e2c92ceb4155c23768778ff7e4277e00c9eaccfe16fdf8252b3dcb28b5da21ced558dc20c18740595ab08b6bff97239a97ca28eeb94fd9fe48e451981a7ca53614e92af44dc559d56f520aa283b6ab4e63dc6543816176e3c12365417f49bac77c72d2745f", 0xa7, 0x9}, {&(0x7f0000000740)="1e522d55f05d7977850042abff2fcc5b0e7df4239583f31c90a0223b9b717968bb732ac5f9e94b43ca744467424a8a319c3877e51350eec5f1b125685273374b451ea11fdaddc5226801ce2c20aea2a95eaaf6ba9011d22fdc1680cc57da6fbfb596c9d84e2a13107ed82d03736b9772cbe1a0dba9bfdd94ab4b3f731f4f03f6fff689fcaf82eda045f8bbf71a9fb73b06c19018abbd121b34f919e83debbf6d7cb248009d3574fabfd43291c255ea1b8aae6ea29e084a2b750c55c835cf6049ef2d97c6598645d3a7d1c6adbf649a904084b73233f7c93c30d9399bec203443609a52b396eed78ad36095a0e08c0e18eec448ebf0685d", 0xf7, 0x2}, {&(0x7f0000000840)="fb4df9534c77f9e7777a6e86022ce02291401ac0f0900432c6514b617949ae5dc61b", 0x22, 0x4}], 0x1000000, &(0x7f0000000900)='\x00')
stat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fstat(r3, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000580)={r6, r7, r8}, 0xc)
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040010000000000000000000000004000000000009a865cad7103000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x0, 0x0, 0x0})

[ 1355.713511] loop3: p21 start 1 is beyond EOD, truncated
[ 1355.727044] loop3: p22 start 1 is beyond EOD, truncated
[ 1355.764872] loop3: p23 start 1 is beyond EOD, truncated
21:37:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x10]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1355.786144] loop3: p24 start 1 is beyond EOD, truncated
[ 1355.804923] loop3: p25 start 1 is beyond EOD, truncated
[ 1355.811741] loop3: p26 start 1 is beyond EOD, truncated
[ 1355.822566] loop3: p27 start 1 is beyond EOD, truncated
[ 1355.828202] loop3: p28 start 1 is beyond EOD, truncated
21:37:26 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x68000000)

[ 1355.843088] loop3: p29 start 1 is beyond EOD, truncated
[ 1355.852755] loop3: p30 start 1 is beyond EOD, truncated
[ 1355.858445] loop3: p31 start 1 is beyond EOD, truncated
[ 1355.868541] loop3: p32 start 1 is beyond EOD, truncated
[ 1355.874162] loop3: p33 start 1 is beyond EOD, truncated
[ 1355.883033] loop3: p34 start 1 is beyond EOD, truncated
[ 1355.888767] loop3: p35 start 1 is beyond EOD, truncated
[ 1355.890442] binder_alloc: 23058: binder_alloc_buf, no vma
[ 1355.894360] loop3: p36 start 1 is beyond EOD, truncated
[ 1355.905949] loop3: p37 start 1 is beyond EOD, truncated
[ 1355.911571] loop3: p38 start 1 is beyond EOD, truncated
[ 1355.917350] loop3: p39 start 1 is beyond EOD, truncated
[ 1355.929090] binder: 23058:23059 transaction failed 29189/-3, size 24-8 line 2973
[ 1355.929399] loop3: p40 start 1 is beyond EOD, truncated
[ 1355.950531] loop3: p41 start 1 is beyond EOD, truncated
[ 1355.959793] loop3: p42 start 1 is beyond EOD, truncated
[ 1355.965608] loop3: p43 start 1 is beyond EOD, truncated
[ 1355.971762] loop3: p44 start 1 is beyond EOD, truncated
[ 1355.977405] loop3: p45 start 1 is beyond EOD, truncated
[ 1355.977418] loop3: p46 start 1 is beyond EOD, truncated
[ 1355.977430] loop3: p47 start 1 is beyond EOD, truncated
[ 1355.977448] loop3: p48 start 1 is beyond EOD, truncated
[ 1355.988520] loop3: p49 start 1 is beyond EOD, truncated
[ 1355.998072] binder: undelivered TRANSACTION_ERROR: 29189
[ 1355.999708] loop3: p50 start 1 is beyond EOD, truncated
[ 1356.015846] binder: 23058:23059 got transaction to invalid handle
[ 1356.023832] binder: 23058:23059 transaction failed 29201/-22, size 0-0 line 2834
[ 1356.025258] loop3: p51 start 1 is beyond EOD, truncated
[ 1356.066446] loop3: p52 start 1 is beyond EOD, truncated
[ 1356.075130] loop3: p53 start 1 is beyond EOD, truncated
[ 1356.088571] binder: BINDER_SET_CONTEXT_MGR already set
[ 1356.094164] loop3: p54 start 1 is beyond EOD, truncated
[ 1356.100275] binder: 23058:23065 ioctl 40046207 0 returned -16
[ 1356.103214] loop3: p55 start 1 is beyond EOD, truncated
[ 1356.112311] binder_alloc: 23058: binder_alloc_buf, no vma
[ 1356.134377] binder: undelivered TRANSACTION_ERROR: 29189
[ 1356.138455] loop3: p56 start 1 is beyond EOD, truncated
[ 1356.140752] binder: 23058:23065 got transaction to invalid handle
[ 1356.145278] loop3: p57 start 1 is beyond EOD, truncated
[ 1356.145292] loop3: p58 start 1 is beyond EOD, truncated
[ 1356.145304] loop3: p59 start 1 is beyond EOD, truncated
[ 1356.145317] loop3: p60 start 1 is beyond EOD, truncated
[ 1356.145329] loop3: p61 start 1 is beyond EOD, truncated
[ 1356.145340] loop3: p62 start 1 is beyond EOD, truncated
[ 1356.145352] loop3: p63 start 1 is beyond EOD, truncated
[ 1356.145364] loop3: p64 start 1 is beyond EOD, truncated
[ 1356.145375] loop3: p65 start 1 is beyond EOD, truncated
[ 1356.219608] loop3: p66 start 1 is beyond EOD, truncated
[ 1356.230250] loop3: p67 start 1 is beyond EOD, truncated
[ 1356.235837] loop3: p68 start 1 is beyond EOD, truncated
[ 1356.241368] loop3: p69 start 1 is beyond EOD, truncated
[ 1356.251504] loop3: p70 start 1 is beyond EOD, truncated
[ 1356.257492] loop3: p71 start 1 is beyond EOD, truncated
[ 1356.262942] loop3: p72 start 1 is beyond EOD, truncated
[ 1356.268376] loop3: p73 start 1 is beyond EOD, truncated
[ 1356.273770] loop3: p74 start 1 is beyond EOD, truncated
[ 1356.279256] loop3: p75 start 1 is beyond EOD, truncated
[ 1356.284709] loop3: p76 start 1 is beyond EOD, truncated
[ 1356.290081] loop3: p77 start 1 is beyond EOD, truncated
[ 1356.295501] loop3: p78 start 1 is beyond EOD, truncated
[ 1356.300889] loop3: p79 start 1 is beyond EOD, truncated
[ 1356.306299] loop3: p80 start 1 is beyond EOD, truncated
[ 1356.311696] loop3: p81 start 1 is beyond EOD, truncated
[ 1356.317103] loop3: p82 start 1 is beyond EOD, truncated
[ 1356.322521] loop3: p83 start 1 is beyond EOD, truncated
[ 1356.327968] loop3: p84 start 1 is beyond EOD, truncated
[ 1356.333336] loop3: p85 start 1 is beyond EOD, truncated
[ 1356.338768] loop3: p86 start 1 is beyond EOD, truncated
[ 1356.344144] loop3: p87 start 1 is beyond EOD, truncated
[ 1356.349578] loop3: p88 start 1 is beyond EOD, truncated
[ 1356.355035] loop3: p89 start 1 is beyond EOD, truncated
[ 1356.360413] loop3: p90 start 1 is beyond EOD, truncated
[ 1356.365868] loop3: p91 start 1 is beyond EOD, truncated
[ 1356.371469] loop3: p92 start 1 is beyond EOD, truncated
[ 1356.376922] loop3: p93 start 1 is beyond EOD, truncated
[ 1356.382476] loop3: p94 start 1 is beyond EOD, truncated
[ 1356.387964] loop3: p95 start 1 is beyond EOD, truncated
[ 1356.393345] loop3: p96 start 1 is beyond EOD, truncated
[ 1356.398967] loop3: p97 start 1 is beyond EOD, truncated
[ 1356.404353] loop3: p98 start 1 is beyond EOD, truncated
[ 1356.409809] loop3: p99 start 1 is beyond EOD, truncated
[ 1356.415236] loop3: p100 start 1 is beyond EOD, truncated
[ 1356.420694] loop3: p101 start 1 is beyond EOD, truncated
[ 1356.426184] loop3: p102 start 1 is beyond EOD, truncated
[ 1356.431651] loop3: p103 start 1 is beyond EOD, truncated
[ 1356.437143] loop3: p104 start 1 is beyond EOD, truncated
[ 1356.442637] loop3: p105 start 1 is beyond EOD, truncated
[ 1356.448144] loop3: p106 start 1 is beyond EOD, truncated
[ 1356.453614] loop3: p107 start 1 is beyond EOD, truncated
[ 1356.459118] loop3: p108 start 1 is beyond EOD, truncated
[ 1356.464663] loop3: p109 start 1 is beyond EOD, truncated
[ 1356.470121] loop3: p110 start 1 is beyond EOD, truncated
[ 1356.475702] loop3: p111 start 1 is beyond EOD, truncated
[ 1356.481165] loop3: p112 start 1 is beyond EOD, truncated
[ 1356.486718] loop3: p113 start 1 is beyond EOD, truncated
[ 1356.492176] loop3: p114 start 1 is beyond EOD, truncated
[ 1356.497714] loop3: p115 start 1 is beyond EOD, truncated
[ 1356.503178] loop3: p116 start 1 is beyond EOD, truncated
[ 1356.508678] loop3: p117 start 1 is beyond EOD, truncated
[ 1356.514151] loop3: p118 start 1 is beyond EOD, truncated
[ 1356.519671] loop3: p119 start 1 is beyond EOD, truncated
[ 1356.525176] loop3: p120 start 1 is beyond EOD, truncated
[ 1356.530619] loop3: p121 start 1 is beyond EOD, truncated
[ 1356.536119] loop3: p122 start 1 is beyond EOD, truncated
[ 1356.541587] loop3: p123 start 1 is beyond EOD, truncated
[ 1356.547081] loop3: p124 start 1 is beyond EOD, truncated
[ 1356.552559] loop3: p125 start 1 is beyond EOD, truncated
[ 1356.558216] loop3: p126 start 1 is beyond EOD, truncated
[ 1356.563678] loop3: p127 start 1 is beyond EOD, truncated
[ 1356.569200] loop3: p128 start 1 is beyond EOD, truncated
[ 1356.574701] loop3: p129 start 1 is beyond EOD, truncated
[ 1356.580174] loop3: p130 start 1 is beyond EOD, truncated
[ 1356.585682] loop3: p131 start 1 is beyond EOD, truncated
[ 1356.591139] loop3: p132 start 1 is beyond EOD, truncated
[ 1356.596642] loop3: p133 start 1 is beyond EOD, truncated
[ 1356.602112] loop3: p134 start 1 is beyond EOD, truncated
[ 1356.607603] loop3: p135 start 1 is beyond EOD, truncated
[ 1356.613086] loop3: p136 start 1 is beyond EOD, truncated
[ 1356.618597] loop3: p137 start 1 is beyond EOD, truncated
[ 1356.624079] loop3: p138 start 1 is beyond EOD, truncated
[ 1356.629584] loop3: p139 start 1 is beyond EOD, truncated
[ 1356.635143] loop3: p140 start 1 is beyond EOD, truncated
[ 1356.640584] loop3: p141 start 1 is beyond EOD, truncated
[ 1356.646084] loop3: p142 start 1 is beyond EOD, truncated
[ 1356.651540] loop3: p143 start 1 is beyond EOD, truncated
[ 1356.657030] loop3: p144 start 1 is beyond EOD, truncated
[ 1356.662501] loop3: p145 start 1 is beyond EOD, truncated
[ 1356.667996] loop3: p146 start 1 is beyond EOD, truncated
[ 1356.673460] loop3: p147 start 1 is beyond EOD, truncated
[ 1356.678968] loop3: p148 start 1 is beyond EOD, truncated
[ 1356.684433] loop3: p149 start 1 is beyond EOD, truncated
[ 1356.689948] loop3: p150 start 1 is beyond EOD, truncated
[ 1356.695471] loop3: p151 start 1 is beyond EOD, truncated
[ 1356.700927] loop3: p152 start 1 is beyond EOD, truncated
[ 1356.706480] loop3: p153 start 1 is beyond EOD, truncated
[ 1356.711954] loop3: p154 start 1 is beyond EOD, truncated
[ 1356.717484] loop3: p155 start 1 is beyond EOD, truncated
[ 1356.722938] loop3: p156 start 1 is beyond EOD, truncated
[ 1356.728447] loop3: p157 start 1 is beyond EOD, truncated
[ 1356.733916] loop3: p158 start 1 is beyond EOD, truncated
[ 1356.739429] loop3: p159 start 1 is beyond EOD, truncated
[ 1356.745010] loop3: p160 start 1 is beyond EOD, truncated
[ 1356.750455] loop3: p161 start 1 is beyond EOD, truncated
[ 1356.755954] loop3: p162 start 1 is beyond EOD, truncated
[ 1356.761424] loop3: p163 start 1 is beyond EOD, truncated
[ 1356.766939] loop3: p164 start 1 is beyond EOD, truncated
[ 1356.772397] loop3: p165 start 1 is beyond EOD, truncated
[ 1356.777896] loop3: p166 start 1 is beyond EOD, truncated
[ 1356.783416] loop3: p167 start 1 is beyond EOD, truncated
[ 1356.788929] loop3: p168 start 1 is beyond EOD, truncated
[ 1356.794455] loop3: p169 start 1 is beyond EOD, truncated
[ 1356.800252] loop3: p170 start 1 is beyond EOD, truncated
[ 1356.805765] loop3: p171 start 1 is beyond EOD, truncated
[ 1356.811235] loop3: p172 start 1 is beyond EOD, truncated
[ 1356.816754] loop3: p173 start 1 is beyond EOD, truncated
[ 1356.822211] loop3: p174 start 1 is beyond EOD, truncated
[ 1356.827721] loop3: p175 start 1 is beyond EOD, truncated
[ 1356.833191] loop3: p176 start 1 is beyond EOD, truncated
[ 1356.838761] loop3: p177 start 1 is beyond EOD, truncated
[ 1356.844218] loop3: p178 start 1 is beyond EOD, truncated
[ 1356.849721] loop3: p179 start 1 is beyond EOD, truncated
[ 1356.855211] loop3: p180 start 1 is beyond EOD, truncated
[ 1356.860668] loop3: p181 start 1 is beyond EOD, truncated
[ 1356.866165] loop3: p182 start 1 is beyond EOD, truncated
[ 1356.871673] loop3: p183 start 1 is beyond EOD, truncated
[ 1356.877359] loop3: p184 start 1 is beyond EOD, truncated
[ 1356.882820] loop3: p185 start 1 is beyond EOD, truncated
[ 1356.888350] loop3: p186 start 1 is beyond EOD, truncated
[ 1356.893808] loop3: p187 start 1 is beyond EOD, truncated
[ 1356.899349] loop3: p188 start 1 is beyond EOD, truncated
[ 1356.904845] loop3: p189 start 1 is beyond EOD, truncated
[ 1356.910304] loop3: p190 start 1 is beyond EOD, truncated
[ 1356.915794] loop3: p191 start 1 is beyond EOD, truncated
[ 1356.921266] loop3: p192 start 1 is beyond EOD, truncated
[ 1356.926782] loop3: p193 start 1 is beyond EOD, truncated
[ 1356.932239] loop3: p194 start 1 is beyond EOD, truncated
[ 1356.937735] loop3: p195 start 1 is beyond EOD, truncated
[ 1356.943225] loop3: p196 start 1 is beyond EOD, truncated
[ 1356.948739] loop3: p197 start 1 is beyond EOD, truncated
[ 1356.954212] loop3: p198 start 1 is beyond EOD, truncated
[ 1356.959734] loop3: p199 start 1 is beyond EOD, truncated
[ 1356.965226] loop3: p200 start 1 is beyond EOD, truncated
[ 1356.970700] loop3: p201 start 1 is beyond EOD, truncated
[ 1356.976191] loop3: p202 start 1 is beyond EOD, truncated
[ 1356.981683] loop3: p203 start 1 is beyond EOD, truncated
[ 1356.987211] loop3: p204 start 1 is beyond EOD, truncated
[ 1356.992700] loop3: p205 start 1 is beyond EOD, truncated
[ 1356.998206] loop3: p206 start 1 is beyond EOD, truncated
[ 1357.003686] loop3: p207 start 1 is beyond EOD, truncated
[ 1357.009214] loop3: p208 start 1 is beyond EOD, truncated
[ 1357.014725] loop3: p209 start 1 is beyond EOD, truncated
[ 1357.020166] loop3: p210 start 1 is beyond EOD, truncated
[ 1357.025694] loop3: p211 start 1 is beyond EOD, truncated
[ 1357.031163] loop3: p212 start 1 is beyond EOD, truncated
[ 1357.036682] loop3: p213 start 1 is beyond EOD, truncated
[ 1357.042137] loop3: p214 start 1 is beyond EOD, truncated
[ 1357.047641] loop3: p215 start 1 is beyond EOD, truncated
[ 1357.053114] loop3: p216 start 1 is beyond EOD, truncated
[ 1357.058617] loop3: p217 start 1 is beyond EOD, truncated
[ 1357.064085] loop3: p218 start 1 is beyond EOD, truncated
[ 1357.069577] loop3: p219 start 1 is beyond EOD, truncated
[ 1357.075099] loop3: p220 start 1 is beyond EOD, truncated
[ 1357.080554] loop3: p221 start 1 is beyond EOD, truncated
[ 1357.086077] loop3: p222 start 1 is beyond EOD, truncated
[ 1357.091561] loop3: p223 start 1 is beyond EOD, truncated
[ 1357.097069] loop3: p224 start 1 is beyond EOD, truncated
[ 1357.102530] loop3: p225 start 1 is beyond EOD, truncated
[ 1357.108037] loop3: p226 start 1 is beyond EOD, truncated
[ 1357.113491] loop3: p227 start 1 is beyond EOD, truncated
[ 1357.119147] loop3: p228 start 1 is beyond EOD, truncated
[ 1357.124688] loop3: p229 start 1 is beyond EOD, truncated
[ 1357.130150] loop3: p230 start 1 is beyond EOD, truncated
[ 1357.135685] loop3: p231 start 1 is beyond EOD, truncated
[ 1357.141144] loop3: p232 start 1 is beyond EOD, truncated
[ 1357.146645] loop3: p233 start 1 is beyond EOD, truncated
[ 1357.152110] loop3: p234 start 1 is beyond EOD, truncated
[ 1357.157597] loop3: p235 start 1 is beyond EOD, truncated
[ 1357.163079] loop3: p236 start 1 is beyond EOD, truncated
[ 1357.168567] loop3: p237 start 1 is beyond EOD, truncated
[ 1357.174068] loop3: p238 start 1 is beyond EOD, truncated
[ 1357.179562] loop3: p239 start 1 is beyond EOD, truncated
[ 1357.185051] loop3: p240 start 1 is beyond EOD, truncated
[ 1357.190489] loop3: p241 start 1 is beyond EOD, truncated
[ 1357.196009] loop3: p242 start 1 is beyond EOD, truncated
[ 1357.201485] loop3: p243 start 1 is beyond EOD, truncated
[ 1357.206992] loop3: p244 start 1 is beyond EOD, truncated
[ 1357.212454] loop3: p245 start 1 is beyond EOD, truncated
[ 1357.217955] loop3: p246 start 1 is beyond EOD, truncated
[ 1357.223425] loop3: p247 start 1 is beyond EOD, truncated
[ 1357.228924] loop3: p248 start 1 is beyond EOD, truncated
[ 1357.234394] loop3: p249 start 1 is beyond EOD, truncated
[ 1357.239966] loop3: p250 start 1 is beyond EOD, truncated
[ 1357.245451] loop3: p251 start 1 is beyond EOD, truncated
[ 1357.250896] loop3: p252 start 1 is beyond EOD, truncated
[ 1357.256421] loop3: p253 start 1 is beyond EOD, truncated
[ 1357.261891] loop3: p254 start 1 is beyond EOD, truncated
[ 1357.267433] loop3: p255 start 1 is beyond EOD, truncated
21:37:29 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:29 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x9effffff00000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:29 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x400000)

21:37:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x103400, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:29 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000002180), 0xfffffffffffffe4e)

21:37:29 executing program 3:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1358.353567] binder_alloc_mmap_handler: 3 callbacks suppressed
[ 1358.353598] binder_alloc: binder_alloc_mmap_handler: 23087 20ffd000-21000000 already mapped failed -16
[ 1358.373373] binder: release 23088:23094 transaction 6300 out, still active
[ 1358.381310] binder_alloc: 23088: binder_alloc_buf, no vma
[ 1358.387066] binder: unexpected work type, 4, not freed
[ 1358.396732] binder_transaction: 2 callbacks suppressed
[ 1358.396753] binder: 23088:23094 transaction failed 29189/-3, size 0-0 line 2973
[ 1358.400719]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1358.400734] loop3: partition table partially beyond EOD, 
21:37:29 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
r1 = add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)="0be37942d9513d4654fdb42970b746f7e5a7c5944d763e0e80630d65af3e93", 0x1f, 0xfffffffffffffff8)
keyctl$reject(0x13, r1, 0x4, 0x5, r1)
request_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='/dev/usbmon#\x00', r1)
read$FUSE(r0, &(0x7f0000001180), 0x1000)

[ 1358.403689] binder: undelivered TRANSACTION_COMPLETE
[ 1358.432921] truncated
[ 1358.511353] binder: BINDER_SET_CONTEXT_MGR already set
21:37:29 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x1100000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1358.545091] binder_alloc: binder_alloc_mmap_handler: 23087 20ffd000-21000000 already mapped failed -16
[ 1358.547237] binder: 23088:23097 ioctl 40046207 0 returned -16
[ 1358.561171] binder_alloc: binder_alloc_mmap_handler: 23087 20001000-20004000 already mapped failed -16
[ 1358.570970] binder_alloc: 23088: binder_alloc_buf, no vma
[ 1358.577404] loop3: p1 start 1 is beyond EOD, truncated
[ 1358.586975] binder: 23088:23094 transaction failed 29189/-3, size 24-8 line 2973
21:37:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/icmp6\x00')
sendto$inet6(r2, &(0x7f0000000180)="6f5080614870394b403c59cbfec0bd03cd742567cf9e96e72fe9ba48663abe7136d431ee55a664ac3986c785bd36f1ef2e5a71a03bf19033eef83a37326af2be99ed12275a54018c0ea0ae0f631a20e8dc8025148076a7c63bdebfe07aa815a9af0ac75b9fc176fccd158f718e7f", 0x6e, 0x20000000, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x28000014, r1, 0xfffffffffffffffc)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x10000, 0x0)
ioctl$EVIOCGPHYS(r3, 0x80404507, &(0x7f0000000100))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r4 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
write$P9_RRENAME(r4, &(0x7f0000000100)={0x7, 0x15, 0x2}, 0x7)

[ 1358.614811] loop3: p2 size 2 extends beyond EOD, truncated
[ 1358.645661] loop3: p3 start 201 is beyond EOD, truncated
[ 1358.647441] binder_release_work: 2 callbacks suppressed
[ 1358.647448] binder: undelivered TRANSACTION_ERROR: 29189
[ 1358.674133] loop3: p4 start 301 is beyond EOD, truncated
[ 1358.704808] loop3: p5 start 1 is beyond EOD, truncated
[ 1358.710475] binder: send failed reply for transaction 6300, target dead
21:37:29 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xf0ffffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1358.721602] loop3: p6 start 1 is beyond EOD, truncated
[ 1358.745404] binder: undelivered TRANSACTION_ERROR: 29189
[ 1358.755204] loop3: p7 start 1 is beyond EOD, truncated
[ 1358.761776] binder_alloc: 23110: binder_alloc_buf, no vma
[ 1358.773329] loop3: p8 start 1 is beyond EOD, truncated
[ 1358.779189] binder: 23110:23111 transaction failed 29189/-3, size 24-8 line 2973
[ 1358.797064] binder: undelivered TRANSACTION_ERROR: 29189
[ 1358.804232] binder: 23110:23111 got transaction to invalid handle
[ 1358.818939] loop3: p9 start 1 is beyond EOD, truncated
[ 1358.837731] binder: 23110:23111 transaction failed 29201/-22, size 0-0 line 2834
21:37:29 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x7400000000000000)

[ 1358.842709] loop3: p10 start 1 is beyond EOD, truncated
[ 1358.864928] loop3: p11 start 1 is beyond EOD, truncated
[ 1358.871012] binder: BINDER_SET_CONTEXT_MGR already set
[ 1358.880613] loop3: p12 start 1 is beyond EOD, truncated
[ 1358.886246] binder: 23110:23118 ioctl 40046207 0 returned -16
[ 1358.886427] binder_alloc: 23110: binder_alloc_buf, no vma
21:37:29 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x8000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1358.892332] loop3: p13 start 1 is beyond EOD, truncated
[ 1358.903958] loop3: p14 start 1 is beyond EOD, truncated
[ 1358.909692] loop3: p15 start 1 is beyond EOD, truncated
[ 1358.915313] loop3: p16 start 1 is beyond EOD, truncated
[ 1358.920896] loop3: p17 start 1 is beyond EOD, truncated
[ 1358.926543] loop3: p18 start 1 is beyond EOD, truncated
[ 1358.944362] loop3: p19 start 1 is beyond EOD, truncated
[ 1358.950381] binder: 23110:23119 transaction failed 29189/-3, size 24-8 line 2973
[ 1358.952418] binder_alloc: binder_alloc_mmap_handler: 23120 20ffd000-21000000 already mapped failed -16
[ 1358.967744] binder: 23110:23118 got transaction to invalid handle
[ 1358.978273] binder: undelivered TRANSACTION_ERROR: 29189
[ 1358.985054] binder: 23110:23118 transaction failed 29201/-22, size 0-0 line 2834
[ 1358.992732] loop3: p20 start 1 is beyond EOD, truncated
[ 1358.996498] binder: undelivered TRANSACTION_ERROR: 29201
[ 1359.002992] loop3: p21 start 1 is beyond EOD, truncated
[ 1359.009294] loop3: p22 start 1 is beyond EOD, truncated
[ 1359.018306] binder: undelivered TRANSACTION_ERROR: 29201
[ 1359.018482] binder_alloc: binder_alloc_mmap_handler: 23120 20001000-20004000 already mapped failed -16
[ 1359.030133] loop3: p23 start 1 is beyond EOD, truncated
[ 1359.036162] binder_alloc: binder_alloc_mmap_handler: 23120 20ffd000-21000000 already mapped failed -16
[ 1359.047283] loop3: p24 start 1 is beyond EOD, truncated
[ 1359.064880] loop3: p25 start 1 is beyond EOD, truncated
[ 1359.071769] loop3: p26 start 1 is beyond EOD, truncated
[ 1359.088413] loop3: p27 start 1 is beyond EOD, truncated
[ 1359.093959] loop3: p28 start 1 is beyond EOD, truncated
[ 1359.100514] loop3: p29 start 1 is beyond EOD, truncated
[ 1359.107467] loop3: p30 start 1 is beyond EOD, truncated
[ 1359.116661] loop3: p31 start 1 is beyond EOD, truncated
[ 1359.122149] loop3: p32 start 1 is beyond EOD, truncated
[ 1359.127816] loop3: p33 start 1 is beyond EOD, truncated
[ 1359.133292] loop3: p34 start 1 is beyond EOD, truncated
[ 1359.138846] loop3: p35 start 1 is beyond EOD, truncated
[ 1359.144328] loop3: p36 start 1 is beyond EOD, truncated
[ 1359.149908] loop3: p37 start 1 is beyond EOD, truncated
[ 1359.155448] loop3: p38 start 1 is beyond EOD, truncated
[ 1359.160933] loop3: p39 start 1 is beyond EOD, truncated
[ 1359.166877] loop3: p40 start 1 is beyond EOD, truncated
[ 1359.184023] loop3: p41 start 1 is beyond EOD, truncated
[ 1359.189562] loop3: p42 start 1 is beyond EOD, truncated
[ 1359.195219] loop3: p43 start 1 is beyond EOD, truncated
[ 1359.200718] loop3: p44 start 1 is beyond EOD, truncated
[ 1359.206248] loop3: p45 start 1 is beyond EOD, truncated
[ 1359.211715] loop3: p46 start 1 is beyond EOD, truncated
[ 1359.217544] loop3: p47 start 1 is beyond EOD, truncated
[ 1359.223011] loop3: p48 start 1 is beyond EOD, truncated
[ 1359.228559] loop3: p49 start 1 is beyond EOD, truncated
[ 1359.234219] loop3: p50 start 1 is beyond EOD, truncated
[ 1359.239870] loop3: p51 start 1 is beyond EOD, truncated
[ 1359.245530] loop3: p52 start 1 is beyond EOD, truncated
[ 1359.251129] loop3: p53 start 1 is beyond EOD, truncated
[ 1359.257787] loop3: p54 start 1 is beyond EOD, truncated
[ 1359.263258] loop3: p55 start 1 is beyond EOD, truncated
[ 1359.268827] loop3: p56 start 1 is beyond EOD, truncated
[ 1359.268840] loop3: p57 start 1 is beyond EOD, truncated
[ 1359.268852] loop3: p58 start 1 is beyond EOD, truncated
[ 1359.268864] loop3: p59 start 1 is beyond EOD, truncated
[ 1359.268875] loop3: p60 start 1 is beyond EOD, truncated
[ 1359.279778] loop3: p61 start 1 is beyond EOD, truncated
[ 1359.301351] loop3: p62 start 1 is beyond EOD, truncated
[ 1359.306777] loop3: p63 start 1 is beyond EOD, truncated
[ 1359.312150] loop3: p64 start 1 is beyond EOD, truncated
[ 1359.317638] loop3: p65 start 1 is beyond EOD, truncated
[ 1359.323021] loop3: p66 start 1 is beyond EOD, truncated
[ 1359.328451] loop3: p67 start 1 is beyond EOD, truncated
[ 1359.333833] loop3: p68 start 1 is beyond EOD, truncated
[ 1359.339272] loop3: p69 start 1 is beyond EOD, truncated
[ 1359.344741] loop3: p70 start 1 is beyond EOD, truncated
[ 1359.350114] loop3: p71 start 1 is beyond EOD, truncated
[ 1359.355820] loop3: p72 start 1 is beyond EOD, truncated
[ 1359.361201] loop3: p73 start 1 is beyond EOD, truncated
[ 1359.366659] loop3: p74 start 1 is beyond EOD, truncated
[ 1359.372265] loop3: p75 start 1 is beyond EOD, truncated
[ 1359.377755] loop3: p76 start 1 is beyond EOD, truncated
[ 1359.383138] loop3: p77 start 1 is beyond EOD, truncated
[ 1359.388577] loop3: p78 start 1 is beyond EOD, truncated
[ 1359.388591] loop3: p79 start 1 is beyond EOD, truncated
[ 1359.388603] loop3: p80 start 1 is beyond EOD, truncated
[ 1359.402178] loop3: p81 start 1 is beyond EOD, truncated
[ 1359.410256] loop3: p82 start 1 is beyond EOD, truncated
[ 1359.416664] loop3: p83 start 1 is beyond EOD, truncated
[ 1359.422049] loop3: p84 start 1 is beyond EOD, truncated
[ 1359.427518] loop3: p85 start 1 is beyond EOD, truncated
[ 1359.432921] loop3: p86 start 1 is beyond EOD, truncated
[ 1359.438512] loop3: p87 start 1 is beyond EOD, truncated
[ 1359.443892] loop3: p88 start 1 is beyond EOD, truncated
[ 1359.449303] loop3: p89 start 1 is beyond EOD, truncated
[ 1359.454751] loop3: p90 start 1 is beyond EOD, truncated
[ 1359.460119] loop3: p91 start 1 is beyond EOD, truncated
[ 1359.465550] loop3: p92 start 1 is beyond EOD, truncated
[ 1359.470931] loop3: p93 start 1 is beyond EOD, truncated
[ 1359.476369] loop3: p94 start 1 is beyond EOD, truncated
[ 1359.481757] loop3: p95 start 1 is beyond EOD, truncated
[ 1359.487172] loop3: p96 start 1 is beyond EOD, truncated
[ 1359.492572] loop3: p97 start 1 is beyond EOD, truncated
[ 1359.497979] loop3: p98 start 1 is beyond EOD, truncated
[ 1359.503547] loop3: p99 start 1 is beyond EOD, truncated
[ 1359.508963] loop3: p100 start 1 is beyond EOD, truncated
[ 1359.514445] loop3: p101 start 1 is beyond EOD, truncated
[ 1359.520751] loop3: p102 start 1 is beyond EOD, truncated
[ 1359.526282] loop3: p103 start 1 is beyond EOD, truncated
[ 1359.531739] loop3: p104 start 1 is beyond EOD, truncated
[ 1359.537277] loop3: p105 start 1 is beyond EOD, truncated
[ 1359.542733] loop3: p106 start 1 is beyond EOD, truncated
[ 1359.548235] loop3: p107 start 1 is beyond EOD, truncated
[ 1359.553705] loop3: p108 start 1 is beyond EOD, truncated
[ 1359.559213] loop3: p109 start 1 is beyond EOD, truncated
[ 1359.564716] loop3: p110 start 1 is beyond EOD, truncated
[ 1359.570162] loop3: p111 start 1 is beyond EOD, truncated
[ 1359.575687] loop3: p112 start 1 is beyond EOD, truncated
[ 1359.581157] loop3: p113 start 1 is beyond EOD, truncated
[ 1359.586657] loop3: p114 start 1 is beyond EOD, truncated
[ 1359.592151] loop3: p115 start 1 is beyond EOD, truncated
[ 1359.597699] loop3: p116 start 1 is beyond EOD, truncated
[ 1359.603165] loop3: p117 start 1 is beyond EOD, truncated
[ 1359.608663] loop3: p118 start 1 is beyond EOD, truncated
[ 1359.614157] loop3: p119 start 1 is beyond EOD, truncated
[ 1359.619692] loop3: p120 start 1 is beyond EOD, truncated
[ 1359.625194] loop3: p121 start 1 is beyond EOD, truncated
[ 1359.630640] loop3: p122 start 1 is beyond EOD, truncated
[ 1359.636141] loop3: p123 start 1 is beyond EOD, truncated
[ 1359.641597] loop3: p124 start 1 is beyond EOD, truncated
[ 1359.647099] loop3: p125 start 1 is beyond EOD, truncated
[ 1359.652569] loop3: p126 start 1 is beyond EOD, truncated
[ 1359.658090] loop3: p127 start 1 is beyond EOD, truncated
[ 1359.663559] loop3: p128 start 1 is beyond EOD, truncated
[ 1359.669099] loop3: p129 start 1 is beyond EOD, truncated
[ 1359.674614] loop3: p130 start 1 is beyond EOD, truncated
[ 1359.680080] loop3: p131 start 1 is beyond EOD, truncated
[ 1359.685592] loop3: p132 start 1 is beyond EOD, truncated
[ 1359.691092] loop3: p133 start 1 is beyond EOD, truncated
[ 1359.696595] loop3: p134 start 1 is beyond EOD, truncated
[ 1359.702059] loop3: p135 start 1 is beyond EOD, truncated
[ 1359.707568] loop3: p136 start 1 is beyond EOD, truncated
[ 1359.713024] loop3: p137 start 1 is beyond EOD, truncated
[ 1359.718538] loop3: p138 start 1 is beyond EOD, truncated
[ 1359.724031] loop3: p139 start 1 is beyond EOD, truncated
[ 1359.729563] loop3: p140 start 1 is beyond EOD, truncated
[ 1359.735052] loop3: p141 start 1 is beyond EOD, truncated
[ 1359.740493] loop3: p142 start 1 is beyond EOD, truncated
[ 1359.746012] loop3: p143 start 1 is beyond EOD, truncated
[ 1359.751467] loop3: p144 start 1 is beyond EOD, truncated
[ 1359.757008] loop3: p145 start 1 is beyond EOD, truncated
[ 1359.762465] loop3: p146 start 1 is beyond EOD, truncated
[ 1359.767966] loop3: p147 start 1 is beyond EOD, truncated
[ 1359.773434] loop3: p148 start 1 is beyond EOD, truncated
[ 1359.778947] loop3: p149 start 1 is beyond EOD, truncated
[ 1359.784419] loop3: p150 start 1 is beyond EOD, truncated
[ 1359.790086] loop3: p151 start 1 is beyond EOD, truncated
[ 1359.795596] loop3: p152 start 1 is beyond EOD, truncated
[ 1359.801055] loop3: p153 start 1 is beyond EOD, truncated
[ 1359.806598] loop3: p154 start 1 is beyond EOD, truncated
[ 1359.812065] loop3: p155 start 1 is beyond EOD, truncated
[ 1359.817562] loop3: p156 start 1 is beyond EOD, truncated
[ 1359.823028] loop3: p157 start 1 is beyond EOD, truncated
[ 1359.828523] loop3: p158 start 1 is beyond EOD, truncated
[ 1359.834035] loop3: p159 start 1 is beyond EOD, truncated
[ 1359.839542] loop3: p160 start 1 is beyond EOD, truncated
[ 1359.845058] loop3: p161 start 1 is beyond EOD, truncated
[ 1359.850498] loop3: p162 start 1 is beyond EOD, truncated
[ 1359.856057] loop3: p163 start 1 is beyond EOD, truncated
[ 1359.861538] loop3: p164 start 1 is beyond EOD, truncated
[ 1359.867077] loop3: p165 start 1 is beyond EOD, truncated
[ 1359.872549] loop3: p166 start 1 is beyond EOD, truncated
[ 1359.878047] loop3: p167 start 1 is beyond EOD, truncated
[ 1359.883527] loop3: p168 start 1 is beyond EOD, truncated
[ 1359.889037] loop3: p169 start 1 is beyond EOD, truncated
[ 1359.894499] loop3: p170 start 1 is beyond EOD, truncated
[ 1359.899997] loop3: p171 start 1 is beyond EOD, truncated
[ 1359.905500] loop3: p172 start 1 is beyond EOD, truncated
[ 1359.910945] loop3: p173 start 1 is beyond EOD, truncated
[ 1359.916460] loop3: p174 start 1 is beyond EOD, truncated
[ 1359.921931] loop3: p175 start 1 is beyond EOD, truncated
[ 1359.927468] loop3: p176 start 1 is beyond EOD, truncated
[ 1359.932969] loop3: p177 start 1 is beyond EOD, truncated
[ 1359.938487] loop3: p178 start 1 is beyond EOD, truncated
[ 1359.943975] loop3: p179 start 1 is beyond EOD, truncated
[ 1359.949528] loop3: p180 start 1 is beyond EOD, truncated
[ 1359.955025] loop3: p181 start 1 is beyond EOD, truncated
[ 1359.960464] loop3: p182 start 1 is beyond EOD, truncated
[ 1359.965964] loop3: p183 start 1 is beyond EOD, truncated
[ 1359.971433] loop3: p184 start 1 is beyond EOD, truncated
[ 1359.976945] loop3: p185 start 1 is beyond EOD, truncated
[ 1359.982405] loop3: p186 start 1 is beyond EOD, truncated
[ 1359.987923] loop3: p187 start 1 is beyond EOD, truncated
[ 1359.993389] loop3: p188 start 1 is beyond EOD, truncated
[ 1359.998886] loop3: p189 start 1 is beyond EOD, truncated
[ 1360.004363] loop3: p190 start 1 is beyond EOD, truncated
[ 1360.009861] loop3: p191 start 1 is beyond EOD, truncated
[ 1360.015362] loop3: p192 start 1 is beyond EOD, truncated
[ 1360.020803] loop3: p193 start 1 is beyond EOD, truncated
[ 1360.026309] loop3: p194 start 1 is beyond EOD, truncated
[ 1360.031764] loop3: p195 start 1 is beyond EOD, truncated
[ 1360.037285] loop3: p196 start 1 is beyond EOD, truncated
[ 1360.042798] loop3: p197 start 1 is beyond EOD, truncated
[ 1360.048291] loop3: p198 start 1 is beyond EOD, truncated
[ 1360.053761] loop3: p199 start 1 is beyond EOD, truncated
[ 1360.059258] loop3: p200 start 1 is beyond EOD, truncated
[ 1360.064750] loop3: p201 start 1 is beyond EOD, truncated
[ 1360.070187] loop3: p202 start 1 is beyond EOD, truncated
[ 1360.075776] loop3: p203 start 1 is beyond EOD, truncated
[ 1360.081232] loop3: p204 start 1 is beyond EOD, truncated
[ 1360.086754] loop3: p205 start 1 is beyond EOD, truncated
[ 1360.092220] loop3: p206 start 1 is beyond EOD, truncated
[ 1360.097742] loop3: p207 start 1 is beyond EOD, truncated
[ 1360.103212] loop3: p208 start 1 is beyond EOD, truncated
[ 1360.108727] loop3: p209 start 1 is beyond EOD, truncated
[ 1360.114200] loop3: p210 start 1 is beyond EOD, truncated
[ 1360.119727] loop3: p211 start 1 is beyond EOD, truncated
[ 1360.125213] loop3: p212 start 1 is beyond EOD, truncated
[ 1360.130651] loop3: p213 start 1 is beyond EOD, truncated
[ 1360.136236] loop3: p214 start 1 is beyond EOD, truncated
[ 1360.141698] loop3: p215 start 1 is beyond EOD, truncated
[ 1360.147190] loop3: p216 start 1 is beyond EOD, truncated
[ 1360.152663] loop3: p217 start 1 is beyond EOD, truncated
[ 1360.158160] loop3: p218 start 1 is beyond EOD, truncated
[ 1360.163642] loop3: p219 start 1 is beyond EOD, truncated
[ 1360.169139] loop3: p220 start 1 is beyond EOD, truncated
[ 1360.174680] loop3: p221 start 1 is beyond EOD, truncated
[ 1360.180131] loop3: p222 start 1 is beyond EOD, truncated
[ 1360.185639] loop3: p223 start 1 is beyond EOD, truncated
[ 1360.191113] loop3: p224 start 1 is beyond EOD, truncated
[ 1360.196618] loop3: p225 start 1 is beyond EOD, truncated
[ 1360.202099] loop3: p226 start 1 is beyond EOD, truncated
[ 1360.207613] loop3: p227 start 1 is beyond EOD, truncated
[ 1360.213095] loop3: p228 start 1 is beyond EOD, truncated
[ 1360.218585] loop3: p229 start 1 is beyond EOD, truncated
[ 1360.224097] loop3: p230 start 1 is beyond EOD, truncated
[ 1360.229614] loop3: p231 start 1 is beyond EOD, truncated
[ 1360.235233] loop3: p232 start 1 is beyond EOD, truncated
[ 1360.240678] loop3: p233 start 1 is beyond EOD, truncated
[ 1360.246216] loop3: p234 start 1 is beyond EOD, truncated
[ 1360.251674] loop3: p235 start 1 is beyond EOD, truncated
[ 1360.257179] loop3: p236 start 1 is beyond EOD, truncated
[ 1360.262639] loop3: p237 start 1 is beyond EOD, truncated
[ 1360.268145] loop3: p238 start 1 is beyond EOD, truncated
[ 1360.273618] loop3: p239 start 1 is beyond EOD, truncated
[ 1360.279123] loop3: p240 start 1 is beyond EOD, truncated
[ 1360.284680] loop3: p241 start 1 is beyond EOD, truncated
[ 1360.290130] loop3: p242 start 1 is beyond EOD, truncated
[ 1360.295639] loop3: p243 start 1 is beyond EOD, truncated
[ 1360.301116] loop3: p244 start 1 is beyond EOD, truncated
[ 1360.306607] loop3: p245 start 1 is beyond EOD, truncated
[ 1360.312090] loop3: p246 start 1 is beyond EOD, truncated
[ 1360.317605] loop3: p247 start 1 is beyond EOD, truncated
[ 1360.323066] loop3: p248 start 1 is beyond EOD, truncated
[ 1360.328572] loop3: p249 start 1 is beyond EOD, truncated
[ 1360.334042] loop3: p250 start 1 is beyond EOD, truncated
[ 1360.339554] loop3: p251 start 1 is beyond EOD, truncated
[ 1360.345074] loop3: p252 start 1 is beyond EOD, truncated
[ 1360.350545] loop3: p253 start 1 is beyond EOD, truncated
[ 1360.356074] loop3: p254 start 1 is beyond EOD, truncated
[ 1360.361556] loop3: p255 start 1 is beyond EOD, truncated
21:37:32 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\xff', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:32 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x11]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:32 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x5000000)

21:37:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:32 executing program 4:
pipe2(&(0x7f0000000000), 0x4000)
syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x2, 0x400)
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000001180), 0x1000)
pipe(&(0x7f0000000040))

21:37:32 executing program 3:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1361.414005] binder: release 23144:23148 transaction 6311 out, still active
[ 1361.423876] binder_alloc: 23144: binder_alloc_buf, no vma
[ 1361.432999] binder: unexpected work type, 4, not freed
[ 1361.437439] binder_alloc: binder_alloc_mmap_handler: 23141 20ffd000-21000000 already mapped failed -16
[ 1361.455443] binder: undelivered TRANSACTION_COMPLETE
[ 1361.461509] binder: 23144:23148 transaction failed 29189/-3, size 0-0 line 2973
[ 1361.479506] binder_alloc: binder_alloc_mmap_handler: 23144 20001000-20004000 already mapped failed -16
[ 1361.490489] binder_alloc: binder_alloc_mmap_handler: 23141 20001000-20004000 already mapped failed -16
21:37:32 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xfffffffffffff000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1361.508672]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1361.508684] loop3: partition table partially beyond EOD, 
[ 1361.518328] binder_alloc: binder_alloc_mmap_handler: 23141 20ffd000-21000000 already mapped failed -16
[ 1361.601161] binder: BINDER_SET_CONTEXT_MGR already set
[ 1361.618785] binder_alloc: 23144: binder_alloc_buf, no vma
[ 1361.627675] binder: 23144:23159 transaction failed 29189/-3, size 24-8 line 2973
[ 1361.635674] binder: 23144:23148 ioctl 40046207 0 returned -16
[ 1361.656098] binder: undelivered TRANSACTION_ERROR: 29189
[ 1361.665058] binder: undelivered TRANSACTION_ERROR: 29189
21:37:32 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0xa00000000000000)

21:37:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bcsf0\x00', <r3=>0x0})
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000100)={{{@in6=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@remote}}, &(0x7f0000000280)=0xe8)
setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@mcast1, @in6, 0x4e22, 0x0, 0x4e22, 0x5, 0xa, 0xa0, 0x80, 0x0, r3, r4}, {0x8625, 0xfffffffffffffffe, 0x8000, 0x200, 0x4, 0x5, 0x3ff, 0x4}, {0x10001, 0x3, 0xfff, 0x81}, 0x289d, 0x0, 0x0, 0x1, 0x2, 0x2}, {{@in6=@dev={0xfe, 0x80, [], 0x1b}, 0x4d4}, 0x0, @in=@rand_addr=0x6, 0x3504, 0x4, 0x2, 0x0, 0x7fffffff, 0x0, 0xd459}}, 0xe8)

[ 1361.701996] binder: send failed reply for transaction 6311, target dead
21:37:32 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xffff000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1361.765324] truncated
[ 1361.778137] loop3: p1 start 1 is beyond EOD, truncated
[ 1361.794944] loop3: p2 size 2 extends beyond EOD, truncated
[ 1361.823873] loop3: p3 start 201 is beyond EOD, truncated
[ 1361.854766] loop3: p4 start 301 is beyond EOD, truncated
[ 1361.871325] loop3: p5 start 1 is beyond EOD, truncated
[ 1361.877002] loop3: p6 start 1 is beyond EOD, truncated
[ 1361.882818] loop3: p7 start 1 is beyond EOD, truncated
[ 1361.895421] binder: release 23172:23173 transaction 6317 out, still active
21:37:32 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x6c00)

[ 1361.902880] binder_alloc: 23172: binder_alloc_buf, no vma
[ 1361.904477] loop3: p8 start 1 is beyond EOD, truncated
[ 1361.912124] binder: unexpected work type, 4, not freed
[ 1361.920599] loop3: p9 start 1 is beyond EOD, truncated
[ 1361.933879] loop3: p10 start 1 is beyond EOD, truncated
[ 1361.939766] binder: 23172:23173 transaction failed 29189/-3, size 0-0 line 2973
[ 1361.942292] binder: undelivered TRANSACTION_COMPLETE
21:37:32 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xfffff000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1361.950767] loop3: p11 start 1 is beyond EOD, truncated
[ 1361.962267] binder: 23172:23178 ioctl 8933 200000c0 returned -22
[ 1361.977241] loop3: p12 start 1 is beyond EOD, truncated
[ 1361.983012] loop3: p13 start 1 is beyond EOD, truncated
[ 1361.988822] loop3: p14 start 1 is beyond EOD, truncated
[ 1362.008433] binder: BINDER_SET_CONTEXT_MGR already set
[ 1362.015827] binder_alloc: 23172: binder_alloc_buf, no vma
[ 1362.023103] loop3: p15 start 1 is beyond EOD, truncated
[ 1362.028946] binder: 23172:23178 transaction failed 29189/-3, size 24-8 line 2973
[ 1362.037446] loop3: p16 start 1 is beyond EOD, truncated
[ 1362.042340] binder: 23172:23173 ioctl 40046207 0 returned -16
[ 1362.046137] binder: undelivered TRANSACTION_ERROR: 29189
[ 1362.054935] binder: 23172:23185 got transaction to invalid handle
[ 1362.061460] loop3: p17 start 1 is beyond EOD, truncated
[ 1362.067184] loop3: p18 start 1 is beyond EOD, truncated
[ 1362.073232] binder: undelivered TRANSACTION_ERROR: 29189
[ 1362.073371] binder: 23172:23173 ioctl 8933 200000c0 returned -22
[ 1362.079172] binder: send failed reply for transaction 6317, target dead
[ 1362.092913] loop3: p19 start 1 is beyond EOD, truncated
[ 1362.098641] loop3: p20 start 1 is beyond EOD, truncated
[ 1362.104454] loop3: p21 start 1 is beyond EOD, truncated
[ 1362.126825] loop3: p22 start 1 is beyond EOD, truncated
[ 1362.143545] loop3: p23 start 1 is beyond EOD, truncated
[ 1362.170010] loop3: p24 start 1 is beyond EOD, truncated
[ 1362.176278] loop3: p25 start 1 is beyond EOD, truncated
[ 1362.182008] loop3: p26 start 1 is beyond EOD, truncated
[ 1362.187702] loop3: p27 start 1 is beyond EOD, truncated
[ 1362.193207] loop3: p28 start 1 is beyond EOD, truncated
[ 1362.198954] loop3: p29 start 1 is beyond EOD, truncated
[ 1362.204425] loop3: p30 start 1 is beyond EOD, truncated
[ 1362.210065] loop3: p31 start 1 is beyond EOD, truncated
[ 1362.215532] loop3: p32 start 1 is beyond EOD, truncated
[ 1362.220914] loop3: p33 start 1 is beyond EOD, truncated
[ 1362.226380] loop3: p34 start 1 is beyond EOD, truncated
[ 1362.231750] loop3: p35 start 1 is beyond EOD, truncated
[ 1362.237155] loop3: p36 start 1 is beyond EOD, truncated
[ 1362.242543] loop3: p37 start 1 is beyond EOD, truncated
[ 1362.247969] loop3: p38 start 1 is beyond EOD, truncated
[ 1362.253334] loop3: p39 start 1 is beyond EOD, truncated
[ 1362.258773] loop3: p40 start 1 is beyond EOD, truncated
[ 1362.264142] loop3: p41 start 1 is beyond EOD, truncated
[ 1362.269673] loop3: p42 start 1 is beyond EOD, truncated
[ 1362.275198] loop3: p43 start 1 is beyond EOD, truncated
[ 1362.284762] loop3: p44 start 1 is beyond EOD, truncated
[ 1362.290151] loop3: p45 start 1 is beyond EOD, truncated
[ 1362.314811] loop3: p46 start 1 is beyond EOD, truncated
[ 1362.320829] loop3: p47 start 1 is beyond EOD, truncated
[ 1362.326921] loop3: p48 start 1 is beyond EOD, truncated
[ 1362.332454] loop3: p49 start 1 is beyond EOD, truncated
[ 1362.338657] loop3: p50 start 1 is beyond EOD, truncated
[ 1362.347402] loop3: p51 start 1 is beyond EOD, truncated
[ 1362.352783] loop3: p52 start 1 is beyond EOD, truncated
[ 1362.358199] loop3: p53 start 1 is beyond EOD, truncated
[ 1362.363583] loop3: p54 start 1 is beyond EOD, truncated
[ 1362.368988] loop3: p55 start 1 is beyond EOD, truncated
[ 1362.374644] loop3: p56 start 1 is beyond EOD, truncated
[ 1362.380013] loop3: p57 start 1 is beyond EOD, truncated
[ 1362.386205] loop3: p58 start 1 is beyond EOD, truncated
[ 1362.391782] loop3: p59 start 1 is beyond EOD, truncated
[ 1362.397267] loop3: p60 start 1 is beyond EOD, truncated
[ 1362.402642] loop3: p61 start 1 is beyond EOD, truncated
[ 1362.408065] loop3: p62 start 1 is beyond EOD, truncated
[ 1362.413429] loop3: p63 start 1 is beyond EOD, truncated
[ 1362.418870] loop3: p64 start 1 is beyond EOD, truncated
[ 1362.424246] loop3: p65 start 1 is beyond EOD, truncated
[ 1362.429714] loop3: p66 start 1 is beyond EOD, truncated
[ 1362.435134] loop3: p67 start 1 is beyond EOD, truncated
[ 1362.440505] loop3: p68 start 1 is beyond EOD, truncated
[ 1362.445952] loop3: p69 start 1 is beyond EOD, truncated
[ 1362.451331] loop3: p70 start 1 is beyond EOD, truncated
[ 1362.456768] loop3: p71 start 1 is beyond EOD, truncated
[ 1362.462138] loop3: p72 start 1 is beyond EOD, truncated
[ 1362.467539] loop3: p73 start 1 is beyond EOD, truncated
[ 1362.472920] loop3: p74 start 1 is beyond EOD, truncated
[ 1362.478467] loop3: p75 start 1 is beyond EOD, truncated
[ 1362.483879] loop3: p76 start 1 is beyond EOD, truncated
[ 1362.489312] loop3: p77 start 1 is beyond EOD, truncated
[ 1362.494795] loop3: p78 start 1 is beyond EOD, truncated
[ 1362.500153] loop3: p79 start 1 is beyond EOD, truncated
[ 1362.505577] loop3: p80 start 1 is beyond EOD, truncated
[ 1362.510978] loop3: p81 start 1 is beyond EOD, truncated
[ 1362.517138] loop3: p82 start 1 is beyond EOD, truncated
[ 1362.522509] loop3: p83 start 1 is beyond EOD, truncated
[ 1362.528010] loop3: p84 start 1 is beyond EOD, truncated
[ 1362.533386] loop3: p85 start 1 is beyond EOD, truncated
[ 1362.538822] loop3: p86 start 1 is beyond EOD, truncated
[ 1362.544199] loop3: p87 start 1 is beyond EOD, truncated
[ 1362.549636] loop3: p88 start 1 is beyond EOD, truncated
[ 1362.555050] loop3: p89 start 1 is beyond EOD, truncated
[ 1362.560408] loop3: p90 start 1 is beyond EOD, truncated
[ 1362.565822] loop3: p91 start 1 is beyond EOD, truncated
[ 1362.571212] loop3: p92 start 1 is beyond EOD, truncated
[ 1362.576645] loop3: p93 start 1 is beyond EOD, truncated
[ 1362.582017] loop3: p94 start 1 is beyond EOD, truncated
[ 1362.587486] loop3: p95 start 1 is beyond EOD, truncated
[ 1362.592858] loop3: p96 start 1 is beyond EOD, truncated
[ 1362.598268] loop3: p97 start 1 is beyond EOD, truncated
[ 1362.603652] loop3: p98 start 1 is beyond EOD, truncated
[ 1362.609060] loop3: p99 start 1 is beyond EOD, truncated
[ 1362.614439] loop3: p100 start 1 is beyond EOD, truncated
[ 1362.619953] loop3: p101 start 1 is beyond EOD, truncated
[ 1362.625480] loop3: p102 start 1 is beyond EOD, truncated
[ 1362.630925] loop3: p103 start 1 is beyond EOD, truncated
[ 1362.636545] loop3: p104 start 1 is beyond EOD, truncated
[ 1362.642002] loop3: p105 start 1 is beyond EOD, truncated
[ 1362.648385] loop3: p106 start 1 is beyond EOD, truncated
[ 1362.653843] loop3: p107 start 1 is beyond EOD, truncated
[ 1362.659496] loop3: p108 start 1 is beyond EOD, truncated
[ 1362.665046] loop3: p109 start 1 is beyond EOD, truncated
[ 1362.670501] loop3: p110 start 1 is beyond EOD, truncated
[ 1362.676003] loop3: p111 start 1 is beyond EOD, truncated
[ 1362.681475] loop3: p112 start 1 is beyond EOD, truncated
[ 1362.686970] loop3: p113 start 1 is beyond EOD, truncated
[ 1362.692433] loop3: p114 start 1 is beyond EOD, truncated
[ 1362.697952] loop3: p115 start 1 is beyond EOD, truncated
[ 1362.703410] loop3: p116 start 1 is beyond EOD, truncated
[ 1362.708905] loop3: p117 start 1 is beyond EOD, truncated
[ 1362.714364] loop3: p118 start 1 is beyond EOD, truncated
[ 1362.719884] loop3: p119 start 1 is beyond EOD, truncated
[ 1362.725369] loop3: p120 start 1 is beyond EOD, truncated
[ 1362.730813] loop3: p121 start 1 is beyond EOD, truncated
[ 1362.736311] loop3: p122 start 1 is beyond EOD, truncated
[ 1362.741779] loop3: p123 start 1 is beyond EOD, truncated
[ 1362.747272] loop3: p124 start 1 is beyond EOD, truncated
[ 1362.752774] loop3: p125 start 1 is beyond EOD, truncated
[ 1362.758276] loop3: p126 start 1 is beyond EOD, truncated
[ 1362.763731] loop3: p127 start 1 is beyond EOD, truncated
[ 1362.769227] loop3: p128 start 1 is beyond EOD, truncated
[ 1362.775299] loop3: p129 start 1 is beyond EOD, truncated
[ 1362.780789] loop3: p130 start 1 is beyond EOD, truncated
[ 1362.786297] loop3: p131 start 1 is beyond EOD, truncated
[ 1362.791801] loop3: p132 start 1 is beyond EOD, truncated
[ 1362.797311] loop3: p133 start 1 is beyond EOD, truncated
[ 1362.802807] loop3: p134 start 1 is beyond EOD, truncated
[ 1362.808300] loop3: p135 start 1 is beyond EOD, truncated
[ 1362.813777] loop3: p136 start 1 is beyond EOD, truncated
[ 1362.819268] loop3: p137 start 1 is beyond EOD, truncated
[ 1362.824794] loop3: p138 start 1 is beyond EOD, truncated
[ 1362.830255] loop3: p139 start 1 is beyond EOD, truncated
[ 1362.835759] loop3: p140 start 1 is beyond EOD, truncated
[ 1362.841220] loop3: p141 start 1 is beyond EOD, truncated
[ 1362.846747] loop3: p142 start 1 is beyond EOD, truncated
[ 1362.852208] loop3: p143 start 1 is beyond EOD, truncated
[ 1362.857715] loop3: p144 start 1 is beyond EOD, truncated
[ 1362.863186] loop3: p145 start 1 is beyond EOD, truncated
[ 1362.868720] loop3: p146 start 1 is beyond EOD, truncated
[ 1362.874196] loop3: p147 start 1 is beyond EOD, truncated
[ 1362.879767] loop3: p148 start 1 is beyond EOD, truncated
[ 1362.885318] loop3: p149 start 1 is beyond EOD, truncated
[ 1362.890822] loop3: p150 start 1 is beyond EOD, truncated
[ 1362.896370] loop3: p151 start 1 is beyond EOD, truncated
[ 1362.901845] loop3: p152 start 1 is beyond EOD, truncated
[ 1362.908169] loop3: p153 start 1 is beyond EOD, truncated
[ 1362.913656] loop3: p154 start 1 is beyond EOD, truncated
[ 1362.919216] loop3: p155 start 1 is beyond EOD, truncated
[ 1362.924720] loop3: p156 start 1 is beyond EOD, truncated
[ 1362.930175] loop3: p157 start 1 is beyond EOD, truncated
[ 1362.935682] loop3: p158 start 1 is beyond EOD, truncated
[ 1362.941172] loop3: p159 start 1 is beyond EOD, truncated
[ 1362.946685] loop3: p160 start 1 is beyond EOD, truncated
[ 1362.952155] loop3: p161 start 1 is beyond EOD, truncated
[ 1362.957686] loop3: p162 start 1 is beyond EOD, truncated
[ 1362.963146] loop3: p163 start 1 is beyond EOD, truncated
[ 1362.968654] loop3: p164 start 1 is beyond EOD, truncated
[ 1362.974112] loop3: p165 start 1 is beyond EOD, truncated
[ 1362.979642] loop3: p166 start 1 is beyond EOD, truncated
[ 1362.985128] loop3: p167 start 1 is beyond EOD, truncated
[ 1362.990589] loop3: p168 start 1 is beyond EOD, truncated
[ 1362.996122] loop3: p169 start 1 is beyond EOD, truncated
[ 1363.001584] loop3: p170 start 1 is beyond EOD, truncated
[ 1363.007088] loop3: p171 start 1 is beyond EOD, truncated
[ 1363.012554] loop3: p172 start 1 is beyond EOD, truncated
[ 1363.018118] loop3: p173 start 1 is beyond EOD, truncated
[ 1363.023575] loop3: p174 start 1 is beyond EOD, truncated
[ 1363.029068] loop3: p175 start 1 is beyond EOD, truncated
[ 1363.034554] loop3: p176 start 1 is beyond EOD, truncated
[ 1363.040752] loop3: p177 start 1 is beyond EOD, truncated
[ 1363.046277] loop3: p178 start 1 is beyond EOD, truncated
[ 1363.051731] loop3: p179 start 1 is beyond EOD, truncated
[ 1363.057226] loop3: p180 start 1 is beyond EOD, truncated
[ 1363.062720] loop3: p181 start 1 is beyond EOD, truncated
[ 1363.068244] loop3: p182 start 1 is beyond EOD, truncated
[ 1363.073698] loop3: p183 start 1 is beyond EOD, truncated
[ 1363.079195] loop3: p184 start 1 is beyond EOD, truncated
[ 1363.084706] loop3: p185 start 1 is beyond EOD, truncated
[ 1363.090152] loop3: p186 start 1 is beyond EOD, truncated
[ 1363.095670] loop3: p187 start 1 is beyond EOD, truncated
[ 1363.101142] loop3: p188 start 1 is beyond EOD, truncated
[ 1363.106695] loop3: p189 start 1 is beyond EOD, truncated
[ 1363.112154] loop3: p190 start 1 is beyond EOD, truncated
[ 1363.117833] loop3: p191 start 1 is beyond EOD, truncated
[ 1363.123298] loop3: p192 start 1 is beyond EOD, truncated
[ 1363.128807] loop3: p193 start 1 is beyond EOD, truncated
[ 1363.134304] loop3: p194 start 1 is beyond EOD, truncated
[ 1363.139814] loop3: p195 start 1 is beyond EOD, truncated
[ 1363.145332] loop3: p196 start 1 is beyond EOD, truncated
[ 1363.150783] loop3: p197 start 1 is beyond EOD, truncated
[ 1363.156275] loop3: p198 start 1 is beyond EOD, truncated
[ 1363.161759] loop3: p199 start 1 is beyond EOD, truncated
[ 1363.168070] loop3: p200 start 1 is beyond EOD, truncated
[ 1363.173529] loop3: p201 start 1 is beyond EOD, truncated
[ 1363.179020] loop3: p202 start 1 is beyond EOD, truncated
[ 1363.184496] loop3: p203 start 1 is beyond EOD, truncated
[ 1363.190055] loop3: p204 start 1 is beyond EOD, truncated
[ 1363.195578] loop3: p205 start 1 is beyond EOD, truncated
[ 1363.201016] loop3: p206 start 1 is beyond EOD, truncated
[ 1363.206515] loop3: p207 start 1 is beyond EOD, truncated
[ 1363.211989] loop3: p208 start 1 is beyond EOD, truncated
[ 1363.217506] loop3: p209 start 1 is beyond EOD, truncated
[ 1363.222974] loop3: p210 start 1 is beyond EOD, truncated
[ 1363.228474] loop3: p211 start 1 is beyond EOD, truncated
[ 1363.233964] loop3: p212 start 1 is beyond EOD, truncated
[ 1363.239480] loop3: p213 start 1 is beyond EOD, truncated
[ 1363.244996] loop3: p214 start 1 is beyond EOD, truncated
[ 1363.250452] loop3: p215 start 1 is beyond EOD, truncated
[ 1363.255967] loop3: p216 start 1 is beyond EOD, truncated
[ 1363.261441] loop3: p217 start 1 is beyond EOD, truncated
[ 1363.267019] loop3: p218 start 1 is beyond EOD, truncated
[ 1363.272496] loop3: p219 start 1 is beyond EOD, truncated
[ 1363.278127] loop3: p220 start 1 is beyond EOD, truncated
[ 1363.283585] loop3: p221 start 1 is beyond EOD, truncated
[ 1363.289112] loop3: p222 start 1 is beyond EOD, truncated
[ 1363.295296] loop3: p223 start 1 is beyond EOD, truncated
[ 1363.300743] loop3: p224 start 1 is beyond EOD, truncated
[ 1363.306267] loop3: p225 start 1 is beyond EOD, truncated
[ 1363.311767] loop3: p226 start 1 is beyond EOD, truncated
[ 1363.317324] loop3: p227 start 1 is beyond EOD, truncated
[ 1363.322796] loop3: p228 start 1 is beyond EOD, truncated
[ 1363.328322] loop3: p229 start 1 is beyond EOD, truncated
[ 1363.333804] loop3: p230 start 1 is beyond EOD, truncated
[ 1363.339320] loop3: p231 start 1 is beyond EOD, truncated
[ 1363.344840] loop3: p232 start 1 is beyond EOD, truncated
[ 1363.350277] loop3: p233 start 1 is beyond EOD, truncated
[ 1363.355762] loop3: p234 start 1 is beyond EOD, truncated
[ 1363.361228] loop3: p235 start 1 is beyond EOD, truncated
[ 1363.366757] loop3: p236 start 1 is beyond EOD, truncated
[ 1363.372211] loop3: p237 start 1 is beyond EOD, truncated
[ 1363.377709] loop3: p238 start 1 is beyond EOD, truncated
[ 1363.383169] loop3: p239 start 1 is beyond EOD, truncated
[ 1363.388699] loop3: p240 start 1 is beyond EOD, truncated
[ 1363.394196] loop3: p241 start 1 is beyond EOD, truncated
[ 1363.399711] loop3: p242 start 1 is beyond EOD, truncated
[ 1363.405199] loop3: p243 start 1 is beyond EOD, truncated
[ 1363.410644] loop3: p244 start 1 is beyond EOD, truncated
[ 1363.416137] loop3: p245 start 1 is beyond EOD, truncated
[ 1363.421602] loop3: p246 start 1 is beyond EOD, truncated
[ 1363.427934] loop3: p247 start 1 is beyond EOD, truncated
[ 1363.433425] loop3: p248 start 1 is beyond EOD, truncated
[ 1363.438939] loop3: p249 start 1 is beyond EOD, truncated
[ 1363.444412] loop3: p250 start 1 is beyond EOD, truncated
[ 1363.449964] loop3: p251 start 1 is beyond EOD, truncated
[ 1363.455492] loop3: p252 start 1 is beyond EOD, truncated
[ 1363.460958] loop3: p253 start 1 is beyond EOD, truncated
[ 1363.466456] loop3: p254 start 1 is beyond EOD, truncated
[ 1363.471914] loop3: p255 start 1 is beyond EOD, truncated
21:37:35 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\a', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:35 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xb000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:35 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x7a00)

21:37:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x800)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x8, @ipv4={[], [], @multicast1}, 0x8}, @in6={0xa, 0x4e21, 0x200, @empty, 0xfffffffffffffff7}, @in6={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x11}, 0x1}, @in6={0xa, 0x4e23, 0x66, @loopback}, @in6={0xa, 0x4e23, 0x4, @local, 0x3}, @in6={0xa, 0x4e21, 0x6, @ipv4={[], [], @multicast1}, 0x6}], 0xa8)
ioctl$VIDIOC_SUBDEV_S_CROP(r1, 0xc038563c, &(0x7f00000001c0)={0x0, 0x0, {0x851, 0x9, 0x40, 0x1}})
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xffffffffffffffdf, 0x0, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0})
dup3(r2, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:35 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x7, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000180), 0x1000)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control\x00', 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000001180)={<r2=>0x0, @in={{0x2, 0x4e20, @multicast1}}, 0xfffffffffffffe67, 0x1ff}, &(0x7f0000000000)=0x90)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r2, 0x8}, &(0x7f0000000100)=0x8)

21:37:35 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1364.538963] binder: 23201:23204 got transaction to invalid handle
[ 1364.547075] binder_alloc_mmap_handler: 5 callbacks suppressed
[ 1364.547094] binder_alloc: binder_alloc_mmap_handler: 23196 20001000-20004000 already mapped failed -16
[ 1364.561082] binder_transaction: 1 callbacks suppressed
[ 1364.561102] binder: 23201:23204 transaction failed 29201/-22, size 0-0 line 2834
[ 1364.601568]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
21:37:35 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x3f000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1364.601583] loop3: partition table partially beyond EOD, truncated
[ 1364.707260] binder: BINDER_SET_CONTEXT_MGR already set
[ 1364.716968] loop3: p1 start 1 is beyond EOD, truncated
[ 1364.717886] binder: 23201:23215 ioctl 40046207 0 returned -16
[ 1364.731065] loop3: p2 size 2 extends beyond EOD, truncated
[ 1364.752682] loop3: p3 start 201 is beyond EOD, truncated
21:37:35 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x5)

[ 1364.778589] binder: 23201:23214 got transaction to invalid handle
[ 1364.779557] loop3: p4 start 301 is beyond EOD, truncated
[ 1364.805754] loop3: p5 start 1 is beyond EOD, truncated
[ 1364.824252] binder: 23201:23214 transaction failed 29201/-22, size 0-0 line 2834
[ 1364.826336] loop3: p6 start 1 is beyond EOD, truncated
[ 1364.867749] binder_release_work: 1 callbacks suppressed
[ 1364.867757] binder: undelivered TRANSACTION_ERROR: 29201
[ 1364.878304] loop3: p7 start 1 is beyond EOD, truncated
21:37:35 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x4]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1364.902240] binder: undelivered TRANSACTION_ERROR: 29201
[ 1364.909288] loop3: p8 start 1 is beyond EOD, truncated
[ 1364.927902] binder_alloc: binder_alloc_mmap_handler: 23220 20001000-20004000 already mapped failed -16
[ 1364.937595] loop3: p9 start 1 is beyond EOD, truncated
21:37:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x30000, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x10900, 0x0)
ioctl$TIOCMBIS(r2, 0x5416, &(0x7f0000000100)=0x7e22)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r0, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1364.956427] loop3: p10 start 1 is beyond EOD, truncated
[ 1364.963661] loop3: p11 start 1 is beyond EOD, truncated
[ 1364.971710] loop3: p12 start 1 is beyond EOD, truncated
[ 1364.993364] loop3: p13 start 1 is beyond EOD, truncated
[ 1365.003605] loop3: p14 start 1 is beyond EOD, truncated
[ 1365.020336] loop3: p15 start 1 is beyond EOD, truncated
[ 1365.038475] loop3: p16 start 1 is beyond EOD, truncated
[ 1365.046790] loop3: p17 start 1 is beyond EOD, truncated
21:37:36 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x4c)

21:37:36 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x96a2a62008]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1365.048957] binder: 23228:23230 got transaction to context manager from process owning it
[ 1365.073805] binder: 23228:23230 transaction failed 29201/-22, size 24-8 line 2825
[ 1365.082574] loop3: p18 start 1 is beyond EOD, truncated
[ 1365.087506] binder: 23228:23230 got transaction to invalid handle
[ 1365.095137] binder: 23228:23230 transaction failed 29201/-22, size 0-0 line 2834
[ 1365.107205] binder_alloc: binder_alloc_mmap_handler: 23228 20001000-20004000 already mapped failed -16
[ 1365.117398] binder: BINDER_SET_CONTEXT_MGR already set
[ 1365.129405] binder: 23228:23232 ioctl 40046207 0 returned -16
[ 1365.138809] loop3: p19 start 1 is beyond EOD, truncated
[ 1365.144332] binder_alloc: 23228: binder_alloc_buf, no vma
[ 1365.164954] binder_alloc: binder_alloc_mmap_handler: 23233 20001000-20004000 already mapped failed -16
[ 1365.165537] binder: undelivered TRANSACTION_ERROR: 29201
[ 1365.175909] loop3: p20 start 1 is beyond EOD, truncated
[ 1365.182617] binder: 23228:23230 transaction failed 29189/-3, size 24-8 line 2973
[ 1365.204178] loop3: p21 start 1 is beyond EOD, truncated
[ 1365.209358] binder: undelivered TRANSACTION_ERROR: 29189
[ 1365.215841] loop3: p22 start 1 is beyond EOD, truncated
[ 1365.229905] loop3: p23 start 1 is beyond EOD, truncated
[ 1365.238497] binder: undelivered TRANSACTION_ERROR: 29201
[ 1365.252877] loop3: p24 start 1 is beyond EOD, truncated
[ 1365.261086] loop3: p25 start 1 is beyond EOD, truncated
[ 1365.267365] loop3: p26 start 1 is beyond EOD, truncated
[ 1365.272972] loop3: p27 start 1 is beyond EOD, truncated
[ 1365.301358] loop3: p28 start 1 is beyond EOD, truncated
[ 1365.308488] loop3: p29 start 1 is beyond EOD, truncated
[ 1365.317273] loop3: p30 start 1 is beyond EOD, truncated
[ 1365.326652] loop3: p31 start 1 is beyond EOD, truncated
[ 1365.332285] loop3: p32 start 1 is beyond EOD, truncated
[ 1365.347010] loop3: p33 start 1 is beyond EOD, truncated
[ 1365.360340] loop3: p34 start 1 is beyond EOD, truncated
[ 1365.371615] loop3: p35 start 1 is beyond EOD, truncated
[ 1365.413131] loop3: p36 start 1 is beyond EOD, truncated
[ 1365.425130] loop3: p37 start 1 is beyond EOD, truncated
[ 1365.434505] loop3: p38 start 1 is beyond EOD, truncated
[ 1365.444808] loop3: p39 start 1 is beyond EOD, truncated
[ 1365.450237] loop3: p40 start 1 is beyond EOD, truncated
[ 1365.461292] loop3: p41 start 1 is beyond EOD, truncated
[ 1365.467360] loop3: p42 start 1 is beyond EOD, truncated
[ 1365.472739] loop3: p43 start 1 is beyond EOD, truncated
[ 1365.478675] loop3: p44 start 1 is beyond EOD, truncated
[ 1365.484066] loop3: p45 start 1 is beyond EOD, truncated
[ 1365.489528] loop3: p46 start 1 is beyond EOD, truncated
[ 1365.494965] loop3: p47 start 1 is beyond EOD, truncated
[ 1365.500343] loop3: p48 start 1 is beyond EOD, truncated
[ 1365.505871] loop3: p49 start 1 is beyond EOD, truncated
[ 1365.511255] loop3: p50 start 1 is beyond EOD, truncated
[ 1365.517718] loop3: p51 start 1 is beyond EOD, truncated
[ 1365.523099] loop3: p52 start 1 is beyond EOD, truncated
[ 1365.529294] loop3: p53 start 1 is beyond EOD, truncated
[ 1365.534920] loop3: p54 start 1 is beyond EOD, truncated
[ 1365.540405] loop3: p55 start 1 is beyond EOD, truncated
[ 1365.546017] loop3: p56 start 1 is beyond EOD, truncated
[ 1365.551574] loop3: p57 start 1 is beyond EOD, truncated
[ 1365.557102] loop3: p58 start 1 is beyond EOD, truncated
[ 1365.562494] loop3: p59 start 1 is beyond EOD, truncated
[ 1365.567952] loop3: p60 start 1 is beyond EOD, truncated
[ 1365.573345] loop3: p61 start 1 is beyond EOD, truncated
[ 1365.578867] loop3: p62 start 1 is beyond EOD, truncated
[ 1365.584282] loop3: p63 start 1 is beyond EOD, truncated
[ 1365.589767] loop3: p64 start 1 is beyond EOD, truncated
[ 1365.595298] loop3: p65 start 1 is beyond EOD, truncated
[ 1365.600746] loop3: p66 start 1 is beyond EOD, truncated
[ 1365.606220] loop3: p67 start 1 is beyond EOD, truncated
[ 1365.611610] loop3: p68 start 1 is beyond EOD, truncated
[ 1365.617107] loop3: p69 start 1 is beyond EOD, truncated
[ 1365.622494] loop3: p70 start 1 is beyond EOD, truncated
[ 1365.627961] loop3: p71 start 1 is beyond EOD, truncated
[ 1365.633351] loop3: p72 start 1 is beyond EOD, truncated
[ 1365.638810] loop3: p73 start 1 is beyond EOD, truncated
[ 1365.644202] loop3: p74 start 1 is beyond EOD, truncated
[ 1365.649673] loop3: p75 start 1 is beyond EOD, truncated
[ 1365.655743] loop3: p76 start 1 is beyond EOD, truncated
[ 1365.661286] loop3: p77 start 1 is beyond EOD, truncated
[ 1365.666873] loop3: p78 start 1 is beyond EOD, truncated
[ 1365.672285] loop3: p79 start 1 is beyond EOD, truncated
[ 1365.677747] loop3: p80 start 1 is beyond EOD, truncated
[ 1365.683144] loop3: p81 start 1 is beyond EOD, truncated
[ 1365.688613] loop3: p82 start 1 is beyond EOD, truncated
[ 1365.694093] loop3: p83 start 1 is beyond EOD, truncated
[ 1365.699575] loop3: p84 start 1 is beyond EOD, truncated
[ 1365.705040] loop3: p85 start 1 is beyond EOD, truncated
[ 1365.710666] loop3: p86 start 1 is beyond EOD, truncated
[ 1365.716147] loop3: p87 start 1 is beyond EOD, truncated
[ 1365.721545] loop3: p88 start 1 is beyond EOD, truncated
[ 1365.727116] loop3: p89 start 1 is beyond EOD, truncated
[ 1365.732502] loop3: p90 start 1 is beyond EOD, truncated
[ 1365.737976] loop3: p91 start 1 is beyond EOD, truncated
[ 1365.743356] loop3: p92 start 1 is beyond EOD, truncated
[ 1365.748795] loop3: p93 start 1 is beyond EOD, truncated
[ 1365.754175] loop3: p94 start 1 is beyond EOD, truncated
[ 1365.759618] loop3: p95 start 1 is beyond EOD, truncated
[ 1365.765141] loop3: p96 start 1 is beyond EOD, truncated
[ 1365.770518] loop3: p97 start 1 is beyond EOD, truncated
[ 1365.775963] loop3: p98 start 1 is beyond EOD, truncated
[ 1365.781347] loop3: p99 start 1 is beyond EOD, truncated
[ 1365.786809] loop3: p100 start 1 is beyond EOD, truncated
[ 1365.792282] loop3: p101 start 1 is beyond EOD, truncated
[ 1365.797853] loop3: p102 start 1 is beyond EOD, truncated
[ 1365.803332] loop3: p103 start 1 is beyond EOD, truncated
[ 1365.808870] loop3: p104 start 1 is beyond EOD, truncated
[ 1365.814354] loop3: p105 start 1 is beyond EOD, truncated
[ 1365.819878] loop3: p106 start 1 is beyond EOD, truncated
[ 1365.825386] loop3: p107 start 1 is beyond EOD, truncated
[ 1365.830848] loop3: p108 start 1 is beyond EOD, truncated
[ 1365.836387] loop3: p109 start 1 is beyond EOD, truncated
[ 1365.841849] loop3: p110 start 1 is beyond EOD, truncated
[ 1365.847385] loop3: p111 start 1 is beyond EOD, truncated
[ 1365.852850] loop3: p112 start 1 is beyond EOD, truncated
[ 1365.858356] loop3: p113 start 1 is beyond EOD, truncated
[ 1365.863820] loop3: p114 start 1 is beyond EOD, truncated
[ 1365.869325] loop3: p115 start 1 is beyond EOD, truncated
[ 1365.874844] loop3: p116 start 1 is beyond EOD, truncated
[ 1365.880294] loop3: p117 start 1 is beyond EOD, truncated
[ 1365.885829] loop3: p118 start 1 is beyond EOD, truncated
[ 1365.891298] loop3: p119 start 1 is beyond EOD, truncated
[ 1365.896839] loop3: p120 start 1 is beyond EOD, truncated
[ 1365.902318] loop3: p121 start 1 is beyond EOD, truncated
[ 1365.907839] loop3: p122 start 1 is beyond EOD, truncated
[ 1365.913306] loop3: p123 start 1 is beyond EOD, truncated
[ 1365.918871] loop3: p124 start 1 is beyond EOD, truncated
[ 1365.924363] loop3: p125 start 1 is beyond EOD, truncated
[ 1365.929887] loop3: p126 start 1 is beyond EOD, truncated
[ 1365.935395] loop3: p127 start 1 is beyond EOD, truncated
[ 1365.940903] loop3: p128 start 1 is beyond EOD, truncated
[ 1365.946440] loop3: p129 start 1 is beyond EOD, truncated
[ 1365.951918] loop3: p130 start 1 is beyond EOD, truncated
[ 1365.957450] loop3: p131 start 1 is beyond EOD, truncated
[ 1365.962925] loop3: p132 start 1 is beyond EOD, truncated
[ 1365.968544] loop3: p133 start 1 is beyond EOD, truncated
[ 1365.974026] loop3: p134 start 1 is beyond EOD, truncated
[ 1365.979594] loop3: p135 start 1 is beyond EOD, truncated
[ 1365.985120] loop3: p136 start 1 is beyond EOD, truncated
[ 1365.990646] loop3: p137 start 1 is beyond EOD, truncated
[ 1365.996233] loop3: p138 start 1 is beyond EOD, truncated
[ 1366.001700] loop3: p139 start 1 is beyond EOD, truncated
[ 1366.007243] loop3: p140 start 1 is beyond EOD, truncated
[ 1366.012715] loop3: p141 start 1 is beyond EOD, truncated
[ 1366.018239] loop3: p142 start 1 is beyond EOD, truncated
[ 1366.023710] loop3: p143 start 1 is beyond EOD, truncated
[ 1366.029234] loop3: p144 start 1 is beyond EOD, truncated
[ 1366.034755] loop3: p145 start 1 is beyond EOD, truncated
[ 1366.040223] loop3: p146 start 1 is beyond EOD, truncated
[ 1366.045753] loop3: p147 start 1 is beyond EOD, truncated
[ 1366.051219] loop3: p148 start 1 is beyond EOD, truncated
[ 1366.056767] loop3: p149 start 1 is beyond EOD, truncated
[ 1366.062274] loop3: p150 start 1 is beyond EOD, truncated
[ 1366.067798] loop3: p151 start 1 is beyond EOD, truncated
[ 1366.073271] loop3: p152 start 1 is beyond EOD, truncated
[ 1366.078884] loop3: p153 start 1 is beyond EOD, truncated
[ 1366.084362] loop3: p154 start 1 is beyond EOD, truncated
[ 1366.089903] loop3: p155 start 1 is beyond EOD, truncated
[ 1366.095405] loop3: p156 start 1 is beyond EOD, truncated
[ 1366.100854] loop3: p157 start 1 is beyond EOD, truncated
[ 1366.106397] loop3: p158 start 1 is beyond EOD, truncated
[ 1366.111862] loop3: p159 start 1 is beyond EOD, truncated
[ 1366.117372] loop3: p160 start 1 is beyond EOD, truncated
[ 1366.122844] loop3: p161 start 1 is beyond EOD, truncated
[ 1366.128363] loop3: p162 start 1 is beyond EOD, truncated
[ 1366.133827] loop3: p163 start 1 is beyond EOD, truncated
[ 1366.139350] loop3: p164 start 1 is beyond EOD, truncated
[ 1366.144853] loop3: p165 start 1 is beyond EOD, truncated
[ 1366.150303] loop3: p166 start 1 is beyond EOD, truncated
[ 1366.155925] loop3: p167 start 1 is beyond EOD, truncated
[ 1366.161395] loop3: p168 start 1 is beyond EOD, truncated
[ 1366.166908] loop3: p169 start 1 is beyond EOD, truncated
[ 1366.172379] loop3: p170 start 1 is beyond EOD, truncated
[ 1366.177901] loop3: p171 start 1 is beyond EOD, truncated
[ 1366.183364] loop3: p172 start 1 is beyond EOD, truncated
[ 1366.188880] loop3: p173 start 1 is beyond EOD, truncated
[ 1366.194349] loop3: p174 start 1 is beyond EOD, truncated
[ 1366.199857] loop3: p175 start 1 is beyond EOD, truncated
[ 1366.205376] loop3: p176 start 1 is beyond EOD, truncated
[ 1366.210847] loop3: p177 start 1 is beyond EOD, truncated
[ 1366.216370] loop3: p178 start 1 is beyond EOD, truncated
[ 1366.221831] loop3: p179 start 1 is beyond EOD, truncated
[ 1366.227337] loop3: p180 start 1 is beyond EOD, truncated
[ 1366.232801] loop3: p181 start 1 is beyond EOD, truncated
[ 1366.238320] loop3: p182 start 1 is beyond EOD, truncated
[ 1366.243797] loop3: p183 start 1 is beyond EOD, truncated
[ 1366.249313] loop3: p184 start 1 is beyond EOD, truncated
[ 1366.254814] loop3: p185 start 1 is beyond EOD, truncated
[ 1366.260262] loop3: p186 start 1 is beyond EOD, truncated
[ 1366.265781] loop3: p187 start 1 is beyond EOD, truncated
[ 1366.271243] loop3: p188 start 1 is beyond EOD, truncated
[ 1366.276801] loop3: p189 start 1 is beyond EOD, truncated
[ 1366.282273] loop3: p190 start 1 is beyond EOD, truncated
[ 1366.287797] loop3: p191 start 1 is beyond EOD, truncated
[ 1366.293266] loop3: p192 start 1 is beyond EOD, truncated
[ 1366.298791] loop3: p193 start 1 is beyond EOD, truncated
[ 1366.304264] loop3: p194 start 1 is beyond EOD, truncated
[ 1366.309788] loop3: p195 start 1 is beyond EOD, truncated
[ 1366.315304] loop3: p196 start 1 is beyond EOD, truncated
[ 1366.320787] loop3: p197 start 1 is beyond EOD, truncated
[ 1366.326300] loop3: p198 start 1 is beyond EOD, truncated
[ 1366.331766] loop3: p199 start 1 is beyond EOD, truncated
[ 1366.337283] loop3: p200 start 1 is beyond EOD, truncated
[ 1366.342794] loop3: p201 start 1 is beyond EOD, truncated
[ 1366.348304] loop3: p202 start 1 is beyond EOD, truncated
[ 1366.353780] loop3: p203 start 1 is beyond EOD, truncated
[ 1366.359316] loop3: p204 start 1 is beyond EOD, truncated
[ 1366.364831] loop3: p205 start 1 is beyond EOD, truncated
[ 1366.370323] loop3: p206 start 1 is beyond EOD, truncated
[ 1366.375839] loop3: p207 start 1 is beyond EOD, truncated
[ 1366.381323] loop3: p208 start 1 is beyond EOD, truncated
[ 1366.386833] loop3: p209 start 1 is beyond EOD, truncated
[ 1366.392303] loop3: p210 start 1 is beyond EOD, truncated
[ 1366.398949] loop3: p211 start 1 is beyond EOD, truncated
[ 1366.404418] loop3: p212 start 1 is beyond EOD, truncated
[ 1366.410038] loop3: p213 start 1 is beyond EOD, truncated
[ 1366.415560] loop3: p214 start 1 is beyond EOD, truncated
[ 1366.421021] loop3: p215 start 1 is beyond EOD, truncated
[ 1366.426553] loop3: p216 start 1 is beyond EOD, truncated
[ 1366.432037] loop3: p217 start 1 is beyond EOD, truncated
[ 1366.437589] loop3: p218 start 1 is beyond EOD, truncated
[ 1366.443080] loop3: p219 start 1 is beyond EOD, truncated
[ 1366.448659] loop3: p220 start 1 is beyond EOD, truncated
[ 1366.454140] loop3: p221 start 1 is beyond EOD, truncated
[ 1366.459695] loop3: p222 start 1 is beyond EOD, truncated
[ 1366.465226] loop3: p223 start 1 is beyond EOD, truncated
[ 1366.470699] loop3: p224 start 1 is beyond EOD, truncated
[ 1366.476424] loop3: p225 start 1 is beyond EOD, truncated
[ 1366.481898] loop3: p226 start 1 is beyond EOD, truncated
[ 1366.487453] loop3: p227 start 1 is beyond EOD, truncated
[ 1366.492972] loop3: p228 start 1 is beyond EOD, truncated
[ 1366.498703] loop3: p229 start 1 is beyond EOD, truncated
[ 1366.504172] loop3: p230 start 1 is beyond EOD, truncated
[ 1366.509755] loop3: p231 start 1 is beyond EOD, truncated
[ 1366.515277] loop3: p232 start 1 is beyond EOD, truncated
[ 1366.520733] loop3: p233 start 1 is beyond EOD, truncated
[ 1366.526264] loop3: p234 start 1 is beyond EOD, truncated
[ 1366.531731] loop3: p235 start 1 is beyond EOD, truncated
[ 1366.537250] loop3: p236 start 1 is beyond EOD, truncated
[ 1366.542757] loop3: p237 start 1 is beyond EOD, truncated
[ 1366.548272] loop3: p238 start 1 is beyond EOD, truncated
[ 1366.553742] loop3: p239 start 1 is beyond EOD, truncated
[ 1366.559476] loop3: p240 start 1 is beyond EOD, truncated
[ 1366.565088] loop3: p241 start 1 is beyond EOD, truncated
[ 1366.570553] loop3: p242 start 1 is beyond EOD, truncated
[ 1366.576075] loop3: p243 start 1 is beyond EOD, truncated
[ 1366.581546] loop3: p244 start 1 is beyond EOD, truncated
[ 1366.587117] loop3: p245 start 1 is beyond EOD, truncated
[ 1366.592584] loop3: p246 start 1 is beyond EOD, truncated
[ 1366.598111] loop3: p247 start 1 is beyond EOD, truncated
[ 1366.603590] loop3: p248 start 1 is beyond EOD, truncated
[ 1366.609157] loop3: p249 start 1 is beyond EOD, truncated
[ 1366.614712] loop3: p250 start 1 is beyond EOD, truncated
[ 1366.620183] loop3: p251 start 1 is beyond EOD, truncated
[ 1366.625755] loop3: p252 start 1 is beyond EOD, truncated
[ 1366.631234] loop3: p253 start 1 is beyond EOD, truncated
[ 1366.636845] loop3: p254 start 1 is beyond EOD, truncated
[ 1366.642324] loop3: p255 start 1 is beyond EOD, truncated
[ 1366.775128] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
[ 1366.784077] print_req_error: 23 callbacks suppressed
[ 1366.784088] print_req_error: I/O error, dev loop3, sector 0
[ 1366.796115] print_req_error: I/O error, dev loop3, sector 0
[ 1366.801839] buffer_io_error: 20 callbacks suppressed
[ 1366.801845] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.814503] print_req_error: I/O error, dev loop3, sector 0
[ 1366.820325] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.827931] print_req_error: I/O error, dev loop3, sector 0
[ 1366.833677] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.841347] print_req_error: I/O error, dev loop3, sector 0
[ 1366.847158] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.854714] print_req_error: I/O error, dev loop3, sector 0
[ 1366.860503] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.868063] print_req_error: I/O error, dev loop3, sector 0
[ 1366.873798] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.881432] print_req_error: I/O error, dev loop3, sector 0
[ 1366.887215] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.894901] print_req_error: I/O error, dev loop3, sector 0
[ 1366.900651] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.908197] print_req_error: I/O error, dev loop3, sector 0
[ 1366.913933] Buffer I/O error on dev loop3p2, logical block 0, async page read
[ 1366.921488] Buffer I/O error on dev loop3p2, logical block 0, async page read
21:37:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x04', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:38 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r3 = getuid()
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000001540)={{{@in=@multicast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@empty}, 0x0, @in6=@local}}, &(0x7f0000000180)=0xe8)
syz_mount_image$f2fs(&(0x7f00000000c0)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x2, &(0x7f0000000140)=[{&(0x7f0000000440)="698498c754305b06414a63e88a7dd162fafaa45cc64841417f10d3206f49e1139d267cb34e306a6165584f853c23bb8aa606923e20b255d22e1705bd418b5ef1df8e1670e7d9d2e6ea127476fe2e9704770e680f1c4312054d6c64d6016abe8626ccf31ad539725e8b56bbb5336886e554a4e32e169ce7b400698415011c9a18e31b4237e6b6af3b545bb347751bae9d0447ccb0db55050ae3a062c094b80c9f878b3be57aaf012b2de44b71f765c74c057fc0f5095fb2daa9a6cb4722245512461681fd90b31dec7d69447ac12550e6499cb8988771915ce956d2b0", 0xdc, 0x2}, {&(0x7f0000000540)="9d44a9155b1b3ac140bc2b7fb32ddfe56dbafb70ad41e281c0bf2fbe2f06d8f8d3e5de75a6324a0eb663bc4709cbd42eac8ab80750bf45b7893641ef4945e71d7eb90e66a11319a600c1b33d20bde37abd03ab6d01eb94eb45518df84f6961e5de40b4e3a8a02c325e76c9207bf161b5a361c4dbd0b2a5a5cd808531150d10ac33048ef0e8100c609cd714a8175baa7dc31788a92f2e51a84e51aad4421216a0a31455de3a5cdf9c2da8d43ee05d858d09797137afb8084317abb13577061eb320f0a459a39e892d240e7544e10c0ce8c30b404937409d49aae7e87e38f40c8e0d7a44db595667c756cfe55e3ac66ddca96be842a361bbf748ec04b1d96e1eca2ae8da30c911dc80a7aec235df5a19e3491109725da2b50284942f3f81992c2cece26a41d3ae4c25ce7474c9f89a141cc96002903ae8089f2ef99a48505c0b59939c922ff9ea050f1b01f77213f627c429e52287ab6509af1f232a7e05fcc3f7146d55bd2add97064b0cce8ebb83d224c9de46c6fd24bb1ecedc71a58aff892809d3bdca1c1b158d2f4a52e82b10b16c737c45d070f9e42cd0e5b927453ed85dccf482e90e887dd6e4720d347b48a554c0566a280d51619cdeb906c61e6e73f675e24b5722c12d7e424642b6ad856e2dd06403a9a60f03602e8fcdfc6aadff26befc7e9fd58efb537d126eced3ddd83ba5a962f9dbc2db7cc8736afd415609a5c25f1b2397ff14026d649aa1b5213acea680eee41469739d1460ba62bd6b95fe5ef91235a042ed27faea5c7b45005a22354b9444ea7a799348f3ca87100e1b12ad7d7dee0ea42d836053498191ed14a3e0042dee1850bdb5636ef2be529916c509d3fb7ea3e627496c4aa3deace5e130b110de03ff0d5e58c67bcafd95937ca509a853ecf8473371828b237a715e2e36b2c1db0d8a61d29ec4713a9b2d122d302681e3e6e3899fe4ee8423d9e528b89561786184d5a274c327726b5c9edd2e8494743a12c83a83c013a7da81b87f24165739bd1c09c866faffc77758c4bd32a2315e55ebbab2709f374237e557142bc33e46a5aecd26374aa427e7b1e0ea7d7c4ffa889c56ba5e09249db24a5bc7e4121e3497cbdc9f432cae1f9a12a7d3d45abf4bd991829e9698ab89a49b6ec954590a9e434a753d8c980ee3699470528f679d7a26ed9b5141cf632d51054e7debc47e96bf2150c99c756f640423efb0b83f8cba35f7fff5d0656325a4d2196b7d60d61345582159e9abde9b8a2477d812ce131b51b2b14c332dcd3b45c297aab045050b388ed501e6616b1dd374d67cb7c1d245f1d4f88f71eea0bbe34d9155d7571649098f4cec39be08190229d6a920cd03b6368c626ca9bfcff60026e07001f762db3b37378459529c844d648141a82dea1504da371e56964552afa368752aa51f772ec6e59edf4185f06a7d233072f8b7c130b4364bfd1cbdb25c63fa863f3ed2b92395eeb8573cc22b64d0b9cebd59f56a8bba8c0a1e8572f0d547981601a5bfc2f580a086fec52778860e496eef1256893e18d9719009ab7db13d72488d3411ff7401af77cd0943ce2b925c5722ad2499b9572065cb09da0a05ba45297f5fc07a9e4a617393e4c51e88613daf6adb59e948e59b0f80e4963a17d025d2fb4719a7603b2c2be07b2097c255d1b2bc5dc383fa4632028546b5b59e6561eb2098c600340a24b545d45c927a35e7a81ae02a11c7ac767336a509abf7ae0eb7dad1dde2b93599c0c4703a99f396b95c150a9fb6c8347f6bf5dbddbffebec2b0785befc5228e3b0abd1a077fedddb696a65127025e12508483cec5a9ca50a6dcc6d37019450557ab0f258e290efa40280ad4b20dccecd071786ae39cad1c50dde51493b2879583f3041e4dea499904cab9330314aeaf33112536085f5dde2375312e59fb370c3f10bc3531932e9227efc4dd2f999ccabc0e80f2a7f5188659406a41e1bc6496f763917a29741cad8e19843eaa9a0b21e8f80c3e6e69baf62a9108747a9c34be2327a78fc700cf8722b43998c24095fc8c6dfb43a8729d10d2bc773af382a44a10ce78f5abbad98d151a2bac53fcf83400f51aa9fa006593a16508f1f36f6ae9065f1f144193cf6f872086eded2f946b81cdee92ab7f5c8b406aa21b16d8449d3565cd60f9b133d53b7a714ba1e19a1a1eacf85dd5eacd7f328dedbc9a3191aafe89428ce7c8d2a0f9c7a9ca8aa6a5a772016ade1b8f4fef6b421f6dafee44047029c414ee31002e5ef90bcf2a978cbeb4d9894a70fd8db10f2f70d8aa32da934e1352ab2773dd810e966de9ef89b06e583d2c7ae78df62818662d9797522f8a83144a421d0bc6d155169a5fac6d76f1a016e9046affbbb4c48fbf4300a01aaca7e7bd33b7f47703641aa45efdb8b50d30b431520c783d41d0b0e84a98364245735a773e11d405f968f56a9bd4addac5afdcd852ffb0751eb79479ec27f24659a893d9dfc78262a2430b4062da3b5506f88644b64e5864f44182689f944d6ac09761480f296ed42e3dfdc8659f101f76a0bbac8215971795c15b12384bd5ebbfd0638155f05020b5274c6e17cd62de071e352f4c37de77e158d39887ac43dc3f683771a5780f25094c814cbf237722c36f6505a2d4edefc3ded655fa954d26c8c872f391ca5edb4447b58098da08442a17d1e11855f1c3845dd469dd02348f07196762bba3f6883650233ae0a4643efffcfb7e2edfca2816af3a2b2d123303fae5a53437efb398c07f7dc2c258af4f4dbecd1ec69315d29b789649fd5a35c5f41eece962e63a0b6531958e17e43401ff53f44c1f332a5a5f3ad2374c573844d128415601c71c5e03383bd3248633142e51b4d2484981788d344c80bafe0ffa782d9f150bb61ee087a97b1b2bdf2a4af72e92a5f082c67ea7eab438bbe8445a2f4419b1573def252cafed086634430aecb4eb0d7b5656e4c11a303e6187374be4673d4970e0074efe02dec086b741af5e0c56c91c25d49a6673ee9d6298671558293cc6fe5408c22a3d5021f7dc30684475c1d0c97b97de0ed134721ac96cb242b45a5ec8e02792bc4b079ff384a8dc010983467e4af3e6f4797090eacee968af28c0106d5fe0f98610ba0a56c59ff1b7d36fefa5347d65a8efef566cf433429d60107945397096e131e68038870ba31d314a67d1efdc6323cb5e2d256a13bf84139e376a2bfafbb075d432e3bace2ae4e71246c10182d02292f77fd4c4a0dfbb160fe88a3dc185dda7d8ab7e73b31d2a2c5ff22284f35fb03791c6b362226fbd52a6d1b6c587c0e69d55500c69c2090a0b1d6cb108b30dddc129d92f587a9cb27f8ecbd5feb8f927cc5b92199ddc3d436aabf398c844fc90816a7e55d4220246c05466f28afa03d8633b533c73b7deb613d5bfdc956b9d848650886cccc8ef38a8f617c0199c4d065b3f4c3f7da774d178e3a696a75709eb90e48f4c3760e744387a29be8d70fd3275c530b462f1add8142d63e45a4fa3d85c66b5a0a3eb68ba29c600b90410c1ad5e6f873175395e5a6f4128ce37fdf5f4b69ac3826d1613bc8494050bc87813b447063fd189a912bb8091cc16345311aaeaa1014416bdc810891c4935759a4250a055b9d88313ed9d8934d57b9f0f5cfe73f1d606b338a83b1616c1d85c8f589046c5a9aae86321c2b19ec505e11fe6fab9d4a2a745ad94324c621f33cd66b64518954d5f626ca9ee6652d6145777462d734c16912897556be380b7aab6a8cba60b9d955e7f1e1931d96545e8b909a2ed8d9bf73b80cde723d0c42cfdcbbb984d718eb6bcb0d7b4a423b5726d16fd5d683699a1d477c98cdc0fc254879df5560bca506a468de7bef49b01974f9328d670201228c81c7849d615db2cb7ec1d79e1287d5d91d00b2fdd7cf9907c51e31e92e1d18a509e287c12b4cd0a08f6c9ba40fb558e482a49171c40cb1250feae6c8c24d8f10ebbf2583b7c90fe2cf62ed92165f5f7c6e408759b7f79c27eb2da42323ff7c2ae0bc5b14eae03790fec36f18de4f3295d115755da857ee7b1b5c0b324ef73eb14bea7e83461e808f0ffddd05cceecb75c766f927b44922320b59e89493c986911ff4228bffd4edc13d5dc54ed061eca894545c182cad6a23b9d16590337d250f880efdb6cd7aa1c0a6f7af03f43dda761fe89d7f3403c7534b0d89859764abe0f374d893432ee8a70260f252ac3c9b23eb1b50cf687035b1dcb9a85d87648a63e68902d7e4801f42249960039ac744f9b80fa2e5cacd5b7c2228aa1ff31b1ea2a59c043d8d493baa9189fe979d22e1008f812f9f4f65b63b16000b54a248aa1c6a8128d50966a8aa0c0fbe1e252548d53ff68ca6d68df74587b9a0635881a959ab24cc39f627f33c78e7387a1a1c72837e86a1f218fd7d1b00de12aa728a87696742414da6e8b89b029c874fb2b2e4474bdd16269c52eff3d431088bafdd030ce1a3e7f1b988dc898baf8ee2a9ef671ec25ede0b1f4d3ca7b2332dbc8dfdd247ec1ed80d8988cafffcbf6a69fc9e17d385ca1b28d0b9cb0fd2a5674aa13e585ec0f92bc2455606f439b661db1efc3aa207be03bef860903e1e86c3d9877d95adad60621f0773fad11c5974091750ca7265c82c107e48eeaae2ceb848dd4a4afd069671efe21d8d2837dbad7138ee86e9b010e64678d4700d1a776072012730288d184ee08b64be201a7b60b7f9b8ed02ead670628522eb91dc9976c01f57b1da9cb483fdf4895976176f57b2fb3e5ab65a6e22a3f99f2fb84aaac0669722c18c660647dd4ef9ae0c87ac72225fcb7f0a1e08b4054a581dc875f965499d31c3d0066160cdef9c45af66c1c32edaff59715d690daff955b0c7a73fd2a2e2161a47cb2d73c8eb56de3b7b214bfbfbc083a36d517c70656803d64bf7e1b9612b4f63bdf44d51376148cafdafab24396cb42fb5ca10e00b6798025e124b05a4a58d5aa63a3a0393e621dd8be3c5a44b74263a0209788ecc6197a4b281f9a7863c504271538ee98b200985a281c2bc86a7c05ad5a415b5f3b970d835c16144e5e4cf7a5e88a42975618b727e1cca0cbe9c4b1b33ede7b760b1168ae9c2c8e82c842cd39bfdbe64f2a475003b4c9d0187644169da4faa5ebb40057b9eb17f5ace09e100525eabafed3549c14249325d898833410d959587430534b40c8301246b09d7d99b46ddcd7bf2f229d824079a7ed606f3c68308375be6e1dd6907252ba07449049629a2f3d7ec8229aeefa9fccf54a998ce6d2f9cc65871ef198dcbbe867339faf5ae9f23692df30672c347946c55728b30c42ad9b417551d0c062b5b013c7995d39dcbda68e7e113b1dd04f4f50bb45fb984355950d08de410a99053921dcc0248da06f217876194641cfbe635ae0fe60c9c8c6f93562fec3b09cc63eaef06914401665b0bfaadaa8ea79c70311086d7286247ac8a159faa0931f6518a4449f88ba60cef2b5b9232e45ddbe038e6f682abb80e2cadd15f57cee3957a5bd25148005c3f8c7c48783d474c32a83954f3912138a514845d426438a2bb4384b9a0c0595c7620fbf1355f2f7d4afadd581cc2b00ba962e05794deb34ef426e220b0a3b85a810cc0a55cf93cb0ba205a0b3aa362b8cd9c82f7a4ccc46f46412f80d10f9f164a7e866454f99b8ba02b8a058d47f3b9b3e97b86e6790fe81cd4d6202578fc91821a7609c6bbdecf25064a5abdc6fed14db52019af9853948fe70b0f438f8d2d4d20b03f1bf9056ca59c1415c12953c55a7c6a1b6dad8c45d65d117501cdda59fdb3c0dc212d9bd63e05d09f0ebc5", 0x1000, 0x3}], 0x0, &(0x7f0000001640)={[{@background_gc_on='background_gc=on'}, {@nouser_xattr='nouser_xattr'}, {@adaptive_mode='mode=adaptive'}, {@whint_mode_user='whint_mode=user-based'}, {@noinline_dentry='noinline_dentry'}, {@background_gc_sync='background_gc=sync'}, {@four_active_logs='active_logs=4'}, {@grpquota={'grpquota'}}, {@whint_mode_fs='whint_mode=fs-based'}], [{@hash='hash'}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x33, 0x0, 0x36, 0x0, 0x76, 0x31, 0x66], 0x2d, [0x7b, 0x64, 0x38, 0x37], 0x2d, [0x36, 0x64, 0x0, 0x31], 0x2d, [0x35, 0x77, 0x3f, 0x62], 0x2d, [0x0, 0x0, 0x0, 0x31, 0x66, 0x30, 0x64, 0x63]}}}, {@euid_gt={'euid>', r3}}, {@uid_gt={'uid>', r4}}, {@pcr={'pcr', 0x3d, 0x36}}]})

21:37:38 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x6000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:38 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x6c)

21:37:38 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000000))
read$FUSE(r0, &(0x7f0000000080), 0x152)
pwritev(r0, &(0x7f0000001200)=[{&(0x7f0000001080)="b6c352e939e23d303efdc159c1b277d2503983bd40071d779d17dfb879184d2049d7ae3039ca88a2dd530a55d4ab3aa20060507f7e6b9a35bedcf854ad373c245917c29735845f93ce768544462a6f6140eb79496adc260e2c0057e4756392f4c97875c25ed771f3d9e4c5f623b10c524b17", 0x72}, {&(0x7f0000001100)="bf3d1cd0e9502233e6dabc9ab0dca8130b8927b1072952f312ce0b9668647437d4c980a99793ba44c0429937c716663aa7062f19b27971b3d5e4d5decdd940134fa697cca42bb68f861048cda68dbf5ec84c4d24b9695b5b4af11ee2577d5ef6885f4314119036b297e7ac9c51e02be27c3fc9352b9a9f48e55aab959fd1237aca0468b82458bb4eaf754d767118e8fc228d93865a7bd496ba771891c2a6cb2c13337a7693fb76823269beca35e149528e7d5b851e7aed1d2857e05086f074d9611055f4bd", 0xc5}], 0x2, 0x0)

21:37:38 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1367.642276] binder: release 23255:23265 transaction 6331 out, still active
[ 1367.649838] binder_alloc: 23255: binder_alloc_buf, no vma
[ 1367.659004] binder_alloc: binder_alloc_mmap_handler: 23253 20001000-20004000 already mapped failed -16
[ 1367.660610] binder: unexpected work type, 4, not freed
[ 1367.681694] binder: 23255:23265 transaction failed 29189/-3, size 0-0 line 2973
[ 1367.698516]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1367.698528] loop3: partition table partially beyond EOD, 
[ 1367.701818] binder: undelivered TRANSACTION_COMPLETE
21:37:38 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x1300]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1367.797344] truncated
[ 1367.800430] loop3: p1 start 1 is beyond EOD, truncated
[ 1367.806571] loop3: p2 size 2 extends beyond EOD, truncated
[ 1367.813688] binder_alloc: binder_alloc_mmap_handler: 23255 20001000-20004000 already mapped failed -16
21:37:38 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x400000000000)

[ 1367.850978] loop3: p3 start 201 is beyond EOD, truncated
[ 1367.864798] binder: BINDER_SET_CONTEXT_MGR already set
[ 1367.866433] loop3: p4 start 301 is beyond EOD, truncated
[ 1367.883508] binder: 23255:23265 ioctl 40046207 0 returned -16
[ 1367.905155] loop3: p5 start 1 is beyond EOD, truncated
[ 1367.922679] loop3: p6 start 1 is beyond EOD, truncated
[ 1367.936173] loop3: p7 start 1 is beyond EOD, truncated
[ 1367.943452] binder_alloc: 23255: binder_alloc_buf, no vma
21:37:38 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x3f00]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1367.954762] loop3: p8 start 1 is beyond EOD, truncated
[ 1367.964445] binder_alloc: binder_alloc_mmap_handler: 23277 20ffd000-21000000 already mapped failed -16
[ 1367.974865] loop3: p9 start 1 is beyond EOD, truncated
[ 1367.980391] binder: 23255:23278 transaction failed 29189/-3, size 24-8 line 2973
[ 1367.988596] loop3: p10 start 1 is beyond EOD, truncated
[ 1367.996840] binder_alloc: binder_alloc_mmap_handler: 23277 20001000-20004000 already mapped failed -16
[ 1367.996978] loop3: p11 start 1 is beyond EOD, truncated
[ 1368.020098] binder: 23255:23270 got transaction to invalid handle
[ 1368.035129] loop3: p12 start 1 is beyond EOD, truncated
[ 1368.040925] binder: undelivered TRANSACTION_ERROR: 29189
[ 1368.056079] binder: 23255:23270 transaction failed 29201/-22, size 0-0 line 2834
[ 1368.070071] loop3: p13 start 1 is beyond EOD, truncated
[ 1368.084969] loop3: p14 start 1 is beyond EOD, truncated
[ 1368.097010] binder: undelivered TRANSACTION_ERROR: 29189
[ 1368.103257] binder_alloc: binder_alloc_mmap_handler: 23277 20ffd000-21000000 already mapped failed -16
[ 1368.118555] binder: send failed reply for transaction 6331, target dead
[ 1368.121085] loop3: p15 start 1 is beyond EOD, truncated
[ 1368.130976] loop3: p16 start 1 is beyond EOD, truncated
[ 1368.130992] loop3: p17 start 1 is beyond EOD, truncated
[ 1368.131006] loop3: p18 start 1 is beyond EOD, truncated
[ 1368.131019] loop3: p19 start 1 is beyond EOD, truncated
[ 1368.131032] loop3: p20 start 1 is beyond EOD, truncated
[ 1368.131046] loop3: p21 start 1 is beyond EOD, truncated
[ 1368.131059] loop3: p22 start 1 is beyond EOD, truncated
[ 1368.131072] loop3: p23 start 1 is beyond EOD, truncated
[ 1368.131085] loop3: p24 start 1 is beyond EOD, truncated
[ 1368.131098] loop3: p25 start 1 is beyond EOD, truncated
[ 1368.131110] loop3: p26 start 1 is beyond EOD, truncated
[ 1368.131123] loop3: p27 start 1 is beyond EOD, truncated
[ 1368.131136] loop3: p28 start 1 is beyond EOD, truncated
21:37:39 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x820a6a296000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1368.131149] loop3: p29 start 1 is beyond EOD, truncated
[ 1368.131162] loop3: p30 start 1 is beyond EOD, truncated
[ 1368.131175] loop3: p31 start 1 is beyond EOD, truncated
[ 1368.131189] loop3: p32 start 1 is beyond EOD, truncated
[ 1368.131202] loop3: p33 start 1 is beyond EOD, truncated
[ 1368.131215] loop3: p34 start 1 is beyond EOD, truncated
[ 1368.131228] loop3: p35 start 1 is beyond EOD, truncated
[ 1368.131241] loop3: p36 start 1 is beyond EOD, truncated
[ 1368.131254] loop3: p37 start 1 is beyond EOD, truncated
[ 1368.131267] loop3: p38 start 1 is beyond EOD, truncated
21:37:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
preadv(0xffffffffffffff9c, &(0x7f0000000180)=[{&(0x7f0000000140)=""/46, 0x2e}], 0x1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ftruncate(r0, 0xffffffffffffffff)
r2 = dup3(r1, r0, 0x0)
ioctl$VIDIOC_SUBDEV_S_EDID(r2, 0xc0285629, &(0x7f0000000100)={0x0, 0x8, 0x100000000, [], &(0x7f00000000c0)=0x8})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1368.131280] loop3: p39 start 1 is beyond EOD, truncated
[ 1368.131293] loop3: p40 start 1 is beyond EOD, truncated
[ 1368.131307] loop3: p41 start 1 is beyond EOD, truncated
[ 1368.131320] loop3: p42 start 1 is beyond EOD, truncated
[ 1368.131333] loop3: p43 start 1 is beyond EOD, truncated
[ 1368.131346] loop3: p44 start 1 is beyond EOD, truncated
[ 1368.131359] loop3: p45 start 1 is beyond EOD, truncated
[ 1368.131373] loop3: p46 start 1 is beyond EOD, truncated
[ 1368.131386] loop3: p47 start 1 is beyond EOD, truncated
[ 1368.131409] loop3: p48 start 1 is beyond EOD, truncated
[ 1368.131422] loop3: p49 start 1 is beyond EOD, truncated
[ 1368.131435] loop3: p50 start 1 is beyond EOD, truncated
[ 1368.131448] loop3: p51 start 1 is beyond EOD, truncated
[ 1368.131461] loop3: p52 start 1 is beyond EOD, truncated
[ 1368.131474] loop3: p53 start 1 is beyond EOD, truncated
[ 1368.131487] loop3: p54 start 1 is beyond EOD, truncated
[ 1368.131500] loop3: p55 start 1 is beyond EOD, truncated
[ 1368.131514] loop3: p56 start 1 is beyond EOD, truncated
21:37:39 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x12000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1368.131527] loop3: p57 start 1 is beyond EOD, truncated
[ 1368.131540] loop3: p58 start 1 is beyond EOD, truncated
[ 1368.131553] loop3: p59 start 1 is beyond EOD, truncated
[ 1368.131566] loop3: p60 start 1 is beyond EOD, truncated
[ 1368.131580] loop3: p61 start 1 is beyond EOD, truncated
[ 1368.131593] loop3: p62 start 1 is beyond EOD, truncated
[ 1368.131606] loop3: p63 start 1 is beyond EOD, truncated
[ 1368.131619] loop3: p64 start 1 is beyond EOD, truncated
[ 1368.131655] loop3: p65 start 1 is beyond EOD, truncated
[ 1368.131668] loop3: p66 start 1 is beyond EOD, truncated
[ 1368.131681] loop3: p67 start 1 is beyond EOD, truncated
[ 1368.131695] loop3: p68 start 1 is beyond EOD, truncated
[ 1368.131708] loop3: p69 start 1 is beyond EOD, truncated
[ 1368.131721] loop3: p70 start 1 is beyond EOD, truncated
[ 1368.131734] loop3: p71 start 1 is beyond EOD, truncated
[ 1368.131748] loop3: p72 start 1 is beyond EOD, truncated
[ 1368.131760] loop3: p73 start 1 is beyond EOD, truncated
[ 1368.131773] loop3: p74 start 1 is beyond EOD, truncated
[ 1368.131785] loop3: p75 start 1 is beyond EOD, truncated
[ 1368.131798] loop3: p76 start 1 is beyond EOD, truncated
[ 1368.131816] loop3: p77 start 1 is beyond EOD, truncated
[ 1368.148402] loop3: p78 start 1 is beyond EOD, truncated
[ 1368.171508] binder: undelivered TRANSACTION_ERROR: 29201
[ 1368.177502] loop3: p79 start 1 is beyond EOD, truncated
[ 1368.253411] loop3: p80 start 1 is beyond EOD, truncated
[ 1368.318363] loop3: p81 start 1 is beyond EOD, truncated
[ 1368.354821] binder: release 23290:23292 transaction 6338 out, still active
[ 1368.399340] binder_alloc: 23290: binder_alloc_buf, no vma
[ 1368.467815] loop3: p82 start 1 is beyond EOD, truncated
[ 1368.534857] binder: unexpected work type, 4, not freed
[ 1368.562859] loop3: p83 start 1 is beyond EOD, truncated
[ 1368.564712] binder: undelivered TRANSACTION_COMPLETE
[ 1368.569086] loop3: p84 start 1 is beyond EOD, truncated
[ 1368.579279] loop3: p85 start 1 is beyond EOD, truncated
[ 1368.585866] loop3: p86 start 1 is beyond EOD, truncated
[ 1368.591405] loop3: p87 start 1 is beyond EOD, truncated
[ 1368.597371] loop3: p88 start 1 is beyond EOD, truncated
[ 1368.601475] binder: 23290:23292 transaction failed 29189/-3, size 0-0 line 2973
[ 1368.611369] loop3: p89 start 1 is beyond EOD, truncated
[ 1368.625295] binder_alloc: binder_alloc_mmap_handler: 23290 20001000-20004000 already mapped failed -16
[ 1368.635250] loop3: p90 start 1 is beyond EOD, truncated
[ 1368.640765] loop3: p91 start 1 is beyond EOD, truncated
[ 1368.643420] binder: BINDER_SET_CONTEXT_MGR already set
[ 1368.646300] loop3: p92 start 1 is beyond EOD, truncated
[ 1368.651839] binder: 23290:23292 ioctl 40046207 0 returned -16
[ 1368.657058] loop3: p93 start 1 is beyond EOD, truncated
[ 1368.657072] loop3: p94 start 1 is beyond EOD, truncated
[ 1368.657084] loop3: p95 start 1 is beyond EOD, truncated
[ 1368.657096] loop3: p96 start 1 is beyond EOD, truncated
[ 1368.657108] loop3: p97 start 1 is beyond EOD, truncated
[ 1368.657120] loop3: p98 start 1 is beyond EOD, truncated
[ 1368.657132] loop3: p99 start 1 is beyond EOD, truncated
[ 1368.667108] binder_alloc: 23290: binder_alloc_buf, no vma
[ 1368.668845] loop3: p100 start 1 is beyond EOD, truncated
[ 1368.674453] binder: 23290:23293 transaction failed 29189/-3, size 24-8 line 2973
[ 1368.679605] loop3: p101 start 1 is beyond EOD, truncated
[ 1368.685764] binder: 23290:23304 ioctl c0285629 20000100 returned -22
[ 1368.690378] loop3: p102 start 1 is beyond EOD, truncated
[ 1368.696281] binder: undelivered TRANSACTION_ERROR: 29189
[ 1368.702282] loop3: p103 start 1 is beyond EOD, truncated
[ 1368.709062] binder: undelivered TRANSACTION_ERROR: 29189
[ 1368.714684] loop3: p104 start 1 is beyond EOD, truncated
[ 1368.720499] binder: send failed reply for transaction 6338, target dead
[ 1368.739231] loop3: p105 start 1 is beyond EOD, truncated
[ 1368.760468] loop3: p106 start 1 is beyond EOD, truncated
[ 1368.771959] loop3: p107 start 1 is beyond EOD, truncated
[ 1368.783143] loop3: p108 start 1 is beyond EOD, truncated
[ 1368.788809] loop3: p109 start 1 is beyond EOD, truncated
[ 1368.794385] loop3: p110 start 1 is beyond EOD, truncated
[ 1368.800211] loop3: p111 start 1 is beyond EOD, truncated
[ 1368.805822] loop3: p112 start 1 is beyond EOD, truncated
[ 1368.811295] loop3: p113 start 1 is beyond EOD, truncated
[ 1368.816803] loop3: p114 start 1 is beyond EOD, truncated
[ 1368.822267] loop3: p115 start 1 is beyond EOD, truncated
[ 1368.828569] loop3: p116 start 1 is beyond EOD, truncated
[ 1368.834025] loop3: p117 start 1 is beyond EOD, truncated
[ 1368.839544] loop3: p118 start 1 is beyond EOD, truncated
[ 1368.845066] loop3: p119 start 1 is beyond EOD, truncated
[ 1368.850530] loop3: p120 start 1 is beyond EOD, truncated
[ 1368.856056] loop3: p121 start 1 is beyond EOD, truncated
[ 1368.861521] loop3: p122 start 1 is beyond EOD, truncated
[ 1368.867035] loop3: p123 start 1 is beyond EOD, truncated
[ 1368.872499] loop3: p124 start 1 is beyond EOD, truncated
[ 1368.878019] loop3: p125 start 1 is beyond EOD, truncated
[ 1368.883500] loop3: p126 start 1 is beyond EOD, truncated
[ 1368.889003] loop3: p127 start 1 is beyond EOD, truncated
[ 1368.894476] loop3: p128 start 1 is beyond EOD, truncated
[ 1368.899981] loop3: p129 start 1 is beyond EOD, truncated
[ 1368.905488] loop3: p130 start 1 is beyond EOD, truncated
[ 1368.910936] loop3: p131 start 1 is beyond EOD, truncated
[ 1368.916486] loop3: p132 start 1 is beyond EOD, truncated
[ 1368.921968] loop3: p133 start 1 is beyond EOD, truncated
[ 1368.927475] loop3: p134 start 1 is beyond EOD, truncated
[ 1368.932943] loop3: p135 start 1 is beyond EOD, truncated
[ 1368.938448] loop3: p136 start 1 is beyond EOD, truncated
[ 1368.943920] loop3: p137 start 1 is beyond EOD, truncated
[ 1368.949444] loop3: p138 start 1 is beyond EOD, truncated
[ 1368.955594] loop3: p139 start 1 is beyond EOD, truncated
[ 1368.961079] loop3: p140 start 1 is beyond EOD, truncated
[ 1368.966618] loop3: p141 start 1 is beyond EOD, truncated
[ 1368.972130] loop3: p142 start 1 is beyond EOD, truncated
[ 1368.977795] loop3: p143 start 1 is beyond EOD, truncated
[ 1368.983260] loop3: p144 start 1 is beyond EOD, truncated
[ 1368.988764] loop3: p145 start 1 is beyond EOD, truncated
[ 1368.994228] loop3: p146 start 1 is beyond EOD, truncated
[ 1368.999733] loop3: p147 start 1 is beyond EOD, truncated
[ 1369.005243] loop3: p148 start 1 is beyond EOD, truncated
[ 1369.010693] loop3: p149 start 1 is beyond EOD, truncated
[ 1369.016223] loop3: p150 start 1 is beyond EOD, truncated
[ 1369.021689] loop3: p151 start 1 is beyond EOD, truncated
[ 1369.027230] loop3: p152 start 1 is beyond EOD, truncated
[ 1369.032760] loop3: p153 start 1 is beyond EOD, truncated
[ 1369.038314] loop3: p154 start 1 is beyond EOD, truncated
[ 1369.043782] loop3: p155 start 1 is beyond EOD, truncated
[ 1369.049288] loop3: p156 start 1 is beyond EOD, truncated
[ 1369.054804] loop3: p157 start 1 is beyond EOD, truncated
[ 1369.060270] loop3: p158 start 1 is beyond EOD, truncated
[ 1369.065774] loop3: p159 start 1 is beyond EOD, truncated
[ 1369.071241] loop3: p160 start 1 is beyond EOD, truncated
[ 1369.076768] loop3: p161 start 1 is beyond EOD, truncated
[ 1369.082235] loop3: p162 start 1 is beyond EOD, truncated
[ 1369.088568] loop3: p163 start 1 is beyond EOD, truncated
[ 1369.094033] loop3: p164 start 1 is beyond EOD, truncated
[ 1369.099583] loop3: p165 start 1 is beyond EOD, truncated
[ 1369.105106] loop3: p166 start 1 is beyond EOD, truncated
[ 1369.110555] loop3: p167 start 1 is beyond EOD, truncated
[ 1369.116121] loop3: p168 start 1 is beyond EOD, truncated
[ 1369.121590] loop3: p169 start 1 is beyond EOD, truncated
[ 1369.127103] loop3: p170 start 1 is beyond EOD, truncated
[ 1369.132574] loop3: p171 start 1 is beyond EOD, truncated
[ 1369.138137] loop3: p172 start 1 is beyond EOD, truncated
[ 1369.143650] loop3: p173 start 1 is beyond EOD, truncated
[ 1369.149175] loop3: p174 start 1 is beyond EOD, truncated
[ 1369.154717] loop3: p175 start 1 is beyond EOD, truncated
[ 1369.160180] loop3: p176 start 1 is beyond EOD, truncated
[ 1369.165704] loop3: p177 start 1 is beyond EOD, truncated
[ 1369.171431] loop3: p178 start 1 is beyond EOD, truncated
[ 1369.176934] loop3: p179 start 1 is beyond EOD, truncated
[ 1369.182411] loop3: p180 start 1 is beyond EOD, truncated
[ 1369.187924] loop3: p181 start 1 is beyond EOD, truncated
[ 1369.193388] loop3: p182 start 1 is beyond EOD, truncated
[ 1369.199002] loop3: p183 start 1 is beyond EOD, truncated
[ 1369.204474] loop3: p184 start 1 is beyond EOD, truncated
[ 1369.209977] loop3: p185 start 1 is beyond EOD, truncated
[ 1369.216164] loop3: p186 start 1 is beyond EOD, truncated
[ 1369.221770] loop3: p187 start 1 is beyond EOD, truncated
[ 1369.227455] loop3: p188 start 1 is beyond EOD, truncated
[ 1369.232924] loop3: p189 start 1 is beyond EOD, truncated
[ 1369.238432] loop3: p190 start 1 is beyond EOD, truncated
[ 1369.243906] loop3: p191 start 1 is beyond EOD, truncated
[ 1369.249414] loop3: p192 start 1 is beyond EOD, truncated
[ 1369.254936] loop3: p193 start 1 is beyond EOD, truncated
[ 1369.260393] loop3: p194 start 1 is beyond EOD, truncated
[ 1369.265916] loop3: p195 start 1 is beyond EOD, truncated
[ 1369.271942] loop3: p196 start 1 is beyond EOD, truncated
[ 1369.277446] loop3: p197 start 1 is beyond EOD, truncated
[ 1369.282929] loop3: p198 start 1 is beyond EOD, truncated
[ 1369.288460] loop3: p199 start 1 is beyond EOD, truncated
[ 1369.293924] loop3: p200 start 1 is beyond EOD, truncated
[ 1369.299500] loop3: p201 start 1 is beyond EOD, truncated
[ 1369.305022] loop3: p202 start 1 is beyond EOD, truncated
[ 1369.310489] loop3: p203 start 1 is beyond EOD, truncated
[ 1369.315994] loop3: p204 start 1 is beyond EOD, truncated
[ 1369.321457] loop3: p205 start 1 is beyond EOD, truncated
[ 1369.326966] loop3: p206 start 1 is beyond EOD, truncated
[ 1369.332428] loop3: p207 start 1 is beyond EOD, truncated
[ 1369.337936] loop3: p208 start 1 is beyond EOD, truncated
[ 1369.343411] loop3: p209 start 1 is beyond EOD, truncated
[ 1369.348936] loop3: p210 start 1 is beyond EOD, truncated
[ 1369.354400] loop3: p211 start 1 is beyond EOD, truncated
[ 1369.359916] loop3: p212 start 1 is beyond EOD, truncated
[ 1369.365414] loop3: p213 start 1 is beyond EOD, truncated
[ 1369.370871] loop3: p214 start 1 is beyond EOD, truncated
[ 1369.376395] loop3: p215 start 1 is beyond EOD, truncated
[ 1369.381859] loop3: p216 start 1 is beyond EOD, truncated
[ 1369.387370] loop3: p217 start 1 is beyond EOD, truncated
[ 1369.392834] loop3: p218 start 1 is beyond EOD, truncated
[ 1369.398352] loop3: p219 start 1 is beyond EOD, truncated
[ 1369.403834] loop3: p220 start 1 is beyond EOD, truncated
[ 1369.409354] loop3: p221 start 1 is beyond EOD, truncated
[ 1369.414853] loop3: p222 start 1 is beyond EOD, truncated
[ 1369.420303] loop3: p223 start 1 is beyond EOD, truncated
[ 1369.425824] loop3: p224 start 1 is beyond EOD, truncated
[ 1369.431305] loop3: p225 start 1 is beyond EOD, truncated
[ 1369.436834] loop3: p226 start 1 is beyond EOD, truncated
[ 1369.442325] loop3: p227 start 1 is beyond EOD, truncated
[ 1369.447836] loop3: p228 start 1 is beyond EOD, truncated
[ 1369.453313] loop3: p229 start 1 is beyond EOD, truncated
[ 1369.458996] loop3: p230 start 1 is beyond EOD, truncated
[ 1369.464477] loop3: p231 start 1 is beyond EOD, truncated
[ 1369.470061] loop3: p232 start 1 is beyond EOD, truncated
[ 1369.475574] loop3: p233 start 1 is beyond EOD, truncated
[ 1369.481052] loop3: p234 start 1 is beyond EOD, truncated
[ 1369.486577] loop3: p235 start 1 is beyond EOD, truncated
[ 1369.492039] loop3: p236 start 1 is beyond EOD, truncated
[ 1369.497557] loop3: p237 start 1 is beyond EOD, truncated
[ 1369.503179] loop3: p238 start 1 is beyond EOD, truncated
[ 1369.509385] loop3: p239 start 1 is beyond EOD, truncated
[ 1369.516197] loop3: p240 start 1 is beyond EOD, truncated
[ 1369.521672] loop3: p241 start 1 is beyond EOD, truncated
[ 1369.527273] loop3: p242 start 1 is beyond EOD, truncated
[ 1369.532856] loop3: p243 start 1 is beyond EOD, truncated
[ 1369.538381] loop3: p244 start 1 is beyond EOD, truncated
[ 1369.543868] loop3: p245 start 1 is beyond EOD, truncated
[ 1369.549453] loop3: p246 start 1 is beyond EOD, truncated
[ 1369.554974] loop3: p247 start 1 is beyond EOD, truncated
[ 1369.560451] loop3: p248 start 1 is beyond EOD, truncated
[ 1369.566111] loop3: p249 start 1 is beyond EOD, truncated
[ 1369.571621] loop3: p250 start 1 is beyond EOD, truncated
[ 1369.577272] loop3: p251 start 1 is beyond EOD, truncated
[ 1369.582752] loop3: p252 start 1 is beyond EOD, truncated
[ 1369.588290] loop3: p253 start 1 is beyond EOD, truncated
[ 1369.593756] loop3: p254 start 1 is beyond EOD, truncated
[ 1369.599433] loop3: p255 start 1 is beyond EOD, truncated
[ 1369.735112] loop_reread_partitions: partition scan of loop3 () failed (rc=-16)
21:37:41 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:41 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0xa000000)

21:37:41 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xa]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:41 executing program 4:
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x400, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x4d)
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000180), 0x1000)

21:37:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="00004e25a28c1de92464cda2e24a146cbc6c7305000000000000"]], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:41 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1370.689230] binder: 23315:23317 got transaction with invalid offset (-1649007260509274112, min 0 max 24) or object.
[ 1370.703731] QAT: Invalid ioctl
[ 1370.722826] binder_alloc: binder_alloc_mmap_handler: 23311 20ffd000-21000000 already mapped failed -16
[ 1370.747784] binder: 23315:23317 transaction failed 29201/-22, size 24-8 line 3035
[ 1370.764122] binder: 23315:23327 got transaction to invalid handle
[ 1370.772624] binder_alloc: binder_alloc_mmap_handler: 23311 20001000-20004000 already mapped failed -16
[ 1370.783116] binder: undelivered TRANSACTION_ERROR: 29201
[ 1370.789402] binder: 23315:23327 transaction failed 29201/-22, size 0-0 line 2834
[ 1370.801423] binder_alloc: binder_alloc_mmap_handler: 23315 20001000-20004000 already mapped failed -16
[ 1370.802579]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
21:37:41 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x300000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1370.802593] loop3: partition table partially beyond EOD, 
[ 1370.811786] binder: BINDER_SET_CONTEXT_MGR already set
[ 1370.901889] truncated
[ 1370.912990] loop3: p1 start 1 is beyond EOD, truncated
[ 1370.919349] loop3: p2 size 2 extends beyond EOD, truncated
[ 1370.924243] binder_alloc: binder_alloc_mmap_handler: 23311 20ffd000-21000000 already mapped failed -16
[ 1370.942745] binder: 23315:23332 got transaction to invalid handle
[ 1370.942931] binder_alloc: 23315: binder_alloc_buf, no vma
[ 1370.960394] binder: 23315:23317 ioctl 40046207 0 returned -16
[ 1370.968260] binder: 23315:23327 transaction failed 29189/-3, size 24-8 line 2973
[ 1370.976836] binder: 23315:23332 transaction failed 29201/-22, size 0-0 line 2834
[ 1370.985693] binder: undelivered TRANSACTION_ERROR: 29201
[ 1370.991971] loop3: p3 start 201 is beyond EOD, truncated
[ 1370.994105] binder: undelivered TRANSACTION_ERROR: 29189
[ 1371.019457] binder: undelivered TRANSACTION_ERROR: 29201
[ 1371.026400] loop3: p4 start 301 is beyond EOD, truncated
[ 1371.038073] loop3: p5 start 1 is beyond EOD, truncated
[ 1371.043577] loop3: p6 start 1 is beyond EOD, truncated
[ 1371.049239] loop3: p7 start 1 is beyond EOD, truncated
[ 1371.055031] loop3: p8 start 1 is beyond EOD, truncated
[ 1371.060466] loop3: p9 start 1 is beyond EOD, truncated
[ 1371.066010] loop3: p10 start 1 is beyond EOD, truncated
[ 1371.071479] loop3: p11 start 1 is beyond EOD, truncated
[ 1371.077064] loop3: p12 start 1 is beyond EOD, truncated
[ 1371.082526] loop3: p13 start 1 is beyond EOD, truncated
[ 1371.088103] loop3: p14 start 1 is beyond EOD, truncated
[ 1371.093560] loop3: p15 start 1 is beyond EOD, truncated
21:37:42 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x4c00)

21:37:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x101082, 0x0)
getsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000140), 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
umount2(&(0x7f00000000c0)='./file0\x00', 0x8)
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00634040010000000000000000000000000000000000000000000000000000000000f9ffffffffffffff0000000000000000000008000000"], 0x0, 0x0, 0x0})

21:37:42 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x1200]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1371.099146] loop3: p16 start 1 is beyond EOD, truncated
[ 1371.106046] loop3: p17 start 1 is beyond EOD, truncated
[ 1371.111546] loop3: p18 start 1 is beyond EOD, truncated
[ 1371.117053] loop3: p19 start 1 is beyond EOD, truncated
[ 1371.122553] loop3: p20 start 1 is beyond EOD, truncated
[ 1371.128072] loop3: p21 start 1 is beyond EOD, truncated
[ 1371.133566] loop3: p22 start 1 is beyond EOD, truncated
[ 1371.139253] loop3: p23 start 1 is beyond EOD, truncated
[ 1371.144911] loop3: p24 start 1 is beyond EOD, truncated
[ 1371.214757] loop3: p25 start 1 is beyond EOD, truncated
[ 1371.231121] loop3: p26 start 1 is beyond EOD, truncated
[ 1371.241427] binder_alloc: binder_alloc_mmap_handler: 23339 20001000-20004000 already mapped failed -16
[ 1371.261495] binder: release 23341:23342 transaction 6349 out, still active
[ 1371.268914] binder_alloc: 23341: binder_alloc_buf, no vma
[ 1371.279991] binder: unexpected work type, 4, not freed
[ 1371.289261] loop3: p27 start 1 is beyond EOD, truncated
[ 1371.295192] loop3: p28 start 1 is beyond EOD, truncated
[ 1371.300983] loop3: p29 start 1 is beyond EOD, truncated
[ 1371.305346] binder: undelivered TRANSACTION_COMPLETE
21:37:42 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x600]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1371.306876] loop3: p30 start 1 is beyond EOD, truncated
[ 1371.312207] binder: 23341:23342 transaction failed 29189/-3, size 281474976710655-0 line 2973
[ 1371.317431] loop3: p31 start 1 is beyond EOD, truncated
[ 1371.331834] loop3: p32 start 1 is beyond EOD, truncated
[ 1371.338031] loop3: p33 start 1 is beyond EOD, truncated
[ 1371.343871] loop3: p34 start 1 is beyond EOD, truncated
[ 1371.349657] loop3: p35 start 1 is beyond EOD, truncated
[ 1371.355308] loop3: p36 start 1 is beyond EOD, truncated
[ 1371.369310] loop3: p37 start 1 is beyond EOD, truncated
[ 1371.375883] binder_alloc: binder_alloc_mmap_handler: 23341 20001000-20004000 already mapped failed -16
[ 1371.384803] loop3: p38 start 1 is beyond EOD, truncated
[ 1371.406159] binder: BINDER_SET_CONTEXT_MGR already set
[ 1371.406758] loop3: p39 start 1 is beyond EOD, truncated
21:37:42 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x300)

[ 1371.411745] binder: 23341:23342 ioctl 40046207 0 returned -16
[ 1371.424426] binder_alloc: 23341: binder_alloc_buf, no vma
[ 1371.430607] binder: 23341:23352 transaction failed 29189/-3, size 24-8 line 2973
[ 1371.438600] loop3: p40 start 1 is beyond EOD, truncated
[ 1371.446251] loop3: p41 start 1 is beyond EOD, truncated
[ 1371.466933] binder: undelivered TRANSACTION_ERROR: 29189
[ 1371.473760] binder: undelivered TRANSACTION_ERROR: 29189
[ 1371.491489] binder: send failed reply for transaction 6349, target dead
[ 1371.493903] QAT: Invalid ioctl
[ 1371.507031] loop3: p42 start 1 is beyond EOD, truncated
[ 1371.511493] binder_alloc: binder_alloc_mmap_handler: 23355 20001000-20004000 already mapped failed -16
[ 1371.535701] loop3: p43 start 1 is beyond EOD, truncated
[ 1371.547533] loop3: p44 start 1 is beyond EOD, truncated
[ 1371.562613] loop3: p45 start 1 is beyond EOD, truncated
[ 1371.569766] loop3: p46 start 1 is beyond EOD, truncated
[ 1371.576057] loop3: p47 start 1 is beyond EOD, truncated
[ 1371.590093] loop3: p48 start 1 is beyond EOD, truncated
[ 1371.597148] loop3: p49 start 1 is beyond EOD, truncated
[ 1371.602537] loop3: p50 start 1 is beyond EOD, truncated
[ 1371.608505] loop3: p51 start 1 is beyond EOD, truncated
[ 1371.618811] loop3: p52 start 1 is beyond EOD, truncated
[ 1371.624247] loop3: p53 start 1 is beyond EOD, truncated
[ 1371.630711] loop3: p54 start 1 is beyond EOD, truncated
[ 1371.636731] loop3: p55 start 1 is beyond EOD, truncated
[ 1371.642128] loop3: p56 start 1 is beyond EOD, truncated
[ 1371.675050] loop3: p57 start 1 is beyond EOD, truncated
[ 1371.680531] loop3: p58 start 1 is beyond EOD, truncated
[ 1371.695064] loop3: p59 start 1 is beyond EOD, truncated
[ 1371.700461] loop3: p60 start 1 is beyond EOD, truncated
[ 1371.728650] loop3: p61 start 1 is beyond EOD, truncated
[ 1371.734220] loop3: p62 start 1 is beyond EOD, truncated
[ 1371.739809] loop3: p63 start 1 is beyond EOD, truncated
[ 1371.745387] loop3: p64 start 1 is beyond EOD, truncated
[ 1371.750924] loop3: p65 start 1 is beyond EOD, truncated
[ 1371.757206] loop3: p66 start 1 is beyond EOD, truncated
[ 1371.762790] loop3: p67 start 1 is beyond EOD, truncated
[ 1371.768611] loop3: p68 start 1 is beyond EOD, truncated
[ 1371.774123] loop3: p69 start 1 is beyond EOD, truncated
[ 1371.779710] loop3: p70 start 1 is beyond EOD, truncated
[ 1371.785288] loop3: p71 start 1 is beyond EOD, truncated
[ 1371.790815] loop3: p72 start 1 is beyond EOD, truncated
[ 1371.796419] loop3: p73 start 1 is beyond EOD, truncated
[ 1371.801942] loop3: p74 start 1 is beyond EOD, truncated
[ 1371.807627] loop3: p75 start 1 is beyond EOD, truncated
[ 1371.813167] loop3: p76 start 1 is beyond EOD, truncated
[ 1371.818735] loop3: p77 start 1 is beyond EOD, truncated
[ 1371.824250] loop3: p78 start 1 is beyond EOD, truncated
[ 1371.829814] loop3: p79 start 1 is beyond EOD, truncated
[ 1371.835444] loop3: p80 start 1 is beyond EOD, truncated
[ 1371.840964] loop3: p81 start 1 is beyond EOD, truncated
[ 1371.846518] loop3: p82 start 1 is beyond EOD, truncated
[ 1371.852044] loop3: p83 start 1 is beyond EOD, truncated
[ 1371.857615] loop3: p84 start 1 is beyond EOD, truncated
[ 1371.857640] loop3: p85 start 1 is beyond EOD, truncated
[ 1371.872729] loop3: p86 start 1 is beyond EOD, truncated
21:37:42 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:42 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x8]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="00000000e9000000"]], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:42 executing program 4:
r0 = memfd_create(&(0x7f0000000000)='/dev/usbmon#\x00', 0x1)
read$FUSE(r0, &(0x7f0000002180), 0x13d8)
r1 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x400000000000000, 0xfffffffffffffffe)
ioctl(r1, 0x80000001, &(0x7f0000000080)="7517665441e0b87a6ea88553d40ff32fe1c3852e059a4b341b754c1e81dbf92750080ffef767cbb069b3e6078d5cf8aaa29f25839630510754697a128ecc3f6eff29a9092a2980e3b171f9273e3c7badea7157143c51e121733375dfdd747c8a17bccbff2e63d0e690c1e6974f3ea664a441d817c43df92b268cdad47043e1ebb4aa1341832c42d950ca5a06b082edce7672a2e60b3fba32cc4022603baf26c60faadee296")
ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000001180)="5604144eb973de56c96fc385323b79da7c4bb7a866999f74dd0e8adedc62c3d38a9904b77cb905ceeff5453fb09b4bb764fbc2cab06914aa49122be514d2276ba1fc114e609eed9710f5eea86c1e4217cfdaab58b54bf91aa35b77ba52b1b1c7627ecd6ba678b88a786fa3f643d90a9e5e350aadad57be42265348d4cf0bf65c9e77636b9e9f79e95c7d9a48a1b8ed3cd7ed99fd6af80d84822c8bff7f1553d40876e26a3cd08a483e9e53f4cb02be323ffea2fcb0aa6ec0582f4838d0c77c359f237d8c5a5946d4d5f82785f03e4b50dd2af8ef1f766bf0c1056f0f8bc6465f40b312a7a70ddeb9827f5f6cd09d44c4e914fef43cddbf60c67cdb0f45e13d28")
read$FUSE(r1, &(0x7f0000000180), 0x1000)

21:37:42 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x1e)

[ 1371.878294] loop3: p87 start 1 is beyond EOD, truncated
[ 1371.883806] loop3: p88 start 1 is beyond EOD, truncated
[ 1371.889425] loop3: p89 start 1 is beyond EOD, truncated
[ 1371.894987] loop3: p90 start 1 is beyond EOD, truncated
[ 1371.915501] loop3: p91 start 1 is beyond EOD, truncated
[ 1371.926522] loop3: p92 start 1 is beyond EOD, truncated
[ 1371.934376] loop3: p93 start 1 is beyond EOD, truncated
[ 1371.958410] loop3: p94 start 1 is beyond EOD, truncated
[ 1371.966483] binder_alloc: binder_alloc_mmap_handler: 23371 20001000-20004000 already mapped failed -16
[ 1371.980692] loop3: p95 start 1 is beyond EOD, truncated
[ 1371.987436] binder: 23367:23375 got transaction with invalid offset (1000727379968, min 0 max 24) or object.
[ 1371.997877] loop3: p96 start 1 is beyond EOD, truncated
[ 1372.007877] loop3: p97 start 1 is beyond EOD, truncated
[ 1372.018032] loop3: p98 start 1 is beyond EOD, truncated
[ 1372.019663] binder: 23367:23375 transaction failed 29201/-22, size 24-8 line 3035
[ 1372.027820] loop3: p99 start 1 is beyond EOD, truncated
[ 1372.056149] loop3: p100 start 1 is beyond EOD, truncated
[ 1372.069955] loop3: p101 start 1 is beyond EOD, truncated
[ 1372.079078] binder: undelivered TRANSACTION_ERROR: 29201
[ 1372.080927] loop3: p102 start 1 is beyond EOD, truncated
[ 1372.092557] loop3: p103 start 1 is beyond EOD, truncated
[ 1372.093217] binder: 23367:23375 got transaction to invalid handle
[ 1372.098831] loop3: p104 start 1 is beyond EOD, truncated
[ 1372.117969] loop3: p105 start 1 is beyond EOD, truncated
[ 1372.122676] binder: 23367:23375 transaction failed 29201/-22, size 0-0 line 2834
[ 1372.134827] loop3: p106 start 1 is beyond EOD, truncated
[ 1372.142274] binder_alloc: binder_alloc_mmap_handler: 23367 20001000-20004000 already mapped failed -16
[ 1372.150503] loop3: p107 start 1 is beyond EOD, truncated
[ 1372.163751] binder_alloc: 23367: binder_alloc_buf, no vma
[ 1372.168159] loop3: p108 start 1 is beyond EOD, truncated
[ 1372.176523] binder: 23367:23381 transaction failed 29189/-3, size 24-8 line 2973
[ 1372.184192] binder: BINDER_SET_CONTEXT_MGR already set
[ 1372.188180] loop3: p109 start 1 is beyond EOD, truncated
[ 1372.190081] binder: 23367:23375 ioctl 40046207 0 returned -16
[ 1372.202071] binder: undelivered TRANSACTION_ERROR: 29189
[ 1372.208402] binder: 23367:23387 got transaction to invalid handle
[ 1372.215262] binder: 23367:23387 transaction failed 29201/-22, size 0-0 line 2834
[ 1372.215470] loop3: p110 start 1 is beyond EOD, truncated
[ 1372.223168] binder: undelivered TRANSACTION_ERROR: 29201
[ 1372.245244] binder: undelivered TRANSACTION_ERROR: 29201
[ 1372.251058] loop3: p111 start 1 is beyond EOD, truncated
[ 1372.261227] loop3: p112 start 1 is beyond EOD, truncated
[ 1372.275996] loop3: p113 start 1 is beyond EOD, truncated
[ 1372.281598] loop3: p114 start 1 is beyond EOD, truncated
[ 1372.287756] loop3: p115 start 1 is beyond EOD, truncated
[ 1372.295643] loop3: p116 start 1 is beyond EOD, truncated
[ 1372.301305] loop3: p117 start 1 is beyond EOD, truncated
[ 1372.310609] loop3: p118 start 1 is beyond EOD, truncated
[ 1372.316259] loop3: p119 start 1 is beyond EOD, truncated
[ 1372.321727] loop3: p120 start 1 is beyond EOD, truncated
[ 1372.327277] loop3: p121 start 1 is beyond EOD, truncated
[ 1372.332742] loop3: p122 start 1 is beyond EOD, truncated
[ 1372.338496] loop3: p123 start 1 is beyond EOD, truncated
[ 1372.343954] loop3: p124 start 1 is beyond EOD, truncated
[ 1372.349481] loop3: p125 start 1 is beyond EOD, truncated
[ 1372.355010] loop3: p126 start 1 is beyond EOD, truncated
[ 1372.360472] loop3: p127 start 1 is beyond EOD, truncated
[ 1372.365992] loop3: p128 start 1 is beyond EOD, truncated
[ 1372.371448] loop3: p129 start 1 is beyond EOD, truncated
[ 1372.377865] loop3: p130 start 1 is beyond EOD, truncated
[ 1372.383351] loop3: p131 start 1 is beyond EOD, truncated
[ 1372.388920] loop3: p132 start 1 is beyond EOD, truncated
[ 1372.394383] loop3: p133 start 1 is beyond EOD, truncated
[ 1372.399930] loop3: p134 start 1 is beyond EOD, truncated
[ 1372.405451] loop3: p135 start 1 is beyond EOD, truncated
[ 1372.410901] loop3: p136 start 1 is beyond EOD, truncated
[ 1372.416451] loop3: p137 start 1 is beyond EOD, truncated
[ 1372.421908] loop3: p138 start 1 is beyond EOD, truncated
[ 1372.427426] loop3: p139 start 1 is beyond EOD, truncated
[ 1372.432892] loop3: p140 start 1 is beyond EOD, truncated
[ 1372.438447] loop3: p141 start 1 is beyond EOD, truncated
[ 1372.443901] loop3: p142 start 1 is beyond EOD, truncated
[ 1372.449430] loop3: p143 start 1 is beyond EOD, truncated
[ 1372.454922] loop3: p144 start 1 is beyond EOD, truncated
[ 1372.460373] loop3: p145 start 1 is beyond EOD, truncated
[ 1372.465897] loop3: p146 start 1 is beyond EOD, truncated
[ 1372.471362] loop3: p147 start 1 is beyond EOD, truncated
[ 1372.477010] loop3: p148 start 1 is beyond EOD, truncated
[ 1372.482478] loop3: p149 start 1 is beyond EOD, truncated
[ 1372.488022] loop3: p150 start 1 is beyond EOD, truncated
[ 1372.493478] loop3: p151 start 1 is beyond EOD, truncated
[ 1372.498993] loop3: p152 start 1 is beyond EOD, truncated
[ 1372.504453] loop3: p153 start 1 is beyond EOD, truncated
[ 1372.510896] loop3: p154 start 1 is beyond EOD, truncated
[ 1372.516451] loop3: p155 start 1 is beyond EOD, truncated
[ 1372.521917] loop3: p156 start 1 is beyond EOD, truncated
[ 1372.527460] loop3: p157 start 1 is beyond EOD, truncated
[ 1372.532933] loop3: p158 start 1 is beyond EOD, truncated
[ 1372.538472] loop3: p159 start 1 is beyond EOD, truncated
[ 1372.543935] loop3: p160 start 1 is beyond EOD, truncated
[ 1372.549445] loop3: p161 start 1 is beyond EOD, truncated
[ 1372.554948] loop3: p162 start 1 is beyond EOD, truncated
[ 1372.560408] loop3: p163 start 1 is beyond EOD, truncated
[ 1372.565917] loop3: p164 start 1 is beyond EOD, truncated
[ 1372.571388] loop3: p165 start 1 is beyond EOD, truncated
[ 1372.576891] loop3: p166 start 1 is beyond EOD, truncated
[ 1372.582352] loop3: p167 start 1 is beyond EOD, truncated
[ 1372.587846] loop3: p168 start 1 is beyond EOD, truncated
[ 1372.593335] loop3: p169 start 1 is beyond EOD, truncated
[ 1372.598851] loop3: p170 start 1 is beyond EOD, truncated
[ 1372.604328] loop3: p171 start 1 is beyond EOD, truncated
[ 1372.609839] loop3: p172 start 1 is beyond EOD, truncated
[ 1372.615374] loop3: p173 start 1 is beyond EOD, truncated
[ 1372.620866] loop3: p174 start 1 is beyond EOD, truncated
[ 1372.626377] loop3: p175 start 1 is beyond EOD, truncated
[ 1372.631854] loop3: p176 start 1 is beyond EOD, truncated
[ 1372.638165] loop3: p177 start 1 is beyond EOD, truncated
[ 1372.643672] loop3: p178 start 1 is beyond EOD, truncated
[ 1372.649196] loop3: p179 start 1 is beyond EOD, truncated
[ 1372.654718] loop3: p180 start 1 is beyond EOD, truncated
[ 1372.660214] loop3: p181 start 1 is beyond EOD, truncated
[ 1372.665742] loop3: p182 start 1 is beyond EOD, truncated
[ 1372.671205] loop3: p183 start 1 is beyond EOD, truncated
[ 1372.676716] loop3: p184 start 1 is beyond EOD, truncated
[ 1372.682172] loop3: p185 start 1 is beyond EOD, truncated
[ 1372.687695] loop3: p186 start 1 is beyond EOD, truncated
[ 1372.693152] loop3: p187 start 1 is beyond EOD, truncated
[ 1372.698656] loop3: p188 start 1 is beyond EOD, truncated
[ 1372.704120] loop3: p189 start 1 is beyond EOD, truncated
[ 1372.709618] loop3: p190 start 1 is beyond EOD, truncated
[ 1372.715294] loop3: p191 start 1 is beyond EOD, truncated
[ 1372.720764] loop3: p192 start 1 is beyond EOD, truncated
[ 1372.726287] loop3: p193 start 1 is beyond EOD, truncated
[ 1372.731769] loop3: p194 start 1 is beyond EOD, truncated
[ 1372.737309] loop3: p195 start 1 is beyond EOD, truncated
[ 1372.742777] loop3: p196 start 1 is beyond EOD, truncated
[ 1372.748303] loop3: p197 start 1 is beyond EOD, truncated
[ 1372.753780] loop3: p198 start 1 is beyond EOD, truncated
[ 1372.759303] loop3: p199 start 1 is beyond EOD, truncated
[ 1372.765909] loop3: p200 start 1 is beyond EOD, truncated
[ 1372.771374] loop3: p201 start 1 is beyond EOD, truncated
[ 1372.776913] loop3: p202 start 1 is beyond EOD, truncated
[ 1372.782414] loop3: p203 start 1 is beyond EOD, truncated
[ 1372.788438] loop3: p204 start 1 is beyond EOD, truncated
[ 1372.794035] loop3: p205 start 1 is beyond EOD, truncated
[ 1372.799849] loop3: p206 start 1 is beyond EOD, truncated
[ 1372.805517] loop3: p207 start 1 is beyond EOD, truncated
[ 1372.811079] loop3: p208 start 1 is beyond EOD, truncated
[ 1372.816668] loop3: p209 start 1 is beyond EOD, truncated
[ 1372.822129] loop3: p210 start 1 is beyond EOD, truncated
[ 1372.827670] loop3: p211 start 1 is beyond EOD, truncated
[ 1372.833141] loop3: p212 start 1 is beyond EOD, truncated
[ 1372.838667] loop3: p213 start 1 is beyond EOD, truncated
[ 1372.844123] loop3: p214 start 1 is beyond EOD, truncated
[ 1372.849642] loop3: p215 start 1 is beyond EOD, truncated
[ 1372.855177] loop3: p216 start 1 is beyond EOD, truncated
[ 1372.860616] loop3: p217 start 1 is beyond EOD, truncated
[ 1372.866133] loop3: p218 start 1 is beyond EOD, truncated
[ 1372.871602] loop3: p219 start 1 is beyond EOD, truncated
[ 1372.877105] loop3: p220 start 1 is beyond EOD, truncated
[ 1372.882587] loop3: p221 start 1 is beyond EOD, truncated
[ 1372.888106] loop3: p222 start 1 is beyond EOD, truncated
[ 1372.893575] loop3: p223 start 1 is beyond EOD, truncated
[ 1372.899830] loop3: p224 start 1 is beyond EOD, truncated
[ 1372.905375] loop3: p225 start 1 is beyond EOD, truncated
[ 1372.910838] loop3: p226 start 1 is beyond EOD, truncated
[ 1372.916366] loop3: p227 start 1 is beyond EOD, truncated
[ 1372.921836] loop3: p228 start 1 is beyond EOD, truncated
[ 1372.927343] loop3: p229 start 1 is beyond EOD, truncated
[ 1372.932819] loop3: p230 start 1 is beyond EOD, truncated
[ 1372.938315] loop3: p231 start 1 is beyond EOD, truncated
[ 1372.943798] loop3: p232 start 1 is beyond EOD, truncated
[ 1372.949311] loop3: p233 start 1 is beyond EOD, truncated
[ 1372.954818] loop3: p234 start 1 is beyond EOD, truncated
[ 1372.960256] loop3: p235 start 1 is beyond EOD, truncated
[ 1372.965764] loop3: p236 start 1 is beyond EOD, truncated
[ 1372.971230] loop3: p237 start 1 is beyond EOD, truncated
[ 1372.976731] loop3: p238 start 1 is beyond EOD, truncated
[ 1372.982206] loop3: p239 start 1 is beyond EOD, truncated
[ 1372.987729] loop3: p240 start 1 is beyond EOD, truncated
[ 1372.993187] loop3: p241 start 1 is beyond EOD, truncated
[ 1372.998688] loop3: p242 start 1 is beyond EOD, truncated
[ 1373.004176] loop3: p243 start 1 is beyond EOD, truncated
[ 1373.009690] loop3: p244 start 1 is beyond EOD, truncated
[ 1373.015209] loop3: p245 start 1 is beyond EOD, truncated
[ 1373.020656] loop3: p246 start 1 is beyond EOD, truncated
[ 1373.026928] loop3: p247 start 1 is beyond EOD, truncated
[ 1373.032399] loop3: p248 start 1 is beyond EOD, truncated
[ 1373.037956] loop3: p249 start 1 is beyond EOD, truncated
[ 1373.043427] loop3: p250 start 1 is beyond EOD, truncated
21:37:44 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:37:44 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000080)=0x9f)
syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
fsetxattr(r0, &(0x7f0000000000)=@known='security.apparmor\x00', &(0x7f0000000040)='em0nodev\x00', 0x9, 0x0)

21:37:44 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0xfffffffc]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:44 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x74)

21:37:44 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.usage_user\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1373.048921] loop3: p251 start 1 is beyond EOD, truncated
[ 1373.054384] loop3: p252 start 1 is beyond EOD, truncated
[ 1373.059887] loop3: p253 start 1 is beyond EOD, truncated
[ 1373.065410] loop3: p254 start 1 is beyond EOD, truncated
[ 1373.070861] loop3: p255 start 1 is beyond EOD, truncated
[ 1373.138224] binder_alloc: binder_alloc_mmap_handler: 23394 20001000-20004000 already mapped failed -16
[ 1373.150594] binder: release 23397:23401 transaction 6360 out, still active
[ 1373.158428] binder_alloc: 23397: binder_alloc_buf, no vma
[ 1373.174762] binder: unexpected work type, 4, not freed
[ 1373.181185] binder: undelivered TRANSACTION_COMPLETE
21:37:44 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xa]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1373.190363] binder: BINDER_SET_CONTEXT_MGR already set
[ 1373.203333] binder: 23397:23401 ioctl 40046207 0 returned -16
[ 1373.203868] binder_alloc: 23397: binder_alloc_buf, no vma
[ 1373.237101] binder: 23397:23411 got transaction to invalid handle
[ 1373.249652]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1373.249962] loop3: partition table partially beyond EOD, 
[ 1373.251930] binder: send failed reply for transaction 6360, target dead
21:37:44 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x68)

[ 1373.378455] truncated
[ 1373.389658] loop3: p1 start 1 is beyond EOD, truncated
[ 1373.395188] loop3: p2 size 2 extends beyond EOD, truncated
[ 1373.402300] loop3: p3 start 201 is beyond EOD, truncated
[ 1373.408431] loop3: p4 start 301 is beyond EOD, truncated
[ 1373.414100] loop3: p5 start 1 is beyond EOD, truncated
[ 1373.419686] loop3: p6 start 1 is beyond EOD, truncated
[ 1373.434930] loop3: p7 start 1 is beyond EOD, truncated
[ 1373.459784] loop3: p8 start 1 is beyond EOD, truncated
[ 1373.466919] loop3: p9 start 1 is beyond EOD, truncated
[ 1373.472430] loop3: p10 start 1 is beyond EOD, truncated
[ 1373.478163] loop3: p11 start 1 is beyond EOD, truncated
[ 1373.483758] loop3: p12 start 1 is beyond EOD, truncated
[ 1373.489325] loop3: p13 start 1 is beyond EOD, truncated
[ 1373.495563] loop3: p14 start 1 is beyond EOD, truncated
[ 1373.501102] loop3: p15 start 1 is beyond EOD, truncated
[ 1373.507179] loop3: p16 start 1 is beyond EOD, truncated
[ 1373.512710] loop3: p17 start 1 is beyond EOD, truncated
[ 1373.519686] loop3: p18 start 1 is beyond EOD, truncated
[ 1373.525259] loop3: p19 start 1 is beyond EOD, truncated
[ 1373.525273] loop3: p20 start 1 is beyond EOD, truncated
[ 1373.525285] loop3: p21 start 1 is beyond EOD, truncated
[ 1373.525297] loop3: p22 start 1 is beyond EOD, truncated
[ 1373.540115] loop3: p23 start 1 is beyond EOD, truncated
[ 1373.553405] loop3: p24 start 1 is beyond EOD, truncated
[ 1373.558868] loop3: p25 start 1 is beyond EOD, truncated
[ 1373.564244] loop3: p26 start 1 is beyond EOD, truncated
[ 1373.569744] loop3: p27 start 1 is beyond EOD, truncated
[ 1373.575175] loop3: p28 start 1 is beyond EOD, truncated
[ 1373.580548] loop3: p29 start 1 is beyond EOD, truncated
[ 1373.585994] loop3: p30 start 1 is beyond EOD, truncated
[ 1373.591390] loop3: p31 start 1 is beyond EOD, truncated
[ 1373.597615] loop3: p32 start 1 is beyond EOD, truncated
[ 1373.602995] loop3: p33 start 1 is beyond EOD, truncated
[ 1373.608466] loop3: p34 start 1 is beyond EOD, truncated
[ 1373.613850] loop3: p35 start 1 is beyond EOD, truncated
[ 1373.619415] loop3: p36 start 1 is beyond EOD, truncated
[ 1373.624844] loop3: p37 start 1 is beyond EOD, truncated
[ 1373.630221] loop3: p38 start 1 is beyond EOD, truncated
[ 1373.635657] loop3: p39 start 1 is beyond EOD, truncated
[ 1373.641052] loop3: p40 start 1 is beyond EOD, truncated
[ 1373.646480] loop3: p41 start 1 is beyond EOD, truncated
[ 1373.651902] loop3: p42 start 1 is beyond EOD, truncated
[ 1373.657358] loop3: p43 start 1 is beyond EOD, truncated
[ 1373.662778] loop3: p44 start 1 is beyond EOD, truncated
[ 1373.668186] loop3: p45 start 1 is beyond EOD, truncated
[ 1373.673574] loop3: p46 start 1 is beyond EOD, truncated
[ 1373.678990] loop3: p47 start 1 is beyond EOD, truncated
[ 1373.684408] loop3: p48 start 1 is beyond EOD, truncated
[ 1373.689861] loop3: p49 start 1 is beyond EOD, truncated
[ 1373.695262] loop3: p50 start 1 is beyond EOD, truncated
[ 1373.700620] loop3: p51 start 1 is beyond EOD, truncated
[ 1373.706063] loop3: p52 start 1 is beyond EOD, truncated
[ 1373.711440] loop3: p53 start 1 is beyond EOD, truncated
[ 1373.716869] loop3: p54 start 1 is beyond EOD, truncated
[ 1373.722246] loop3: p55 start 1 is beyond EOD, truncated
[ 1373.728483] loop3: p56 start 1 is beyond EOD, truncated
[ 1373.733848] loop3: p57 start 1 is beyond EOD, truncated
[ 1373.739336] loop3: p58 start 1 is beyond EOD, truncated
[ 1373.744793] loop3: p59 start 1 is beyond EOD, truncated
[ 1373.750173] loop3: p60 start 1 is beyond EOD, truncated
[ 1373.755723] loop3: p61 start 1 is beyond EOD, truncated
[ 1373.761117] loop3: p62 start 1 is beyond EOD, truncated
[ 1373.766592] loop3: p63 start 1 is beyond EOD, truncated
[ 1373.771981] loop3: p64 start 1 is beyond EOD, truncated
[ 1373.777431] loop3: p65 start 1 is beyond EOD, truncated
[ 1373.782815] loop3: p66 start 1 is beyond EOD, truncated
[ 1373.788226] loop3: p67 start 1 is beyond EOD, truncated
[ 1373.793613] loop3: p68 start 1 is beyond EOD, truncated
[ 1373.799086] loop3: p69 start 1 is beyond EOD, truncated
[ 1373.804460] loop3: p70 start 1 is beyond EOD, truncated
[ 1373.809869] loop3: p71 start 1 is beyond EOD, truncated
[ 1373.815294] loop3: p72 start 1 is beyond EOD, truncated
[ 1373.820671] loop3: p73 start 1 is beyond EOD, truncated
[ 1373.826112] loop3: p74 start 1 is beyond EOD, truncated
[ 1373.831495] loop3: p75 start 1 is beyond EOD, truncated
[ 1373.836920] loop3: p76 start 1 is beyond EOD, truncated
[ 1373.842367] loop3: p77 start 1 is beyond EOD, truncated
[ 1373.847823] loop3: p78 start 1 is beyond EOD, truncated
[ 1373.853207] loop3: p79 start 1 is beyond EOD, truncated
[ 1373.859458] loop3: p80 start 1 is beyond EOD, truncated
[ 1373.864920] loop3: p81 start 1 is beyond EOD, truncated
[ 1373.870295] loop3: p82 start 1 is beyond EOD, truncated
[ 1373.875759] loop3: p83 start 1 is beyond EOD, truncated
[ 1373.881129] loop3: p84 start 1 is beyond EOD, truncated
[ 1373.886546] loop3: p85 start 1 is beyond EOD, truncated
[ 1373.891939] loop3: p86 start 1 is beyond EOD, truncated
[ 1373.897381] loop3: p87 start 1 is beyond EOD, truncated
[ 1373.902780] loop3: p88 start 1 is beyond EOD, truncated
[ 1373.919124] loop3: p89 start 1 is beyond EOD, truncated
[ 1373.924542] loop3: p90 start 1 is beyond EOD, truncated
[ 1373.930017] loop3: p91 start 1 is beyond EOD, truncated
[ 1373.935454] loop3: p92 start 1 is beyond EOD, truncated
[ 1373.940834] loop3: p93 start 1 is beyond EOD, truncated
[ 1373.947347] loop3: p94 start 1 is beyond EOD, truncated
[ 1373.952755] loop3: p95 start 1 is beyond EOD, truncated
[ 1373.958238] loop3: p96 start 1 is beyond EOD, truncated
[ 1373.963643] loop3: p97 start 1 is beyond EOD, truncated
[ 1373.969096] loop3: p98 start 1 is beyond EOD, truncated
[ 1373.974485] loop3: p99 start 1 is beyond EOD, truncated
[ 1373.979907] loop3: p100 start 1 is beyond EOD, truncated
[ 1373.985983] loop3: p101 start 1 is beyond EOD, truncated
[ 1373.991660] loop3: p102 start 1 is beyond EOD, truncated
[ 1373.997360] loop3: p103 start 1 is beyond EOD, truncated
[ 1374.002827] loop3: p104 start 1 is beyond EOD, truncated
[ 1374.008433] loop3: p105 start 1 is beyond EOD, truncated
[ 1374.013908] loop3: p106 start 1 is beyond EOD, truncated
[ 1374.019421] loop3: p107 start 1 is beyond EOD, truncated
[ 1374.024928] loop3: p108 start 1 is beyond EOD, truncated
[ 1374.030375] loop3: p109 start 1 is beyond EOD, truncated
[ 1374.035919] loop3: p110 start 1 is beyond EOD, truncated
[ 1374.041373] loop3: p111 start 1 is beyond EOD, truncated
[ 1374.046890] loop3: p112 start 1 is beyond EOD, truncated
[ 1374.052370] loop3: p113 start 1 is beyond EOD, truncated
[ 1374.057876] loop3: p114 start 1 is beyond EOD, truncated
[ 1374.063330] loop3: p115 start 1 is beyond EOD, truncated
[ 1374.068862] loop3: p116 start 1 is beyond EOD, truncated
[ 1374.074329] loop3: p117 start 1 is beyond EOD, truncated
[ 1374.079897] loop3: p118 start 1 is beyond EOD, truncated
[ 1374.085418] loop3: p119 start 1 is beyond EOD, truncated
[ 1374.090878] loop3: p120 start 1 is beyond EOD, truncated
[ 1374.096387] loop3: p121 start 1 is beyond EOD, truncated
[ 1374.101862] loop3: p122 start 1 is beyond EOD, truncated
[ 1374.108154] loop3: p123 start 1 is beyond EOD, truncated
[ 1374.113644] loop3: p124 start 1 is beyond EOD, truncated
[ 1374.119974] loop3: p125 start 1 is beyond EOD, truncated
[ 1374.125544] loop3: p126 start 1 is beyond EOD, truncated
[ 1374.131010] loop3: p127 start 1 is beyond EOD, truncated
[ 1374.136522] loop3: p128 start 1 is beyond EOD, truncated
[ 1374.141997] loop3: p129 start 1 is beyond EOD, truncated
[ 1374.147518] loop3: p130 start 1 is beyond EOD, truncated
[ 1374.152988] loop3: p131 start 1 is beyond EOD, truncated
[ 1374.158493] loop3: p132 start 1 is beyond EOD, truncated
[ 1374.163994] loop3: p133 start 1 is beyond EOD, truncated
[ 1374.169488] loop3: p134 start 1 is beyond EOD, truncated
[ 1374.174992] loop3: p135 start 1 is beyond EOD, truncated
[ 1374.180430] loop3: p136 start 1 is beyond EOD, truncated
[ 1374.185972] loop3: p137 start 1 is beyond EOD, truncated
[ 1374.191446] loop3: p138 start 1 is beyond EOD, truncated
[ 1374.196973] loop3: p139 start 1 is beyond EOD, truncated
[ 1374.202442] loop3: p140 start 1 is beyond EOD, truncated
[ 1374.207971] loop3: p141 start 1 is beyond EOD, truncated
[ 1374.213440] loop3: p142 start 1 is beyond EOD, truncated
[ 1374.218937] loop3: p143 start 1 is beyond EOD, truncated
[ 1374.224410] loop3: p144 start 1 is beyond EOD, truncated
[ 1374.229902] loop3: p145 start 1 is beyond EOD, truncated
[ 1374.235437] loop3: p146 start 1 is beyond EOD, truncated
[ 1374.240879] loop3: p147 start 1 is beyond EOD, truncated
[ 1374.247176] loop3: p148 start 1 is beyond EOD, truncated
[ 1374.252625] loop3: p149 start 1 is beyond EOD, truncated
[ 1374.258189] loop3: p150 start 1 is beyond EOD, truncated
[ 1374.263659] loop3: p151 start 1 is beyond EOD, truncated
[ 1374.269169] loop3: p152 start 1 is beyond EOD, truncated
[ 1374.274676] loop3: p153 start 1 is beyond EOD, truncated
[ 1374.280123] loop3: p154 start 1 is beyond EOD, truncated
[ 1374.285704] loop3: p155 start 1 is beyond EOD, truncated
[ 1374.291170] loop3: p156 start 1 is beyond EOD, truncated
[ 1374.296697] loop3: p157 start 1 is beyond EOD, truncated
[ 1374.302153] loop3: p158 start 1 is beyond EOD, truncated
[ 1374.307686] loop3: p159 start 1 is beyond EOD, truncated
[ 1374.313161] loop3: p160 start 1 is beyond EOD, truncated
[ 1374.318768] loop3: p161 start 1 is beyond EOD, truncated
[ 1374.324256] loop3: p162 start 1 is beyond EOD, truncated
[ 1374.329806] loop3: p163 start 1 is beyond EOD, truncated
[ 1374.335379] loop3: p164 start 1 is beyond EOD, truncated
[ 1374.340858] loop3: p165 start 1 is beyond EOD, truncated
[ 1374.346370] loop3: p166 start 1 is beyond EOD, truncated
[ 1374.351832] loop3: p167 start 1 is beyond EOD, truncated
[ 1374.357329] loop3: p168 start 1 is beyond EOD, truncated
[ 1374.362811] loop3: p169 start 1 is beyond EOD, truncated
[ 1374.368344] loop3: p170 start 1 is beyond EOD, truncated
[ 1374.373995] loop3: p171 start 1 is beyond EOD, truncated
[ 1374.380288] loop3: p172 start 1 is beyond EOD, truncated
[ 1374.385836] loop3: p173 start 1 is beyond EOD, truncated
[ 1374.391295] loop3: p174 start 1 is beyond EOD, truncated
[ 1374.396884] loop3: p175 start 1 is beyond EOD, truncated
[ 1374.402366] loop3: p176 start 1 is beyond EOD, truncated
[ 1374.407880] loop3: p177 start 1 is beyond EOD, truncated
[ 1374.413359] loop3: p178 start 1 is beyond EOD, truncated
[ 1374.418963] loop3: p179 start 1 is beyond EOD, truncated
[ 1374.424450] loop3: p180 start 1 is beyond EOD, truncated
[ 1374.429958] loop3: p181 start 1 is beyond EOD, truncated
[ 1374.435480] loop3: p182 start 1 is beyond EOD, truncated
[ 1374.440935] loop3: p183 start 1 is beyond EOD, truncated
[ 1374.446449] loop3: p184 start 1 is beyond EOD, truncated
[ 1374.451906] loop3: p185 start 1 is beyond EOD, truncated
[ 1374.457410] loop3: p186 start 1 is beyond EOD, truncated
[ 1374.462880] loop3: p187 start 1 is beyond EOD, truncated
[ 1374.468386] loop3: p188 start 1 is beyond EOD, truncated
[ 1374.473883] loop3: p189 start 1 is beyond EOD, truncated
[ 1374.479488] loop3: p190 start 1 is beyond EOD, truncated
[ 1374.485005] loop3: p191 start 1 is beyond EOD, truncated
[ 1374.490462] loop3: p192 start 1 is beyond EOD, truncated
[ 1374.495980] loop3: p193 start 1 is beyond EOD, truncated
[ 1374.501438] loop3: p194 start 1 is beyond EOD, truncated
[ 1374.507718] loop3: p195 start 1 is beyond EOD, truncated
[ 1374.513170] loop3: p196 start 1 is beyond EOD, truncated
[ 1374.518729] loop3: p197 start 1 is beyond EOD, truncated
[ 1374.524184] loop3: p198 start 1 is beyond EOD, truncated
[ 1374.529687] loop3: p199 start 1 is beyond EOD, truncated
[ 1374.535201] loop3: p200 start 1 is beyond EOD, truncated
[ 1374.540658] loop3: p201 start 1 is beyond EOD, truncated
[ 1374.546149] loop3: p202 start 1 is beyond EOD, truncated
[ 1374.551617] loop3: p203 start 1 is beyond EOD, truncated
[ 1374.557184] loop3: p204 start 1 is beyond EOD, truncated
[ 1374.562653] loop3: p205 start 1 is beyond EOD, truncated
[ 1374.568150] loop3: p206 start 1 is beyond EOD, truncated
[ 1374.573605] loop3: p207 start 1 is beyond EOD, truncated
[ 1374.579143] loop3: p208 start 1 is beyond EOD, truncated
[ 1374.584653] loop3: p209 start 1 is beyond EOD, truncated
[ 1374.590108] loop3: p210 start 1 is beyond EOD, truncated
[ 1374.595609] loop3: p211 start 1 is beyond EOD, truncated
[ 1374.601074] loop3: p212 start 1 is beyond EOD, truncated
[ 1374.606584] loop3: p213 start 1 is beyond EOD, truncated
[ 1374.612051] loop3: p214 start 1 is beyond EOD, truncated
[ 1374.617549] loop3: p215 start 1 is beyond EOD, truncated
[ 1374.623011] loop3: p216 start 1 is beyond EOD, truncated
[ 1374.628526] loop3: p217 start 1 is beyond EOD, truncated
[ 1374.633982] loop3: p218 start 1 is beyond EOD, truncated
[ 1374.640313] loop3: p219 start 1 is beyond EOD, truncated
[ 1374.645863] loop3: p220 start 1 is beyond EOD, truncated
[ 1374.651327] loop3: p221 start 1 is beyond EOD, truncated
[ 1374.656853] loop3: p222 start 1 is beyond EOD, truncated
[ 1374.662307] loop3: p223 start 1 is beyond EOD, truncated
[ 1374.667817] loop3: p224 start 1 is beyond EOD, truncated
[ 1374.673287] loop3: p225 start 1 is beyond EOD, truncated
[ 1374.678784] loop3: p226 start 1 is beyond EOD, truncated
[ 1374.684248] loop3: p227 start 1 is beyond EOD, truncated
[ 1374.689740] loop3: p228 start 1 is beyond EOD, truncated
[ 1374.695224] loop3: p229 start 1 is beyond EOD, truncated
[ 1374.700696] loop3: p230 start 1 is beyond EOD, truncated
[ 1374.706203] loop3: p231 start 1 is beyond EOD, truncated
[ 1374.711666] loop3: p232 start 1 is beyond EOD, truncated
[ 1374.719418] loop3: p233 start 1 is beyond EOD, truncated
[ 1374.725360] loop3: p234 start 1 is beyond EOD, truncated
[ 1374.730859] loop3: p235 start 1 is beyond EOD, truncated
[ 1374.736402] loop3: p236 start 1 is beyond EOD, truncated
[ 1374.741858] loop3: p237 start 1 is beyond EOD, truncated
[ 1374.747367] loop3: p238 start 1 is beyond EOD, truncated
[ 1374.752823] loop3: p239 start 1 is beyond EOD, truncated
[ 1374.758341] loop3: p240 start 1 is beyond EOD, truncated
[ 1374.763816] loop3: p241 start 1 is beyond EOD, truncated
[ 1374.769325] loop3: p242 start 1 is beyond EOD, truncated
[ 1374.774910] loop3: p243 start 1 is beyond EOD, truncated
[ 1374.780365] loop3: p244 start 1 is beyond EOD, truncated
[ 1374.785858] loop3: p245 start 1 is beyond EOD, truncated
[ 1374.791333] loop3: p246 start 1 is beyond EOD, truncated
[ 1374.796985] loop3: p247 start 1 is beyond EOD, truncated
[ 1374.802456] loop3: p248 start 1 is beyond EOD, truncated
[ 1374.808008] loop3: p249 start 1 is beyond EOD, truncated
[ 1374.813510] loop3: p250 start 1 is beyond EOD, truncated
[ 1374.819013] loop3: p251 start 1 is beyond EOD, truncated
[ 1374.824490] loop3: p252 start 1 is beyond EOD, truncated
[ 1374.830029] loop3: p253 start 1 is beyond EOD, truncated
[ 1374.835546] loop3: p254 start 1 is beyond EOD, truncated
[ 1374.841021] loop3: p255 start 1 is beyond EOD, truncated
21:37:45 executing program 1:
remap_file_pages(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x7fff, 0x14000)
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x10]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:45 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x4c000000)

21:37:45 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, <r1=>0x0}, &(0x7f0000000040)=0xc)
getresgid(&(0x7f0000000080), &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000100))
write$FUSE_DIRENTPLUS(r0, &(0x7f00000021c0)={0xa8, 0x0, 0x8, [{{0x5, 0x0, 0x3, 0x8f, 0x1, 0x9, {0x6, 0x3, 0x20, 0x7, 0x6, 0xa9a3, 0x4, 0x2, 0x0, 0x7ba, 0x0, r1, r2, 0x55, 0xff}}, {0x6, 0x1, 0x0, 0x1}}]}, 0xa8)
write$UHID_INPUT(r0, &(0x7f0000001180)={0x8, "2599aea0ab06e5568b1f9ad8f2fb32757d103fca457bddaf12d42651b62147077b6f874ab49a2c642e43843bea7a9b7b1cd63ea9d1d763710805d6e4ee9e91b0ef62c4d25ae8c721f08cd96c07f4a46d253227836e80217556f8c5be4f726d440c8592c28437465b8ba5f52cb92949579be5ab78109b12ad4624adc543614498ee31cc1fbadfd90a416020cf8b34978a483cc30c2ddb6354203093de71d4735a49f774dfe50250d2ae7d8af0ef696adc938b587ed8e0c1bcdb1aba0e9bd92666e016af10353fa3f057995d9e09286a035948cf8f5f1ef44737f81c785388e7c9e089c7d4ca0e4c2acc9c5805a79bae2e7e05d29205fb191d90b60282053fd8e8b329c3a0531f095d1f842e92a24c93a0386ba5dd163f24da5a9cd1f32ff70f802ef0ef9593b53e63e14d4e01ce02d8f06d140ffc28c2240a41900757c6847f52f7d5db0d98c61ca321a3508e49e9615c6058766f1b6d14ad36c2b4440d0405f3cec320bf94646fc9e2753bdd8d2a1dc5f9577fac66dfaf00ae3c56bc8e37f7b5fd139d36f17f3f09f1202e4c23796bf14545ef0f450e27add94d567d6e02970229e8b6ad69aa76abf6d91ecfb55e6e70c54205f861128d5051c3d05ff8654bd4196415a0bc7633b687ddd8ed4e997b22178a8470686488dcc11e15923d2ca5f75db28ea46458467a3775436d557e80d6e956f4b795d07d5cb692e2b8455aae55d68be38b15845a86ed2dfac66c193ecd2490e92367d0fa19a301c256cf42d4f5df07e42c821fd0b85291184116bbde6c2176e029717b9fef063ce1a82bd03d047234bf0465c3640c9551f261246f7d764958079adb46bfdbc10a67ba8ad66687f50ef9227600c39fccd09ba7403f7982040d8d653a7213819d08c6f1fed531983481a233469243dd44327841372ab3138b3cbd6e0d54f1470ec7051cebb4295b530a1749f70d30183ab2b95e711270bc35516c242e8a20cca3bb976e4122a27af658048930a86e19f547ef8a8842bce6bac4dd263ccf247ada35a21c4e92326a53e3a93f4f426eca3ce2eea0c6d4b7ee3421bfbb7fc8ac66aaca53b442c9d9cace5d35dab9e6a22cda4083d221af3642e02e09bb6bd64036a0a73c969f92801ee3d4a11e630bc152b3009fcb7e3a462e3eaf97444b766707b06f0a6cc9fe85bef5e84aab38bea66c8b5e428844daffbc0944c7c5ff7ee0f4c297d4f7a1fc57319f0df95abae4a4df60f09c09071d779ff39bec0f629adb1e3c9dc4ca9e50c0a872f3a3201a79d5f4cfec0994f3d6c59ead437ecaf66b9c856d4c893fc6b77dabe9664956352af813eb5f554e064d1189b3ca7a33b60bba66dbeff7c76276063e7f551000899e540241de9925985fe79cd275046b69dfa81c554b047ec17ff7bafa57fbcfa57bd8159a0981c695ba8477af43f2ef4d77ef4817925f5ca35dd7e1d6eacf2966f573a340c99a0913b03a9f0cd35697ec4736f4f0aaa07b376c844fa7f6cfc6329f8cc81379958a301bb597a968450a83ebe78271c892dcf82431a4e0cd53fc9c91f09f7cf4dd5fea49d56e14eaa0e07cb51a5cff6e1687e3f32fd547edcfdc4a5a05cd22bd5e4011dfca7cc28830602bb4fe47e022476c4bdb1356a6d7c86e2f32522eb054dfdb867cbde21e531c159cba68dc31b195356531db37d36d47e38d5a7732d660adadae432dc603f001249df406ba1d5219e0256cd40698adecf03479ab873776963707dcf90a4c0cbb4b729c1ff20b08d097fac9f71c1e75a94bfdadbcec4ece8c3ba9749382f6b7c6092397c3e6dca0266c7bbf15d882c78ce9fc7d902afad1f1d06f13190d32420ffdb487c2175fd737db2cb62a30f7115d863f5b602b3be03528bdf4533e14841c0b95561967feb695e31d6285097a52a7954cf2b524645f6959b1b01266c5a089d2c449f89b6ad0a91f29c314a3cc4ac459c61fe2f59d824038371936100351a83bb38a90a5755e54fed392feae5163a7936bec07b1477feec6a6920a51063d1c13e49639039ebac0a8d90b3ab3ca69ff55d34226f43a7339d90f64ede47c9a3247626d4f3acaaa584eaa0575cdd4fc4bbb0941d366aaba5b21fe9d0bc8a285bc4e8a0f97e725fb413487c8846bfdf02dd5c44891efde159dc46ebf68a4609c409fb69a322a38d80d52f326207ce9400dfb341caaae4632ef2cba8c49c9a3fcfa42f5b7e46b1af1995347755299624343989b088904f5f8fcd03b1352fda6fb7cc765e777b6763f5ff6a8b4af4d960f54c2876d6bb470807d2a9ea2da354c6c42f50c3c3accb6c3bc0db78991e95195caefc837ec386504dabccf6462217623e1b1a1fc13d29f3dfd78a4bc69de07d218dada3f53a41e0ae8841a8829a816966e2b7e536e787ada5be7ead837ea1e5939b8a4d536b6f77b1aabf2ae7a4f9d6a497b0bee9f256351fb1ccd3f3a35d24c777ca2673b71f829eb6a2e75813756045d76700788b388f126a7fd11f3b2a06af3eb81dd3e473b04d6c8b145aaa3bf1a05c9902d24c2a0734a03f649f73b11a87fcdfa2ecd098be685bb9620ed236ceb64aaf03ad6c8015f1315998f93e17690ed2ebca03f1be1b029a03040809fa51d8fb635bbfa950dc690f699323070734f467a7422d4c585037b086b3b37a5055d1978594b54485496edf8eab37a5dfcd8563f739c67359ea8942b20d196c42b60927e768b4e4c0f9ce00672fa945932d3aa200c01284fb2d466bb6df8fb7e6323dead31f4a7525bb4ee06e6a091a4fabe2bba1d3477d3d7e4330d97fd3efd8ba72bfd019d71a087a09a436e0652479962c4109aede33da7a389333604503e877a882a07320db0cf4c27befc2d23d39bfd98c96277b8cf3377b7cd3a0762f9f0bc7dd882bae1dc01fcadb0d3ecf8750cbe70d90cb7215f36da4d5a67e42e74d644efe13b496897b3e33530c10bedc120b8a66eebc4a080835c8111b2a457356633de773e5388651723e5b168b4ac7e8fd2f354fec6abd9aaab8afeb602d7900db3effd14a74d0d9d92566e2e8bb720e612594d9404f99a7b44c3a784337c1e59f71b4cf75708812637fbdba1736af9086ff92e87008f44440c6c1b1ac5f83b55af9a100884b89f8f11cb0e6f1c45918eb7e5651b9da817d2d8df8ca8c1d5de113db438f657012e9694f1ea9629e68f925597f435eed5d6a4615d6aa7d127c86a7a14650daec0837ba51c2eefa0e257109f55626a5bd72cbab8d0424726d53a690928171cd1ef33a98e5ea2a571f181532a7422adb871d9581ca79f5e4e3b96e0563a7bc8acdd85b032f71b9aa11900c04dc0924976ba61c19f4e64a5434343c57e2e177574772972a9047e22a657f79f5a1e60557d9bc46aedeb96f612586b99959b848122894b4df5ae8148ae3ee9398c80e92be1b0d8f3234eed8f1baf240b4abd49876accfafa8e595c361815f3ae4626d7ed3673e93150d82b1b21120f1697252ee982959d0ad403064e4a366b8b9c290f32dd493da20a19374aa7c24aefa72f3fb070e5fdaebfd1c940231ed2b6677c27d55d8d9fd62abf11bb2ced11ef24d40e7f843ae5728567d0643c2b5a9c149b216735fd7358e1608a26ea1e457bef4c865611ad33e0a9beb7e2d9cbd0f995c3464b93a4c717dd9cf59fe36e7d297e2876bf1f59f97af35f16a5b195d4f8a466d568ace985283a662e1feadfa17b4878c7c456278aade85d4a91c916de415e47918e2e43aba02a763e8585a047b31c32a11b375a9dc0179ebf82ef87642a096fa83ca382bf269a4f15657622142d296ebc33947964bc285410f97ddcd0ddb2b9a90d28ea50577b9f0c018d4d7c268dbe652b759c8a0c170140e0c89fa2e20aeb23f5955b404895d3ba0925db431e7a993eb77feae7d0f97947c302c7a85d48f4c344aa0a6141716656fcbc4177c9d2b3737edddfb3d7d10660852625f680e9525b0f0fc87ff2dfa181965c7880093724a4a51fd48d8424f0d0a66c7cadfc60556824ff29800bbf356778b7b7dc0dadceba9e4cc13b5b08c7331e857200d3c0735d6595f5fe5ad75d07e8cd7aff4e0d0a73832830652b456955ce0242f040d1abe2229c82e2437d2ba471670380e86a7563637e62ed39ffcd1baf7706f371283ee05a8c10b2b968b6fd0dbe8568bb65843854192833f21eb6eab77f77e362eebbb833eef53a040a8dfa533cc0a24e0cc92f1d85525df95bf9c1b25885ecd645ed14e2c6390678f8aef853383338387d8e6d467ee0a835f6161b68470f15d09f64c51f6857dd0a1fe609637227d3f31b917c2d11a505ef9bce9d6e11b0efbef0a9a0aaf1c71104affd228297353c8ea6183cdda4acd353f5e6efcccdc8031c33475781ef5d76979e5b3b7768b76b542ba005d80afcd73fdd88758a968a6e448ad4a3182bec97661b1a835f0c976225a7cff2e19f7a6883c2a8c24413271714ea2e71a8819b88468bcf9040ed47bde08d5802f4d0cf628b02340d7e3c38fc16acb0c1f7074679cad6f46cff1df43072999efe00b3868aa6197f5caea3927d0c213aece43e9f516e584cd5d59720f32bdbb5800e5a78a22361551ec36a1b0200959d585e6130f387709a7e4652a0380909e7084b3c64fa1d16b731e7db9d5e42a826cb10c93e0743850c7c928b5c3c3e3f5b975a99cd13065f2fe0863f430486acc49fa51861fd818fa7cf2abb8dd67c7d55d416467cd42805efdeea223a17477aca0dd139e4f46827b0f014a811e67db671ffd76cd62d7011e61e3d3f1115b349eee4b0e36b3e49a6338532cb0e5440f8fd5381f7dfc3696c7c9fa98503184b7703de02aa1e6d4824443e1fbc94314e398ed4917c0e20ad375c76fcbd9a431e35f57c011d50db22c169adc5351945a9e4664e0db843a282910913f2711ec7f0e5f70393f5b1e0610420672928a2e18b1795be1514a3ca96d7ae1bd7178860c4d6bed81d903dbc204e06c686c6eb036c76f900d6c04e6af2548c49f64d45126147ea41955bef1d63d313c5ef6c4359c3c6e07ae439fc3025f96fc4fb0a6ebe2bf9f78f854fd4d11e9359831d47e1911050dbe225f8755a587b515928b0a8641b6a91379b504cf4ccd6fd42171e5b7395d6e7118cb2e11aeb7f42183724bde285e27b91672f4ae14c571a49916413043045c61cf556e95bd91743a296e2bbcd44e998a7454808e372678efe37dfc291be64b4e083ae7d72622f14100be7bfb164969010c3eef3a6bf0972d3dfb429ef6fbe3bcd86fef490b9ab37f4444fa35dcf7d887f7afa50a9bd9c1569208ad4436fc0d8d9a30e5d35a30ac7657b513fb7ccb9893e40b19dea556667ef081fd568ed1cd9b2a9ecf3c8be555b8403bec301af1d37f0081c391841e7c18b67ea7db7ab0046eaf51be69637e230c16882ea4f7bfeb3c5b8838a6a8971cf445b1cfd9a9ae17a06e9fef2f73373b21ced3849e227aea8394456ebfdcbf3fa97acc9e8b16d0272dd74ff4a6a0a8408e41eb47c9d1bbca1f8dacaba259ff8fcd5a49361fb21e179d62a354250407b37a189d4699ab1f5e56c3456536aea81e76e5d24b9384a99beafedc11d31e86245792171f7090c8972861968a3e699121f28b91dce3d67d595677c991b63b8a628b013f0c9dd385ea3ebb1f13c3e36ec3069c053a3e355cdd00a7659bdba15393cbfef24a220bb729fda83c27ba55ae748e6210f838ef05b8d1bbb4ed24b21b2dc64aca363f39de398dad0f9c81589280320ba1c046ce6166c45a94bbfbcaa4afab3fd86b26e9da303d9dfa7fc489a574a59ea0b63756710bcc9da5b4e2141378ca75ce37cc2", 0x1000}, 0x1006)
fdatasync(r0)

21:37:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\xff', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:45 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1375.035063] binder: release 23425:23429 transaction 6367 out, still active
[ 1375.048222] binder_alloc: 23425: binder_alloc_buf, no vma
[ 1375.053903] binder: unexpected work type, 4, not freed
[ 1375.059366] binder: undelivered TRANSACTION_COMPLETE
[ 1375.070142] binder: BINDER_SET_CONTEXT_MGR already set
21:37:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x800000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:46 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x74000000)

[ 1375.070772]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1375.070785] loop3: partition table partially beyond EOD, 
[ 1375.084038] binder: 23425:23438 ioctl 40046207 0 returned -16
[ 1375.163611] truncated
[ 1375.175878] binder_alloc: 23425: binder_alloc_buf, no vma
[ 1375.220973] loop3: p1 start 1 is beyond EOD, truncated
[ 1375.225426] binder: send failed reply for transaction 6367, target dead
[ 1375.234834] loop3: p2 size 2 extends beyond EOD, truncated
[ 1375.265665] loop3: p3 start 201 is beyond EOD, truncated
21:37:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xfffff000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0xfffffffffffffc81, 0x0, &(0x7f0000000300), 0xe7, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000000c0)={<r3=>0x0, 0xa7, 0x7, 0xffffffff}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000180)={r3, 0x38, &(0x7f0000000140)=[@in6={0xa, 0x4e24, 0x8, @loopback, 0x7}, @in6={0xa, 0x4e23, 0xff, @local, 0x5}]}, &(0x7f00000001c0)=0x10)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1375.309952] loop3: p4 start 301 is beyond EOD, truncated
[ 1375.320825] loop3: p5 start 1 is beyond EOD, truncated
[ 1375.366846] loop3: p6 start 1 is beyond EOD, truncated
21:37:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf0ffffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1375.421183] loop3: p7 start 1 is beyond EOD, truncated
21:37:46 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x1e000000)

[ 1375.445221] loop3: p8 start 1 is beyond EOD, truncated
[ 1375.456671] loop3: p9 start 1 is beyond EOD, truncated
[ 1375.482316] loop3: p10 start 1 is beyond EOD, truncated
[ 1375.484157] binder: 23455:23459 ioctl c0306201 20000280 returned -14
[ 1375.503075] loop3: p11 start 1 is beyond EOD, truncated
[ 1375.518372] loop3: p12 start 1 is beyond EOD, truncated
[ 1375.524431] loop3: p13 start 1 is beyond EOD, truncated
[ 1375.530145] binder: 23455:23459 got transaction to invalid handle
[ 1375.536966] loop3: p14 start 1 is beyond EOD, truncated
[ 1375.543168] loop3: p15 start 1 is beyond EOD, truncated
21:37:46 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x3)

[ 1375.549696] loop3: p16 start 1 is beyond EOD, truncated
[ 1375.555590] loop3: p17 start 1 is beyond EOD, truncated
[ 1375.561706] loop3: p18 start 1 is beyond EOD, truncated
[ 1375.575228] loop3: p19 start 1 is beyond EOD, truncated
[ 1375.581023] loop3: p20 start 1 is beyond EOD, truncated
[ 1375.586679] binder: BINDER_SET_CONTEXT_MGR already set
[ 1375.591983] binder: 23455:23459 ioctl 40046207 0 returned -16
21:37:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x4000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1375.599709] loop3: p21 start 1 is beyond EOD, truncated
[ 1375.612835] loop3: p22 start 1 is beyond EOD, truncated
[ 1375.619046] binder: 23455:23464 ioctl c0306201 20000280 returned -14
[ 1375.631502] loop3: p23 start 1 is beyond EOD, truncated
[ 1375.638449] binder: 23455:23469 got transaction to invalid handle
[ 1375.645260] loop3: p24 start 1 is beyond EOD, truncated
[ 1375.657900] loop3: p25 start 1 is beyond EOD, truncated
[ 1375.667995] loop3: p26 start 1 is beyond EOD, truncated
[ 1375.682787] loop3: p27 start 1 is beyond EOD, truncated
[ 1375.695056] loop3: p28 start 1 is beyond EOD, truncated
21:37:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
bind$bt_rfcomm(r2, &(0x7f0000000100)={0x1f, {0x1441, 0xf0, 0xc0, 0x2, 0x100, 0x3}, 0x2}, 0xa)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)

[ 1375.708924] loop3: p29 start 1 is beyond EOD, truncated
[ 1375.716190] loop3: p30 start 1 is beyond EOD, truncated
[ 1375.723481] loop3: p31 start 1 is beyond EOD, truncated
[ 1375.730810] loop3: p32 start 1 is beyond EOD, truncated
[ 1375.736795] loop3: p33 start 1 is beyond EOD, truncated
[ 1375.742407] loop3: p34 start 1 is beyond EOD, truncated
[ 1375.752002] loop3: p35 start 1 is beyond EOD, truncated
[ 1375.764675] loop3: p36 start 1 is beyond EOD, truncated
[ 1375.777536] loop3: p37 start 1 is beyond EOD, truncated
[ 1375.783121] loop3: p38 start 1 is beyond EOD, truncated
[ 1375.789094] loop3: p39 start 1 is beyond EOD, truncated
[ 1375.800209] loop3: p40 start 1 is beyond EOD, truncated
[ 1375.810504] loop3: p41 start 1 is beyond EOD, truncated
[ 1375.816981] binder: release 23478:23479 transaction 6376 out, still active
[ 1375.824269] binder_alloc: 23478: binder_alloc_buf, no vma
[ 1375.830454] binder: unexpected work type, 4, not freed
21:37:46 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@sack_info={<r1=>0x0, 0xffff, 0x3}, &(0x7f0000000080)=0xc)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000000c0)={0x40, 0x1, 0x800, 0x3, r1}, 0x10)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000000)=0x100000, 0x4)
read$FUSE(r0, &(0x7f0000000180), 0x1000)

[ 1375.855688] binder: undelivered TRANSACTION_COMPLETE
[ 1375.857244] loop3: p42 start 1 is beyond EOD, truncated
[ 1375.865240] binder_transaction: 7 callbacks suppressed
[ 1375.865258] binder: 23478:23479 transaction failed 29189/-3, size 0-0 line 2973
[ 1375.891438] loop3: p43 start 1 is beyond EOD, truncated
[ 1375.898905] binder_alloc_mmap_handler: 14 callbacks suppressed
[ 1375.898925] binder_alloc: binder_alloc_mmap_handler: 23478 20001000-20004000 already mapped failed -16
[ 1375.915901] loop3: p44 start 1 is beyond EOD, truncated
[ 1375.921291] loop3: p45 start 1 is beyond EOD, truncated
[ 1375.929462] binder: BINDER_SET_CONTEXT_MGR already set
[ 1375.935224] binder: 23478:23479 ioctl 40046207 0 returned -16
[ 1375.935315] binder_alloc: 23478: binder_alloc_buf, no vma
[ 1375.935370] binder: 23478:23487 transaction failed 29189/-3, size 24-8 line 2973
[ 1375.935550] binder: 23478:23487 got transaction to invalid handle
[ 1375.935569] binder: 23478:23487 transaction failed 29201/-22, size 0-0 line 2834
[ 1375.936277] binder_release_work: 7 callbacks suppressed
[ 1375.936284] binder: undelivered TRANSACTION_ERROR: 29189
[ 1375.973039] loop3: p46 start 1 is beyond EOD, truncated
[ 1375.987540] loop3: p47 start 1 is beyond EOD, truncated
[ 1375.993523] binder: undelivered TRANSACTION_ERROR: 29201
[ 1376.000739] binder: undelivered TRANSACTION_ERROR: 29189
[ 1376.006665] binder: send failed reply for transaction 6376, target dead
[ 1376.010563] loop3: p48 start 1 is beyond EOD, truncated
[ 1376.019972] loop3: p49 start 1 is beyond EOD, truncated
[ 1376.025694] loop3: p50 start 1 is beyond EOD, truncated
[ 1376.031279] loop3: p51 start 1 is beyond EOD, truncated
[ 1376.036932] loop3: p52 start 1 is beyond EOD, truncated
[ 1376.042293] loop3: p53 start 1 is beyond EOD, truncated
[ 1376.047738] loop3: p54 start 1 is beyond EOD, truncated
[ 1376.053105] loop3: p55 start 1 is beyond EOD, truncated
[ 1376.058693] loop3: p56 start 1 is beyond EOD, truncated
[ 1376.064065] loop3: p57 start 1 is beyond EOD, truncated
[ 1376.069736] loop3: p58 start 1 is beyond EOD, truncated
[ 1376.075176] loop3: p59 start 1 is beyond EOD, truncated
[ 1376.080548] loop3: p60 start 1 is beyond EOD, truncated
[ 1376.085972] loop3: p61 start 1 is beyond EOD, truncated
[ 1376.091342] loop3: p62 start 1 is beyond EOD, truncated
[ 1376.096768] loop3: p63 start 1 is beyond EOD, truncated
[ 1376.102144] loop3: p64 start 1 is beyond EOD, truncated
[ 1376.107612] loop3: p65 start 1 is beyond EOD, truncated
[ 1376.112987] loop3: p66 start 1 is beyond EOD, truncated
[ 1376.118412] loop3: p67 start 1 is beyond EOD, truncated
[ 1376.123783] loop3: p68 start 1 is beyond EOD, truncated
[ 1376.129204] loop3: p69 start 1 is beyond EOD, truncated
[ 1376.134653] loop3: p70 start 1 is beyond EOD, truncated
[ 1376.140026] loop3: p71 start 1 is beyond EOD, truncated
[ 1376.145456] loop3: p72 start 1 is beyond EOD, truncated
[ 1376.150833] loop3: p73 start 1 is beyond EOD, truncated
[ 1376.157035] loop3: p74 start 1 is beyond EOD, truncated
[ 1376.162401] loop3: p75 start 1 is beyond EOD, truncated
[ 1376.167871] loop3: p76 start 1 is beyond EOD, truncated
[ 1376.173240] loop3: p77 start 1 is beyond EOD, truncated
[ 1376.179010] loop3: p78 start 1 is beyond EOD, truncated
[ 1376.184387] loop3: p79 start 1 is beyond EOD, truncated
[ 1376.189808] loop3: p80 start 1 is beyond EOD, truncated
[ 1376.195244] loop3: p81 start 1 is beyond EOD, truncated
[ 1376.200624] loop3: p82 start 1 is beyond EOD, truncated
[ 1376.206062] loop3: p83 start 1 is beyond EOD, truncated
[ 1376.211429] loop3: p84 start 1 is beyond EOD, truncated
[ 1376.216839] loop3: p85 start 1 is beyond EOD, truncated
[ 1376.222235] loop3: p86 start 1 is beyond EOD, truncated
[ 1376.227671] loop3: p87 start 1 is beyond EOD, truncated
[ 1376.233058] loop3: p88 start 1 is beyond EOD, truncated
[ 1376.238485] loop3: p89 start 1 is beyond EOD, truncated
[ 1376.243861] loop3: p90 start 1 is beyond EOD, truncated
[ 1376.249305] loop3: p91 start 1 is beyond EOD, truncated
[ 1376.254735] loop3: p92 start 1 is beyond EOD, truncated
[ 1376.260101] loop3: p93 start 1 is beyond EOD, truncated
[ 1376.265528] loop3: p94 start 1 is beyond EOD, truncated
[ 1376.270915] loop3: p95 start 1 is beyond EOD, truncated
[ 1376.276350] loop3: p96 start 1 is beyond EOD, truncated
[ 1376.281740] loop3: p97 start 1 is beyond EOD, truncated
[ 1376.287799] loop3: p98 start 1 is beyond EOD, truncated
[ 1376.293358] loop3: p99 start 1 is beyond EOD, truncated
[ 1376.298896] loop3: p100 start 1 is beyond EOD, truncated
[ 1376.304355] loop3: p101 start 1 is beyond EOD, truncated
[ 1376.309855] loop3: p102 start 1 is beyond EOD, truncated
[ 1376.315357] loop3: p103 start 1 is beyond EOD, truncated
[ 1376.320807] loop3: p104 start 1 is beyond EOD, truncated
[ 1376.326318] loop3: p105 start 1 is beyond EOD, truncated
[ 1376.331790] loop3: p106 start 1 is beyond EOD, truncated
[ 1376.337287] loop3: p107 start 1 is beyond EOD, truncated
[ 1376.342757] loop3: p108 start 1 is beyond EOD, truncated
[ 1376.348254] loop3: p109 start 1 is beyond EOD, truncated
[ 1376.353716] loop3: p110 start 1 is beyond EOD, truncated
[ 1376.359243] loop3: p111 start 1 is beyond EOD, truncated
[ 1376.364755] loop3: p112 start 1 is beyond EOD, truncated
[ 1376.370197] loop3: p113 start 1 is beyond EOD, truncated
[ 1376.375858] loop3: p114 start 1 is beyond EOD, truncated
[ 1376.381328] loop3: p115 start 1 is beyond EOD, truncated
[ 1376.386846] loop3: p116 start 1 is beyond EOD, truncated
[ 1376.392298] loop3: p117 start 1 is beyond EOD, truncated
[ 1376.397956] loop3: p118 start 1 is beyond EOD, truncated
[ 1376.403426] loop3: p119 start 1 is beyond EOD, truncated
[ 1376.408989] loop3: p120 start 1 is beyond EOD, truncated
[ 1376.414465] loop3: p121 start 1 is beyond EOD, truncated
[ 1376.420881] loop3: p122 start 1 is beyond EOD, truncated
[ 1376.426452] loop3: p123 start 1 is beyond EOD, truncated
[ 1376.431957] loop3: p124 start 1 is beyond EOD, truncated
[ 1376.437477] loop3: p125 start 1 is beyond EOD, truncated
[ 1376.442964] loop3: p126 start 1 is beyond EOD, truncated
[ 1376.448484] loop3: p127 start 1 is beyond EOD, truncated
[ 1376.453942] loop3: p128 start 1 is beyond EOD, truncated
[ 1376.459469] loop3: p129 start 1 is beyond EOD, truncated
[ 1376.464953] loop3: p130 start 1 is beyond EOD, truncated
[ 1376.470399] loop3: p131 start 1 is beyond EOD, truncated
[ 1376.476057] loop3: p132 start 1 is beyond EOD, truncated
[ 1376.481517] loop3: p133 start 1 is beyond EOD, truncated
[ 1376.487020] loop3: p134 start 1 is beyond EOD, truncated
[ 1376.492474] loop3: p135 start 1 is beyond EOD, truncated
[ 1376.497987] loop3: p136 start 1 is beyond EOD, truncated
[ 1376.503469] loop3: p137 start 1 is beyond EOD, truncated
[ 1376.508975] loop3: p138 start 1 is beyond EOD, truncated
[ 1376.514439] loop3: p139 start 1 is beyond EOD, truncated
[ 1376.519975] loop3: p140 start 1 is beyond EOD, truncated
[ 1376.525493] loop3: p141 start 1 is beyond EOD, truncated
[ 1376.530953] loop3: p142 start 1 is beyond EOD, truncated
[ 1376.536461] loop3: p143 start 1 is beyond EOD, truncated
[ 1376.541936] loop3: p144 start 1 is beyond EOD, truncated
[ 1376.548279] loop3: p145 start 1 is beyond EOD, truncated
[ 1376.553728] loop3: p146 start 1 is beyond EOD, truncated
[ 1376.559360] loop3: p147 start 1 is beyond EOD, truncated
[ 1376.564879] loop3: p148 start 1 is beyond EOD, truncated
[ 1376.570332] loop3: p149 start 1 is beyond EOD, truncated
[ 1376.575835] loop3: p150 start 1 is beyond EOD, truncated
[ 1376.581336] loop3: p151 start 1 is beyond EOD, truncated
[ 1376.586838] loop3: p152 start 1 is beyond EOD, truncated
[ 1376.592311] loop3: p153 start 1 is beyond EOD, truncated
[ 1376.597809] loop3: p154 start 1 is beyond EOD, truncated
[ 1376.603312] loop3: p155 start 1 is beyond EOD, truncated
[ 1376.608834] loop3: p156 start 1 is beyond EOD, truncated
[ 1376.614301] loop3: p157 start 1 is beyond EOD, truncated
[ 1376.619805] loop3: p158 start 1 is beyond EOD, truncated
[ 1376.625311] loop3: p159 start 1 is beyond EOD, truncated
[ 1376.630772] loop3: p160 start 1 is beyond EOD, truncated
[ 1376.636298] loop3: p161 start 1 is beyond EOD, truncated
[ 1376.641761] loop3: p162 start 1 is beyond EOD, truncated
[ 1376.647258] loop3: p163 start 1 is beyond EOD, truncated
[ 1376.652736] loop3: p164 start 1 is beyond EOD, truncated
[ 1376.658267] loop3: p165 start 1 is beyond EOD, truncated
[ 1376.663730] loop3: p166 start 1 is beyond EOD, truncated
[ 1376.669251] loop3: p167 start 1 is beyond EOD, truncated
[ 1376.675495] loop3: p168 start 1 is beyond EOD, truncated
[ 1376.680942] loop3: p169 start 1 is beyond EOD, truncated
[ 1376.686466] loop3: p170 start 1 is beyond EOD, truncated
[ 1376.691920] loop3: p171 start 1 is beyond EOD, truncated
[ 1376.697433] loop3: p172 start 1 is beyond EOD, truncated
[ 1376.702981] loop3: p173 start 1 is beyond EOD, truncated
[ 1376.708506] loop3: p174 start 1 is beyond EOD, truncated
[ 1376.713962] loop3: p175 start 1 is beyond EOD, truncated
[ 1376.719557] loop3: p176 start 1 is beyond EOD, truncated
[ 1376.725074] loop3: p177 start 1 is beyond EOD, truncated
[ 1376.730557] loop3: p178 start 1 is beyond EOD, truncated
[ 1376.736081] loop3: p179 start 1 is beyond EOD, truncated
[ 1376.741552] loop3: p180 start 1 is beyond EOD, truncated
[ 1376.747071] loop3: p181 start 1 is beyond EOD, truncated
[ 1376.752530] loop3: p182 start 1 is beyond EOD, truncated
[ 1376.758027] loop3: p183 start 1 is beyond EOD, truncated
[ 1376.763524] loop3: p184 start 1 is beyond EOD, truncated
[ 1376.769081] loop3: p185 start 1 is beyond EOD, truncated
[ 1376.774554] loop3: p186 start 1 is beyond EOD, truncated
[ 1376.780080] loop3: p187 start 1 is beyond EOD, truncated
[ 1376.785578] loop3: p188 start 1 is beyond EOD, truncated
[ 1376.791054] loop3: p189 start 1 is beyond EOD, truncated
[ 1376.796563] loop3: p190 start 1 is beyond EOD, truncated
[ 1376.802057] loop3: p191 start 1 is beyond EOD, truncated
[ 1376.808368] loop3: p192 start 1 is beyond EOD, truncated
[ 1376.813832] loop3: p193 start 1 is beyond EOD, truncated
[ 1376.819359] loop3: p194 start 1 is beyond EOD, truncated
[ 1376.825340] loop3: p195 start 1 is beyond EOD, truncated
[ 1376.830801] loop3: p196 start 1 is beyond EOD, truncated
[ 1376.836342] loop3: p197 start 1 is beyond EOD, truncated
[ 1376.849012] loop3: p198 start 1 is beyond EOD, truncated
[ 1376.854491] loop3: p199 start 1 is beyond EOD, truncated
[ 1376.860040] loop3: p200 start 1 is beyond EOD, truncated
[ 1376.865840] loop3: p201 start 1 is beyond EOD, truncated
[ 1376.871316] loop3: p202 start 1 is beyond EOD, truncated
[ 1376.876972] loop3: p203 start 1 is beyond EOD, truncated
[ 1376.882435] loop3: p204 start 1 is beyond EOD, truncated
[ 1376.887980] loop3: p205 start 1 is beyond EOD, truncated
[ 1376.893435] loop3: p206 start 1 is beyond EOD, truncated
[ 1376.898943] loop3: p207 start 1 is beyond EOD, truncated
[ 1376.904431] loop3: p208 start 1 is beyond EOD, truncated
[ 1376.909918] loop3: p209 start 1 is beyond EOD, truncated
[ 1376.915420] loop3: p210 start 1 is beyond EOD, truncated
[ 1376.920861] loop3: p211 start 1 is beyond EOD, truncated
[ 1376.926350] loop3: p212 start 1 is beyond EOD, truncated
[ 1376.931841] loop3: p213 start 1 is beyond EOD, truncated
[ 1376.938054] loop3: p214 start 1 is beyond EOD, truncated
[ 1376.943500] loop3: p215 start 1 is beyond EOD, truncated
[ 1376.949059] loop3: p216 start 1 is beyond EOD, truncated
[ 1376.954517] loop3: p217 start 1 is beyond EOD, truncated
[ 1376.960120] loop3: p218 start 1 is beyond EOD, truncated
[ 1376.965609] loop3: p219 start 1 is beyond EOD, truncated
[ 1376.971058] loop3: p220 start 1 is beyond EOD, truncated
[ 1376.976550] loop3: p221 start 1 is beyond EOD, truncated
[ 1376.982020] loop3: p222 start 1 is beyond EOD, truncated
[ 1376.987542] loop3: p223 start 1 is beyond EOD, truncated
[ 1376.993016] loop3: p224 start 1 is beyond EOD, truncated
[ 1376.998529] loop3: p225 start 1 is beyond EOD, truncated
[ 1377.004007] loop3: p226 start 1 is beyond EOD, truncated
[ 1377.009607] loop3: p227 start 1 is beyond EOD, truncated
[ 1377.015104] loop3: p228 start 1 is beyond EOD, truncated
[ 1377.020544] loop3: p229 start 1 is beyond EOD, truncated
[ 1377.026042] loop3: p230 start 1 is beyond EOD, truncated
[ 1377.031520] loop3: p231 start 1 is beyond EOD, truncated
[ 1377.037026] loop3: p232 start 1 is beyond EOD, truncated
[ 1377.042502] loop3: p233 start 1 is beyond EOD, truncated
[ 1377.047995] loop3: p234 start 1 is beyond EOD, truncated
[ 1377.053452] loop3: p235 start 1 is beyond EOD, truncated
[ 1377.058947] loop3: p236 start 1 is beyond EOD, truncated
[ 1377.064419] loop3: p237 start 1 is beyond EOD, truncated
[ 1377.071289] loop3: p238 start 1 is beyond EOD, truncated
[ 1377.076856] loop3: p239 start 1 is beyond EOD, truncated
[ 1377.082321] loop3: p240 start 1 is beyond EOD, truncated
[ 1377.087839] loop3: p241 start 1 is beyond EOD, truncated
[ 1377.093310] loop3: p242 start 1 is beyond EOD, truncated
[ 1377.098804] loop3: p243 start 1 is beyond EOD, truncated
[ 1377.104259] loop3: p244 start 1 is beyond EOD, truncated
[ 1377.109760] loop3: p245 start 1 is beyond EOD, truncated
[ 1377.115308] loop3: p246 start 1 is beyond EOD, truncated
[ 1377.120763] loop3: p247 start 1 is beyond EOD, truncated
[ 1377.126282] loop3: p248 start 1 is beyond EOD, truncated
[ 1377.131750] loop3: p249 start 1 is beyond EOD, truncated
[ 1377.137258] loop3: p250 start 1 is beyond EOD, truncated
[ 1377.142735] loop3: p251 start 1 is beyond EOD, truncated
[ 1377.148244] loop3: p252 start 1 is beyond EOD, truncated
[ 1377.153715] loop3: p253 start 1 is beyond EOD, truncated
[ 1377.159212] loop3: p254 start 1 is beyond EOD, truncated
[ 1377.164719] loop3: p255 start 1 is beyond EOD, truncated
21:37:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:49 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xfcffffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:49 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="006340400000000001000000000000003c0600000000190000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:49 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x7)

21:37:49 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0, 0x100b}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib={0x1b, 0x7, 0x5, {"a4da63a9874a3f4239231ffa54906edf"}, 0x8, 0x3, 0xffffffffffffff01}}}, 0x90)
accept$packet(r0, 0x0, &(0x7f0000000000))
read$FUSE(r0, &(0x7f0000000180), 0x1000)

21:37:49 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1378.465615] binder_alloc: binder_alloc_mmap_handler: 23504 20001000-20004000 already mapped failed -16
[ 1378.482370] binder: release 23506:23513 transaction 6383 out, still active
[ 1378.489806] binder_alloc: 23506: binder_alloc_buf, no vma
[ 1378.499265] binder: unexpected work type, 4, not freed
[ 1378.507072] binder: undelivered TRANSACTION_COMPLETE
21:37:49 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1378.513804] binder: 23506:23513 transaction failed 29189/-3, size 0-0 line 2973
[ 1378.524078] binder_alloc: binder_alloc_mmap_handler: 23506 20001000-20004000 already mapped failed -16
[ 1378.537108] binder: BINDER_SET_CONTEXT_MGR already set
[ 1378.548605] binder_alloc: 23506: binder_alloc_buf, no vma
21:37:49 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x1e00000000000000)

[ 1378.556905]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1378.556920] loop3: partition table partially beyond EOD, 
[ 1378.562609] binder: 23506:23513 ioctl 40046207 0 returned -16
[ 1378.648569] truncated
[ 1378.673251] binder: 23506:23519 transaction failed 29189/-3, size 24-8 line 2973
[ 1378.716557] loop3: p1 start 1 is beyond EOD, truncated
[ 1378.734168] binder: undelivered TRANSACTION_ERROR: 29189
[ 1378.739845] binder: send failed reply for transaction 6383, target dead
[ 1378.757165] loop3: p2 size 2 extends beyond EOD, truncated
21:37:49 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf00000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1378.768309] binder_alloc: binder_alloc_mmap_handler: 23527 20ffd000-21000000 already mapped failed -16
[ 1378.780568] binder: undelivered TRANSACTION_ERROR: 29189
[ 1378.793522] binder_alloc: binder_alloc_mmap_handler: 23527 20001000-20004000 already mapped failed -16
[ 1378.803703] loop3: p3 start 201 is beyond EOD, truncated
[ 1378.811105] binder_alloc: binder_alloc_mmap_handler: 23527 20ffd000-21000000 already mapped failed -16
[ 1378.831222] loop3: p4 start 301 is beyond EOD, truncated
[ 1378.856278] loop3: p5 start 1 is beyond EOD, truncated
[ 1378.879480] loop3: p6 start 1 is beyond EOD, truncated
[ 1378.895762] loop3: p7 start 1 is beyond EOD, truncated
[ 1378.903334] loop3: p8 start 1 is beyond EOD, truncated
[ 1378.909013] loop3: p9 start 1 is beyond EOD, truncated
[ 1378.914541] loop3: p10 start 1 is beyond EOD, truncated
[ 1378.920275] loop3: p11 start 1 is beyond EOD, truncated
21:37:49 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf0ffffffffffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:49 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x2000000000000000)

[ 1378.925990] loop3: p12 start 1 is beyond EOD, truncated
[ 1378.931554] loop3: p13 start 1 is beyond EOD, truncated
[ 1378.937293] loop3: p14 start 1 is beyond EOD, truncated
[ 1378.942831] loop3: p15 start 1 is beyond EOD, truncated
[ 1378.950680] loop3: p16 start 1 is beyond EOD, truncated
[ 1378.956533] loop3: p17 start 1 is beyond EOD, truncated
[ 1378.964768] loop3: p18 start 1 is beyond EOD, truncated
[ 1378.970353] loop3: p19 start 1 is beyond EOD, truncated
21:37:49 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0x0, 0x2000000)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620c, &(0x7f0000000080)={0x0, 0x5})
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x80800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000000000000000007336a3fa1f530018000000000000000827b200000000000000000000000000000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00z\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="000000f73493b2953ad86c42901bcf200f180000000000"]], 0x0, 0x0, 0x0})
dup3(r2, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
socket$kcm(0x29, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000000280)=0x9c11, 0x4)
preadv(r4, &(0x7f0000000040)=[{&(0x7f0000000540)=""/202, 0xca}], 0x1, 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000200)=0x3)
syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x3, 0x100)

[ 1378.979675] loop3: p20 start 1 is beyond EOD, truncated
[ 1378.987265] loop3: p21 start 1 is beyond EOD, truncated
[ 1379.014838] loop3: p22 start 1 is beyond EOD, truncated
[ 1379.038765] loop3: p23 start 1 is beyond EOD, truncated
[ 1379.053890] loop3: p24 start 1 is beyond EOD, truncated
[ 1379.063325] loop3: p25 start 1 is beyond EOD, truncated
[ 1379.074413] loop3: p26 start 1 is beyond EOD, truncated
[ 1379.075805] binder_alloc: binder_alloc_mmap_handler: 23540 20ffd000-21000000 already mapped failed -16
[ 1379.083329] loop3: p27 start 1 is beyond EOD, truncated
[ 1379.089871] binder: 23541 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 1379.089906] binder: 23541:23542 ioctl c018620c 20000080 returned -22
[ 1379.096151] loop3: p28 start 1 is beyond EOD, truncated
[ 1379.109831] binder_alloc: binder_alloc_mmap_handler: 23540 20001000-20004000 already mapped failed -16
[ 1379.109952] binder_alloc: binder_alloc_mmap_handler: 23540 20ffd000-21000000 already mapped failed -16
[ 1379.134798] loop3: p29 start 1 is beyond EOD, truncated
[ 1379.140807] loop3: p30 start 1 is beyond EOD, truncated
[ 1379.147267] loop3: p31 start 1 is beyond EOD, truncated
[ 1379.153147] loop3: p32 start 1 is beyond EOD, truncated
[ 1379.161717] binder: release 23541:23542 transaction 6389 out, still active
[ 1379.175457] binder: 23541 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 1379.175471] binder: 23541:23542 ioctl c018620c 20000080 returned -22
[ 1379.184238] loop3: p33 start 1 is beyond EOD, truncated
[ 1379.190767] binder: undelivered TRANSACTION_COMPLETE
[ 1379.200321] loop3: p34 start 1 is beyond EOD, truncated
[ 1379.203452] binder_alloc: binder_alloc_mmap_handler: 23541 20001000-20004000 already mapped failed -16
[ 1379.212979] loop3: p35 start 1 is beyond EOD, truncated
[ 1379.221729] loop3: p36 start 1 is beyond EOD, truncated
[ 1379.233090] loop3: p37 start 1 is beyond EOD, truncated
[ 1379.238464] binder: BINDER_SET_CONTEXT_MGR already set
[ 1379.244441] binder: 23541:23548 ioctl 40046207 0 returned -16
[ 1379.251661] binder_alloc: 23541: binder_alloc_buf, no vma
[ 1379.254547] loop3: p38 start 1 is beyond EOD, truncated
[ 1379.257843] binder: 23541:23550 transaction failed 29189/-3, size 0-0 line 2973
[ 1379.266239] loop3: p39 start 1 is beyond EOD, truncated
[ 1379.271698] binder: undelivered TRANSACTION_ERROR: 29189
[ 1379.281158] loop3: p40 start 1 is beyond EOD, truncated
[ 1379.291677] loop3: p41 start 1 is beyond EOD, truncated
[ 1379.298022] loop3: p42 start 1 is beyond EOD, truncated
[ 1379.301236] binder: send failed reply for transaction 6389, target dead
[ 1379.303402] loop3: p43 start 1 is beyond EOD, truncated
[ 1379.303416] loop3: p44 start 1 is beyond EOD, truncated
[ 1379.303428] loop3: p45 start 1 is beyond EOD, truncated
[ 1379.303440] loop3: p46 start 1 is beyond EOD, truncated
[ 1379.303452] loop3: p47 start 1 is beyond EOD, truncated
[ 1379.303464] loop3: p48 start 1 is beyond EOD, truncated
[ 1379.303480] loop3: p49 start 1 is beyond EOD, truncated
[ 1379.369217] loop3: p50 start 1 is beyond EOD, truncated
[ 1379.404926] loop3: p51 start 1 is beyond EOD, truncated
[ 1379.410342] loop3: p52 start 1 is beyond EOD, truncated
[ 1379.410356] loop3: p53 start 1 is beyond EOD, truncated
[ 1379.410368] loop3: p54 start 1 is beyond EOD, truncated
[ 1379.410379] loop3: p55 start 1 is beyond EOD, truncated
[ 1379.410391] loop3: p56 start 1 is beyond EOD, truncated
[ 1379.410403] loop3: p57 start 1 is beyond EOD, truncated
[ 1379.410415] loop3: p58 start 1 is beyond EOD, truncated
[ 1379.410427] loop3: p59 start 1 is beyond EOD, truncated
[ 1379.410439] loop3: p60 start 1 is beyond EOD, truncated
[ 1379.436835] loop3: p61 start 1 is beyond EOD, truncated
[ 1379.464918] loop3: p62 start 1 is beyond EOD, truncated
[ 1379.470283] loop3: p63 start 1 is beyond EOD, truncated
[ 1379.475749] loop3: p64 start 1 is beyond EOD, truncated
[ 1379.481119] loop3: p65 start 1 is beyond EOD, truncated
[ 1379.487119] loop3: p66 start 1 is beyond EOD, truncated
[ 1379.492481] loop3: p67 start 1 is beyond EOD, truncated
[ 1379.497900] loop3: p68 start 1 is beyond EOD, truncated
[ 1379.503701] loop3: p69 start 1 is beyond EOD, truncated
[ 1379.509137] loop3: p70 start 1 is beyond EOD, truncated
[ 1379.515480] loop3: p71 start 1 is beyond EOD, truncated
[ 1379.520979] loop3: p72 start 1 is beyond EOD, truncated
[ 1379.526675] loop3: p73 start 1 is beyond EOD, truncated
[ 1379.532073] loop3: p74 start 1 is beyond EOD, truncated
[ 1379.537520] loop3: p75 start 1 is beyond EOD, truncated
[ 1379.542906] loop3: p76 start 1 is beyond EOD, truncated
[ 1379.548328] loop3: p77 start 1 is beyond EOD, truncated
[ 1379.553722] loop3: p78 start 1 is beyond EOD, truncated
[ 1379.559164] loop3: p79 start 1 is beyond EOD, truncated
[ 1379.564560] loop3: p80 start 1 is beyond EOD, truncated
[ 1379.570022] loop3: p81 start 1 is beyond EOD, truncated
[ 1379.575487] loop3: p82 start 1 is beyond EOD, truncated
[ 1379.580862] loop3: p83 start 1 is beyond EOD, truncated
[ 1379.586310] loop3: p84 start 1 is beyond EOD, truncated
[ 1379.591697] loop3: p85 start 1 is beyond EOD, truncated
[ 1379.597164] loop3: p86 start 1 is beyond EOD, truncated
[ 1379.602540] loop3: p87 start 1 is beyond EOD, truncated
[ 1379.608062] loop3: p88 start 1 is beyond EOD, truncated
[ 1379.613446] loop3: p89 start 1 is beyond EOD, truncated
[ 1379.618858] loop3: p90 start 1 is beyond EOD, truncated
[ 1379.624239] loop3: p91 start 1 is beyond EOD, truncated
[ 1379.629683] loop3: p92 start 1 is beyond EOD, truncated
[ 1379.635096] loop3: p93 start 1 is beyond EOD, truncated
[ 1379.640451] loop3: p94 start 1 is beyond EOD, truncated
[ 1379.645905] loop3: p95 start 1 is beyond EOD, truncated
[ 1379.651296] loop3: p96 start 1 is beyond EOD, truncated
[ 1379.656726] loop3: p97 start 1 is beyond EOD, truncated
[ 1379.662170] loop3: p98 start 1 is beyond EOD, truncated
[ 1379.667642] loop3: p99 start 1 is beyond EOD, truncated
[ 1379.673008] loop3: p100 start 1 is beyond EOD, truncated
[ 1379.678522] loop3: p101 start 1 is beyond EOD, truncated
[ 1379.683979] loop3: p102 start 1 is beyond EOD, truncated
[ 1379.689575] loop3: p103 start 1 is beyond EOD, truncated
[ 1379.695104] loop3: p104 start 1 is beyond EOD, truncated
[ 1379.700573] loop3: p105 start 1 is beyond EOD, truncated
[ 1379.706096] loop3: p106 start 1 is beyond EOD, truncated
[ 1379.711574] loop3: p107 start 1 is beyond EOD, truncated
[ 1379.717091] loop3: p108 start 1 is beyond EOD, truncated
[ 1379.722576] loop3: p109 start 1 is beyond EOD, truncated
[ 1379.728088] loop3: p110 start 1 is beyond EOD, truncated
[ 1379.733560] loop3: p111 start 1 is beyond EOD, truncated
[ 1379.739060] loop3: p112 start 1 is beyond EOD, truncated
[ 1379.744533] loop3: p113 start 1 is beyond EOD, truncated
[ 1379.750036] loop3: p114 start 1 is beyond EOD, truncated
[ 1379.755584] loop3: p115 start 1 is beyond EOD, truncated
[ 1379.761022] loop3: p116 start 1 is beyond EOD, truncated
[ 1379.766559] loop3: p117 start 1 is beyond EOD, truncated
[ 1379.772013] loop3: p118 start 1 is beyond EOD, truncated
[ 1379.777562] loop3: p119 start 1 is beyond EOD, truncated
[ 1379.783032] loop3: p120 start 1 is beyond EOD, truncated
[ 1379.788548] loop3: p121 start 1 is beyond EOD, truncated
[ 1379.794026] loop3: p122 start 1 is beyond EOD, truncated
[ 1379.799526] loop3: p123 start 1 is beyond EOD, truncated
[ 1379.805035] loop3: p124 start 1 is beyond EOD, truncated
[ 1379.810474] loop3: p125 start 1 is beyond EOD, truncated
[ 1379.816004] loop3: p126 start 1 is beyond EOD, truncated
[ 1379.821484] loop3: p127 start 1 is beyond EOD, truncated
[ 1379.827001] loop3: p128 start 1 is beyond EOD, truncated
[ 1379.832459] loop3: p129 start 1 is beyond EOD, truncated
[ 1379.837983] loop3: p130 start 1 is beyond EOD, truncated
[ 1379.843447] loop3: p131 start 1 is beyond EOD, truncated
[ 1379.848953] loop3: p132 start 1 is beyond EOD, truncated
[ 1379.854412] loop3: p133 start 1 is beyond EOD, truncated
[ 1379.859938] loop3: p134 start 1 is beyond EOD, truncated
[ 1379.865443] loop3: p135 start 1 is beyond EOD, truncated
[ 1379.870910] loop3: p136 start 1 is beyond EOD, truncated
[ 1379.876411] loop3: p137 start 1 is beyond EOD, truncated
[ 1379.881930] loop3: p138 start 1 is beyond EOD, truncated
[ 1379.887484] loop3: p139 start 1 is beyond EOD, truncated
[ 1379.892953] loop3: p140 start 1 is beyond EOD, truncated
[ 1379.898489] loop3: p141 start 1 is beyond EOD, truncated
[ 1379.903958] loop3: p142 start 1 is beyond EOD, truncated
[ 1379.909494] loop3: p143 start 1 is beyond EOD, truncated
[ 1379.915060] loop3: p144 start 1 is beyond EOD, truncated
[ 1379.920515] loop3: p145 start 1 is beyond EOD, truncated
[ 1379.926011] loop3: p146 start 1 is beyond EOD, truncated
[ 1379.931468] loop3: p147 start 1 is beyond EOD, truncated
[ 1379.936967] loop3: p148 start 1 is beyond EOD, truncated
[ 1379.942429] loop3: p149 start 1 is beyond EOD, truncated
[ 1379.947997] loop3: p150 start 1 is beyond EOD, truncated
[ 1379.953461] loop3: p151 start 1 is beyond EOD, truncated
[ 1379.958979] loop3: p152 start 1 is beyond EOD, truncated
[ 1379.964445] loop3: p153 start 1 is beyond EOD, truncated
[ 1379.969989] loop3: p154 start 1 is beyond EOD, truncated
[ 1379.975483] loop3: p155 start 1 is beyond EOD, truncated
[ 1379.980946] loop3: p156 start 1 is beyond EOD, truncated
[ 1379.986484] loop3: p157 start 1 is beyond EOD, truncated
[ 1379.991946] loop3: p158 start 1 is beyond EOD, truncated
[ 1379.997710] loop3: p159 start 1 is beyond EOD, truncated
[ 1380.003180] loop3: p160 start 1 is beyond EOD, truncated
[ 1380.008754] loop3: p161 start 1 is beyond EOD, truncated
[ 1380.014218] loop3: p162 start 1 is beyond EOD, truncated
[ 1380.019737] loop3: p163 start 1 is beyond EOD, truncated
[ 1380.025253] loop3: p164 start 1 is beyond EOD, truncated
[ 1380.030706] loop3: p165 start 1 is beyond EOD, truncated
[ 1380.036228] loop3: p166 start 1 is beyond EOD, truncated
[ 1380.041713] loop3: p167 start 1 is beyond EOD, truncated
[ 1380.047212] loop3: p168 start 1 is beyond EOD, truncated
[ 1380.052676] loop3: p169 start 1 is beyond EOD, truncated
[ 1380.058169] loop3: p170 start 1 is beyond EOD, truncated
[ 1380.063627] loop3: p171 start 1 is beyond EOD, truncated
[ 1380.069142] loop3: p172 start 1 is beyond EOD, truncated
[ 1380.074671] loop3: p173 start 1 is beyond EOD, truncated
[ 1380.080122] loop3: p174 start 1 is beyond EOD, truncated
[ 1380.085614] loop3: p175 start 1 is beyond EOD, truncated
[ 1380.091079] loop3: p176 start 1 is beyond EOD, truncated
[ 1380.096573] loop3: p177 start 1 is beyond EOD, truncated
[ 1380.102027] loop3: p178 start 1 is beyond EOD, truncated
[ 1380.107542] loop3: p179 start 1 is beyond EOD, truncated
[ 1380.113018] loop3: p180 start 1 is beyond EOD, truncated
[ 1380.118539] loop3: p181 start 1 is beyond EOD, truncated
[ 1380.124013] loop3: p182 start 1 is beyond EOD, truncated
[ 1380.129549] loop3: p183 start 1 is beyond EOD, truncated
[ 1380.135045] loop3: p184 start 1 is beyond EOD, truncated
[ 1380.140492] loop3: p185 start 1 is beyond EOD, truncated
[ 1380.146054] loop3: p186 start 1 is beyond EOD, truncated
[ 1380.151569] loop3: p187 start 1 is beyond EOD, truncated
[ 1380.157204] loop3: p188 start 1 is beyond EOD, truncated
[ 1380.162674] loop3: p189 start 1 is beyond EOD, truncated
[ 1380.168202] loop3: p190 start 1 is beyond EOD, truncated
[ 1380.173673] loop3: p191 start 1 is beyond EOD, truncated
[ 1380.179182] loop3: p192 start 1 is beyond EOD, truncated
[ 1380.184695] loop3: p193 start 1 is beyond EOD, truncated
[ 1380.190147] loop3: p194 start 1 is beyond EOD, truncated
[ 1380.195659] loop3: p195 start 1 is beyond EOD, truncated
[ 1380.201113] loop3: p196 start 1 is beyond EOD, truncated
[ 1380.206605] loop3: p197 start 1 is beyond EOD, truncated
[ 1380.212077] loop3: p198 start 1 is beyond EOD, truncated
[ 1380.217601] loop3: p199 start 1 is beyond EOD, truncated
[ 1380.223064] loop3: p200 start 1 is beyond EOD, truncated
[ 1380.228561] loop3: p201 start 1 is beyond EOD, truncated
[ 1380.234057] loop3: p202 start 1 is beyond EOD, truncated
[ 1380.239590] loop3: p203 start 1 is beyond EOD, truncated
[ 1380.245108] loop3: p204 start 1 is beyond EOD, truncated
[ 1380.250580] loop3: p205 start 1 is beyond EOD, truncated
[ 1380.256095] loop3: p206 start 1 is beyond EOD, truncated
[ 1380.261549] loop3: p207 start 1 is beyond EOD, truncated
[ 1380.267045] loop3: p208 start 1 is beyond EOD, truncated
[ 1380.272507] loop3: p209 start 1 is beyond EOD, truncated
[ 1380.278007] loop3: p210 start 1 is beyond EOD, truncated
[ 1380.283468] loop3: p211 start 1 is beyond EOD, truncated
[ 1380.288970] loop3: p212 start 1 is beyond EOD, truncated
[ 1380.294443] loop3: p213 start 1 is beyond EOD, truncated
[ 1380.299980] loop3: p214 start 1 is beyond EOD, truncated
[ 1380.305473] loop3: p215 start 1 is beyond EOD, truncated
[ 1380.310917] loop3: p216 start 1 is beyond EOD, truncated
[ 1380.316450] loop3: p217 start 1 is beyond EOD, truncated
[ 1380.321956] loop3: p218 start 1 is beyond EOD, truncated
[ 1380.327479] loop3: p219 start 1 is beyond EOD, truncated
[ 1380.332940] loop3: p220 start 1 is beyond EOD, truncated
[ 1380.338434] loop3: p221 start 1 is beyond EOD, truncated
[ 1380.343890] loop3: p222 start 1 is beyond EOD, truncated
[ 1380.349403] loop3: p223 start 1 is beyond EOD, truncated
[ 1380.354893] loop3: p224 start 1 is beyond EOD, truncated
[ 1380.360371] loop3: p225 start 1 is beyond EOD, truncated
[ 1380.365867] loop3: p226 start 1 is beyond EOD, truncated
[ 1380.371324] loop3: p227 start 1 is beyond EOD, truncated
[ 1380.376844] loop3: p228 start 1 is beyond EOD, truncated
[ 1380.382624] loop3: p229 start 1 is beyond EOD, truncated
[ 1380.388160] loop3: p230 start 1 is beyond EOD, truncated
[ 1380.393629] loop3: p231 start 1 is beyond EOD, truncated
[ 1380.399156] loop3: p232 start 1 is beyond EOD, truncated
[ 1380.404690] loop3: p233 start 1 is beyond EOD, truncated
[ 1380.410144] loop3: p234 start 1 is beyond EOD, truncated
[ 1380.415666] loop3: p235 start 1 is beyond EOD, truncated
[ 1380.421143] loop3: p236 start 1 is beyond EOD, truncated
[ 1380.426751] loop3: p237 start 1 is beyond EOD, truncated
[ 1380.432218] loop3: p238 start 1 is beyond EOD, truncated
[ 1380.437728] loop3: p239 start 1 is beyond EOD, truncated
[ 1380.443192] loop3: p240 start 1 is beyond EOD, truncated
[ 1380.448742] loop3: p241 start 1 is beyond EOD, truncated
[ 1380.454222] loop3: p242 start 1 is beyond EOD, truncated
[ 1380.459771] loop3: p243 start 1 is beyond EOD, truncated
[ 1380.465289] loop3: p244 start 1 is beyond EOD, truncated
[ 1380.470734] loop3: p245 start 1 is beyond EOD, truncated
[ 1380.476325] loop3: p246 start 1 is beyond EOD, truncated
[ 1380.481785] loop3: p247 start 1 is beyond EOD, truncated
[ 1380.487285] loop3: p248 start 1 is beyond EOD, truncated
[ 1380.492757] loop3: p249 start 1 is beyond EOD, truncated
[ 1380.498275] loop3: p250 start 1 is beyond EOD, truncated
[ 1380.503760] loop3: p251 start 1 is beyond EOD, truncated
[ 1380.509302] loop3: p252 start 1 is beyond EOD, truncated
[ 1380.514803] loop3: p253 start 1 is beyond EOD, truncated
[ 1380.520263] loop3: p254 start 1 is beyond EOD, truncated
[ 1380.525770] loop3: p255 start 1 is beyond EOD, truncated
21:37:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\xfe', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:52 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x1200000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:52 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x48)

21:37:52 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x480, 0x0)
ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f00000000c0))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:52 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0xfff)
read$FUSE(r0, &(0x7f0000000180), 0x1000)

21:37:52 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1381.543277] binder_alloc: binder_alloc_mmap_handler: 23563 20001000-20004000 already mapped failed -16
[ 1381.555161] binder: 23562:23568 got transaction to invalid handle
[ 1381.569771] binder: 23562:23568 transaction failed 29201/-22, size 0-0 line 2834
[ 1381.570203]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1381.570227] loop3: partition table partially beyond EOD, truncated
[ 1381.680686] binder_alloc: binder_alloc_mmap_handler: 23562 20001000-20004000 already mapped failed -16
21:37:52 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x200000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:52 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0xffffff7f00000000)

[ 1381.702718] loop3: p1 start 1 is beyond EOD, truncated
[ 1381.716943] binder: BINDER_SET_CONTEXT_MGR already set
[ 1381.728285] loop3: p2 size 2 extends beyond EOD, truncated
[ 1381.742098] binder: undelivered TRANSACTION_ERROR: 29201
[ 1381.748242] binder: 23562:23576 ioctl 40046207 0 returned -16
[ 1381.761217] loop3: p3 start 201 is beyond EOD, truncated
[ 1381.789542] loop3: p4 start 301 is beyond EOD, truncated
[ 1381.798565] loop3: p5 start 1 is beyond EOD, truncated
[ 1381.803928] binder_alloc: binder_alloc_mmap_handler: 23581 20ffd000-21000000 already mapped failed -16
[ 1381.814157] binder_alloc: binder_alloc_mmap_handler: 23581 20001000-20004000 already mapped failed -16
[ 1381.824434] binder_alloc: binder_alloc_mmap_handler: 23581 20ffd000-21000000 already mapped failed -16
[ 1381.838560] loop3: p6 start 1 is beyond EOD, truncated
[ 1381.846597] loop3: p7 start 1 is beyond EOD, truncated
21:37:52 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x802)
r2 = syz_open_dev$binder(&(0x7f0000000200)='/dev/binder#\x00', 0x0, 0x800)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="812a6273b28f2283abaf2bd501fc6cde1e59c3747447977444cdddee82565fc6bca31e76408aa34a8ad398b2ef50d9424877423e1dea6b0b72968a2f953e9cef98c9c9e44abf15b552a28d29d8c14865bb388b351b26a25e5489eea6ab603e1cd9", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
r3 = syz_open_dev$cec(&(0x7f0000000280)='/dev/cec#\x00', 0x2, 0x2)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(r3, 0x29, 0xd3, &(0x7f00000003c0)={{0xa, 0x4e24, 0x3, @ipv4={[], [], @empty}, 0x8}, {0xa, 0x4e22, 0x7fff, @dev={0xfe, 0x80, [], 0x18}, 0xdfb2}, 0x8001, [0x0, 0x6, 0x4, 0xd5, 0x2, 0x8, 0x401, 0x2]}, 0x5c)
socket$can_bcm(0x1d, 0x2, 0x2)
r4 = dup3(r1, r0, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000000140)={<r5=>0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0xd0, 0x0, &(0x7f0000000440)=[@increfs_done={0x40106308, r5, 0x2}, @request_death={0x400c630e, 0x3, 0x4}, @reply_sg={0x40486312, {{0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000180)=[@flat={0x77682a85, 0xa, r5, 0x4}], &(0x7f00000001c0)=[0x38]}, 0x4}}, @reply={0x40406301, {0x3, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000380)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x2}], &(0x7f0000000540)=[0x18]}}, @register_looper, @request_death={0x400c630e, 0x0, 0x2}, @increfs={0x40046304, 0x2}], 0x0, 0x0, 0x0})

[ 1381.855026] loop3: p8 start 1 is beyond EOD, truncated
[ 1381.860692] loop3: p9 start 1 is beyond EOD, truncated
[ 1381.872057] loop3: p10 start 1 is beyond EOD, truncated
[ 1381.885161] loop3: p11 start 1 is beyond EOD, truncated
21:37:52 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xb000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1381.905972] loop3: p12 start 1 is beyond EOD, truncated
21:37:52 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x4800)

[ 1381.949523] loop3: p13 start 1 is beyond EOD, truncated
[ 1381.961106] binder: 23588:23589 transaction failed 29189/-22, size 24-8 line 2834
[ 1381.983371] loop3: p14 start 1 is beyond EOD, truncated
[ 1381.996722] binder: undelivered TRANSACTION_ERROR: 29189
[ 1382.002869] binder: 23588:23589 BC_INCREFS_DONE u0000000000000000 no match
[ 1382.033619] loop3: p15 start 1 is beyond EOD, truncated
[ 1382.043066] binder: 23588:23589 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
21:37:53 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1382.049949] loop3: p16 start 1 is beyond EOD, truncated
[ 1382.066133] loop3: p17 start 1 is beyond EOD, truncated
[ 1382.074286] loop3: p18 start 1 is beyond EOD, truncated
[ 1382.074454] binder: 23588:23589 got reply transaction with no transaction stack
[ 1382.087681] loop3: p19 start 1 is beyond EOD, truncated
[ 1382.095304] loop3: p20 start 1 is beyond EOD, truncated
[ 1382.109081] loop3: p21 start 1 is beyond EOD, truncated
[ 1382.115427] binder_alloc: binder_alloc_mmap_handler: 23596 20001000-20004000 already mapped failed -16
[ 1382.125409] binder: 23588:23589 transaction failed 29201/-71, size 24-8 line 2741
[ 1382.137785] loop3: p22 start 1 is beyond EOD, truncated
[ 1382.144095] loop3: p23 start 1 is beyond EOD, truncated
[ 1382.150685] loop3: p24 start 1 is beyond EOD, truncated
[ 1382.157255] loop3: p25 start 1 is beyond EOD, truncated
[ 1382.163063] binder: BINDER_SET_CONTEXT_MGR already set
[ 1382.169139] binder: 23588:23602 ioctl 40046207 0 returned -16
[ 1382.175209] loop3: p26 start 1 is beyond EOD, truncated
[ 1382.175223] loop3: p27 start 1 is beyond EOD, truncated
[ 1382.175235] loop3: p28 start 1 is beyond EOD, truncated
[ 1382.175247] loop3: p29 start 1 is beyond EOD, truncated
[ 1382.175258] loop3: p30 start 1 is beyond EOD, truncated
[ 1382.175269] loop3: p31 start 1 is beyond EOD, truncated
[ 1382.175286] loop3: p32 start 1 is beyond EOD, truncated
[ 1382.175462] loop3: p33 start 1 is beyond EOD, truncated
[ 1382.175473] loop3: p34 start 1 is beyond EOD, truncated
[ 1382.175484] loop3: p35 start 1 is beyond EOD, truncated
[ 1382.175496] loop3: p36 start 1 is beyond EOD, truncated
[ 1382.175507] loop3: p37 start 1 is beyond EOD, truncated
[ 1382.175518] loop3: p38 start 1 is beyond EOD, truncated
[ 1382.185905] binder: 23588:23589 transaction failed 29189/-22, size 24-8 line 2834
[ 1382.188207] loop3: p39 start 1 is beyond EOD, truncated
[ 1382.197092] binder: undelivered TRANSACTION_ERROR: 29189
[ 1382.204023] binder: undelivered TRANSACTION_ERROR: 29201
[ 1382.270769] loop3: p40 start 1 is beyond EOD, truncated
[ 1382.276452] loop3: p41 start 1 is beyond EOD, truncated
[ 1382.281967] loop3: p42 start 1 is beyond EOD, truncated
[ 1382.287605] loop3: p43 start 1 is beyond EOD, truncated
[ 1382.293138] loop3: p44 start 1 is beyond EOD, truncated
[ 1382.300071] loop3: p45 start 1 is beyond EOD, truncated
[ 1382.305790] loop3: p46 start 1 is beyond EOD, truncated
[ 1382.311302] loop3: p47 start 1 is beyond EOD, truncated
[ 1382.320093] loop3: p48 start 1 is beyond EOD, truncated
[ 1382.325688] loop3: p49 start 1 is beyond EOD, truncated
[ 1382.341405] loop3: p50 start 1 is beyond EOD, truncated
[ 1382.346963] loop3: p51 start 1 is beyond EOD, truncated
[ 1382.354800] loop3: p52 start 1 is beyond EOD, truncated
[ 1382.365772] loop3: p53 start 1 is beyond EOD, truncated
[ 1382.371793] loop3: p54 start 1 is beyond EOD, truncated
[ 1382.378463] loop3: p55 start 1 is beyond EOD, truncated
[ 1382.384716] loop3: p56 start 1 is beyond EOD, truncated
[ 1382.391112] loop3: p57 start 1 is beyond EOD, truncated
[ 1382.396933] loop3: p58 start 1 is beyond EOD, truncated
[ 1382.402352] loop3: p59 start 1 is beyond EOD, truncated
[ 1382.407980] loop3: p60 start 1 is beyond EOD, truncated
[ 1382.413365] loop3: p61 start 1 is beyond EOD, truncated
[ 1382.419331] loop3: p62 start 1 is beyond EOD, truncated
[ 1382.424859] loop3: p63 start 1 is beyond EOD, truncated
[ 1382.430249] loop3: p64 start 1 is beyond EOD, truncated
[ 1382.435714] loop3: p65 start 1 is beyond EOD, truncated
[ 1382.441087] loop3: p66 start 1 is beyond EOD, truncated
[ 1382.447702] loop3: p67 start 1 is beyond EOD, truncated
[ 1382.453063] loop3: p68 start 1 is beyond EOD, truncated
[ 1382.458495] loop3: p69 start 1 is beyond EOD, truncated
[ 1382.463866] loop3: p70 start 1 is beyond EOD, truncated
[ 1382.469303] loop3: p71 start 1 is beyond EOD, truncated
[ 1382.474777] loop3: p72 start 1 is beyond EOD, truncated
[ 1382.480155] loop3: p73 start 1 is beyond EOD, truncated
[ 1382.485630] loop3: p74 start 1 is beyond EOD, truncated
[ 1382.491047] loop3: p75 start 1 is beyond EOD, truncated
[ 1382.496647] loop3: p76 start 1 is beyond EOD, truncated
[ 1382.502114] loop3: p77 start 1 is beyond EOD, truncated
[ 1382.507586] loop3: p78 start 1 is beyond EOD, truncated
[ 1382.512969] loop3: p79 start 1 is beyond EOD, truncated
[ 1382.518484] loop3: p80 start 1 is beyond EOD, truncated
[ 1382.523943] loop3: p81 start 1 is beyond EOD, truncated
[ 1382.529458] loop3: p82 start 1 is beyond EOD, truncated
[ 1382.535723] loop3: p83 start 1 is beyond EOD, truncated
[ 1382.541108] loop3: p84 start 1 is beyond EOD, truncated
[ 1382.546587] loop3: p85 start 1 is beyond EOD, truncated
[ 1382.551975] loop3: p86 start 1 is beyond EOD, truncated
[ 1382.551989] loop3: p87 start 1 is beyond EOD, truncated
[ 1382.552001] loop3: p88 start 1 is beyond EOD, truncated
[ 1382.552013] loop3: p89 start 1 is beyond EOD, truncated
[ 1382.552025] loop3: p90 start 1 is beyond EOD, truncated
[ 1382.552036] loop3: p91 start 1 is beyond EOD, truncated
[ 1382.552048] loop3: p92 start 1 is beyond EOD, truncated
[ 1382.552061] loop3: p93 start 1 is beyond EOD, truncated
[ 1382.552072] loop3: p94 start 1 is beyond EOD, truncated
[ 1382.562986] loop3: p95 start 1 is beyond EOD, truncated
[ 1382.563000] loop3: p96 start 1 is beyond EOD, truncated
[ 1382.563012] loop3: p97 start 1 is beyond EOD, truncated
[ 1382.563024] loop3: p98 start 1 is beyond EOD, truncated
[ 1382.563036] loop3: p99 start 1 is beyond EOD, truncated
[ 1382.627750] loop3: p100 start 1 is beyond EOD, truncated
[ 1382.633338] loop3: p101 start 1 is beyond EOD, truncated
[ 1382.639121] loop3: p102 start 1 is beyond EOD, truncated
[ 1382.644753] loop3: p103 start 1 is beyond EOD, truncated
[ 1382.650327] loop3: p104 start 1 is beyond EOD, truncated
[ 1382.656044] loop3: p105 start 1 is beyond EOD, truncated
[ 1382.661541] loop3: p106 start 1 is beyond EOD, truncated
[ 1382.667071] loop3: p107 start 1 is beyond EOD, truncated
[ 1382.672540] loop3: p108 start 1 is beyond EOD, truncated
[ 1382.678033] loop3: p109 start 1 is beyond EOD, truncated
[ 1382.683496] loop3: p110 start 1 is beyond EOD, truncated
[ 1382.689000] loop3: p111 start 1 is beyond EOD, truncated
[ 1382.694472] loop3: p112 start 1 is beyond EOD, truncated
[ 1382.699997] loop3: p113 start 1 is beyond EOD, truncated
[ 1382.705523] loop3: p114 start 1 is beyond EOD, truncated
[ 1382.710976] loop3: p115 start 1 is beyond EOD, truncated
[ 1382.716607] loop3: p116 start 1 is beyond EOD, truncated
[ 1382.722090] loop3: p117 start 1 is beyond EOD, truncated
[ 1382.727603] loop3: p118 start 1 is beyond EOD, truncated
[ 1382.733088] loop3: p119 start 1 is beyond EOD, truncated
[ 1382.738616] loop3: p120 start 1 is beyond EOD, truncated
[ 1382.744097] loop3: p121 start 1 is beyond EOD, truncated
[ 1382.749615] loop3: p122 start 1 is beyond EOD, truncated
[ 1382.756032] loop3: p123 start 1 is beyond EOD, truncated
[ 1382.761486] loop3: p124 start 1 is beyond EOD, truncated
[ 1382.767005] loop3: p125 start 1 is beyond EOD, truncated
[ 1382.772456] loop3: p126 start 1 is beyond EOD, truncated
[ 1382.777948] loop3: p127 start 1 is beyond EOD, truncated
[ 1382.783422] loop3: p128 start 1 is beyond EOD, truncated
[ 1382.788922] loop3: p129 start 1 is beyond EOD, truncated
[ 1382.794404] loop3: p130 start 1 is beyond EOD, truncated
[ 1382.800250] loop3: p131 start 1 is beyond EOD, truncated
[ 1382.805753] loop3: p132 start 1 is beyond EOD, truncated
[ 1382.811200] loop3: p133 start 1 is beyond EOD, truncated
[ 1382.816724] loop3: p134 start 1 is beyond EOD, truncated
[ 1382.822194] loop3: p135 start 1 is beyond EOD, truncated
[ 1382.827733] loop3: p136 start 1 is beyond EOD, truncated
[ 1382.833188] loop3: p137 start 1 is beyond EOD, truncated
[ 1382.838712] loop3: p138 start 1 is beyond EOD, truncated
[ 1382.844172] loop3: p139 start 1 is beyond EOD, truncated
[ 1382.849705] loop3: p140 start 1 is beyond EOD, truncated
[ 1382.855206] loop3: p141 start 1 is beyond EOD, truncated
[ 1382.860671] loop3: p142 start 1 is beyond EOD, truncated
[ 1382.866207] loop3: p143 start 1 is beyond EOD, truncated
[ 1382.871664] loop3: p144 start 1 is beyond EOD, truncated
[ 1382.877192] loop3: p145 start 1 is beyond EOD, truncated
[ 1382.882656] loop3: p146 start 1 is beyond EOD, truncated
[ 1382.888974] loop3: p147 start 1 is beyond EOD, truncated
[ 1382.894460] loop3: p148 start 1 is beyond EOD, truncated
[ 1382.900030] loop3: p149 start 1 is beyond EOD, truncated
[ 1382.905526] loop3: p150 start 1 is beyond EOD, truncated
[ 1382.910975] loop3: p151 start 1 is beyond EOD, truncated
[ 1382.916482] loop3: p152 start 1 is beyond EOD, truncated
[ 1382.921937] loop3: p153 start 1 is beyond EOD, truncated
[ 1382.927490] loop3: p154 start 1 is beyond EOD, truncated
[ 1382.932976] loop3: p155 start 1 is beyond EOD, truncated
[ 1382.938472] loop3: p156 start 1 is beyond EOD, truncated
[ 1382.943946] loop3: p157 start 1 is beyond EOD, truncated
[ 1382.949470] loop3: p158 start 1 is beyond EOD, truncated
[ 1382.954987] loop3: p159 start 1 is beyond EOD, truncated
[ 1382.960426] loop3: p160 start 1 is beyond EOD, truncated
[ 1382.965951] loop3: p161 start 1 is beyond EOD, truncated
[ 1382.971418] loop3: p162 start 1 is beyond EOD, truncated
[ 1382.976939] loop3: p163 start 1 is beyond EOD, truncated
[ 1382.982424] loop3: p164 start 1 is beyond EOD, truncated
[ 1382.987971] loop3: p165 start 1 is beyond EOD, truncated
[ 1382.993433] loop3: p166 start 1 is beyond EOD, truncated
[ 1382.998957] loop3: p167 start 1 is beyond EOD, truncated
[ 1383.004424] loop3: p168 start 1 is beyond EOD, truncated
[ 1383.009941] loop3: p169 start 1 is beyond EOD, truncated
[ 1383.016094] loop3: p170 start 1 is beyond EOD, truncated
[ 1383.021540] loop3: p171 start 1 is beyond EOD, truncated
[ 1383.027048] loop3: p172 start 1 is beyond EOD, truncated
[ 1383.032523] loop3: p173 start 1 is beyond EOD, truncated
[ 1383.038066] loop3: p174 start 1 is beyond EOD, truncated
[ 1383.043520] loop3: p175 start 1 is beyond EOD, truncated
[ 1383.049032] loop3: p176 start 1 is beyond EOD, truncated
[ 1383.054489] loop3: p177 start 1 is beyond EOD, truncated
[ 1383.060016] loop3: p178 start 1 is beyond EOD, truncated
[ 1383.065511] loop3: p179 start 1 is beyond EOD, truncated
[ 1383.070961] loop3: p180 start 1 is beyond EOD, truncated
[ 1383.076484] loop3: p181 start 1 is beyond EOD, truncated
[ 1383.081963] loop3: p182 start 1 is beyond EOD, truncated
[ 1383.087481] loop3: p183 start 1 is beyond EOD, truncated
[ 1383.092936] loop3: p184 start 1 is beyond EOD, truncated
[ 1383.098463] loop3: p185 start 1 is beyond EOD, truncated
[ 1383.103924] loop3: p186 start 1 is beyond EOD, truncated
[ 1383.109483] loop3: p187 start 1 is beyond EOD, truncated
[ 1383.115054] loop3: p188 start 1 is beyond EOD, truncated
[ 1383.120496] loop3: p189 start 1 is beyond EOD, truncated
[ 1383.126006] loop3: p190 start 1 is beyond EOD, truncated
[ 1383.131473] loop3: p191 start 1 is beyond EOD, truncated
[ 1383.137004] loop3: p192 start 1 is beyond EOD, truncated
[ 1383.142462] loop3: p193 start 1 is beyond EOD, truncated
[ 1383.148801] loop3: p194 start 1 is beyond EOD, truncated
[ 1383.154255] loop3: p195 start 1 is beyond EOD, truncated
[ 1383.159764] loop3: p196 start 1 is beyond EOD, truncated
[ 1383.165262] loop3: p197 start 1 is beyond EOD, truncated
[ 1383.170704] loop3: p198 start 1 is beyond EOD, truncated
[ 1383.176219] loop3: p199 start 1 is beyond EOD, truncated
[ 1383.181684] loop3: p200 start 1 is beyond EOD, truncated
[ 1383.187195] loop3: p201 start 1 is beyond EOD, truncated
[ 1383.192660] loop3: p202 start 1 is beyond EOD, truncated
[ 1383.198256] loop3: p203 start 1 is beyond EOD, truncated
[ 1383.203719] loop3: p204 start 1 is beyond EOD, truncated
[ 1383.209230] loop3: p205 start 1 is beyond EOD, truncated
[ 1383.214738] loop3: p206 start 1 is beyond EOD, truncated
[ 1383.220209] loop3: p207 start 1 is beyond EOD, truncated
[ 1383.225756] loop3: p208 start 1 is beyond EOD, truncated
[ 1383.231238] loop3: p209 start 1 is beyond EOD, truncated
[ 1383.236776] loop3: p210 start 1 is beyond EOD, truncated
[ 1383.242230] loop3: p211 start 1 is beyond EOD, truncated
[ 1383.247732] loop3: p212 start 1 is beyond EOD, truncated
[ 1383.253202] loop3: p213 start 1 is beyond EOD, truncated
[ 1383.258749] loop3: p214 start 1 is beyond EOD, truncated
[ 1383.264237] loop3: p215 start 1 is beyond EOD, truncated
[ 1383.269744] loop3: p216 start 1 is beyond EOD, truncated
[ 1383.275859] loop3: p217 start 1 is beyond EOD, truncated
[ 1383.281330] loop3: p218 start 1 is beyond EOD, truncated
[ 1383.286829] loop3: p219 start 1 is beyond EOD, truncated
[ 1383.292298] loop3: p220 start 1 is beyond EOD, truncated
[ 1383.297814] loop3: p221 start 1 is beyond EOD, truncated
[ 1383.303266] loop3: p222 start 1 is beyond EOD, truncated
[ 1383.308775] loop3: p223 start 1 is beyond EOD, truncated
[ 1383.314259] loop3: p224 start 1 is beyond EOD, truncated
[ 1383.319772] loop3: p225 start 1 is beyond EOD, truncated
[ 1383.325267] loop3: p226 start 1 is beyond EOD, truncated
[ 1383.330713] loop3: p227 start 1 is beyond EOD, truncated
[ 1383.336249] loop3: p228 start 1 is beyond EOD, truncated
[ 1383.341721] loop3: p229 start 1 is beyond EOD, truncated
[ 1383.347246] loop3: p230 start 1 is beyond EOD, truncated
[ 1383.352714] loop3: p231 start 1 is beyond EOD, truncated
[ 1383.358221] loop3: p232 start 1 is beyond EOD, truncated
[ 1383.363690] loop3: p233 start 1 is beyond EOD, truncated
[ 1383.369196] loop3: p234 start 1 is beyond EOD, truncated
[ 1383.374716] loop3: p235 start 1 is beyond EOD, truncated
[ 1383.380161] loop3: p236 start 1 is beyond EOD, truncated
[ 1383.385664] loop3: p237 start 1 is beyond EOD, truncated
[ 1383.391119] loop3: p238 start 1 is beyond EOD, truncated
[ 1383.396615] loop3: p239 start 1 is beyond EOD, truncated
[ 1383.402100] loop3: p240 start 1 is beyond EOD, truncated
[ 1383.408457] loop3: p241 start 1 is beyond EOD, truncated
[ 1383.413903] loop3: p242 start 1 is beyond EOD, truncated
[ 1383.419403] loop3: p243 start 1 is beyond EOD, truncated
[ 1383.424914] loop3: p244 start 1 is beyond EOD, truncated
[ 1383.430352] loop3: p245 start 1 is beyond EOD, truncated
[ 1383.435883] loop3: p246 start 1 is beyond EOD, truncated
[ 1383.441340] loop3: p247 start 1 is beyond EOD, truncated
[ 1383.446865] loop3: p248 start 1 is beyond EOD, truncated
[ 1383.452330] loop3: p249 start 1 is beyond EOD, truncated
[ 1383.457822] loop3: p250 start 1 is beyond EOD, truncated
[ 1383.463283] loop3: p251 start 1 is beyond EOD, truncated
[ 1383.468796] loop3: p252 start 1 is beyond EOD, truncated
[ 1383.474272] loop3: p253 start 1 is beyond EOD, truncated
[ 1383.479771] loop3: p254 start 1 is beyond EOD, truncated
[ 1383.485315] loop3: p255 start 1 is beyond EOD, truncated
21:37:55 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0xffffffffffffc)

21:37:55 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xa00]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:55 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = getpgid(0x0)
fcntl$setownex(r1, 0xf, &(0x7f00000000c0)={0x1, r2})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:55 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x796, 0x42002)
read$FUSE(r0, &(0x7f0000000180), 0x1000)

21:37:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:55 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1384.650723] binder: release 23618:23626 transaction 6398 out, still active
[ 1384.658690] binder_alloc: 23618: binder_alloc_buf, no vma
[ 1384.660023] binder_alloc: binder_alloc_mmap_handler: 23614 20001000-20004000 already mapped failed -16
[ 1384.664278] binder: 23618:23626 transaction failed 29189/-3, size 0-0 line 2973
[ 1384.681596] binder: unexpected work type, 4, not freed
[ 1384.695708] binder: undelivered TRANSACTION_COMPLETE
21:37:55 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x900]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1384.702882] binder_alloc: binder_alloc_mmap_handler: 23618 20001000-20004000 already mapped failed -16
[ 1384.723871] binder_alloc: 23618: binder_alloc_buf, no vma
[ 1384.730682] binder: 23618:23632 transaction failed 29189/-3, size 24-8 line 2973
[ 1384.731011] binder: undelivered TRANSACTION_ERROR: 29189
[ 1384.744250] binder: 23618:23632 got transaction to invalid handle
[ 1384.751131] binder: 23618:23632 transaction failed 29201/-22, size 0-0 line 2834
[ 1384.753768]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1384.753781] loop3: partition table partially beyond EOD, 
21:37:55 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x2000000)

[ 1384.759200] binder: undelivered TRANSACTION_ERROR: 29189
21:37:55 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x12]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:55 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x80010, r1, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0xa})
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x0, 0x0)
ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000100)={0x0, 0x401, 0x8, 0x18000000, 0xe3, 0x7, 0x6, 0xaf4d, 0x6})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r1, 0x6)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r3, 0x80dc5521, &(0x7f0000000440)=""/148)
openat$ion(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ion\x00', 0x0, 0x0)

[ 1384.916258] truncated
[ 1384.933573] loop3: p1 start 1 is beyond EOD, truncated
[ 1384.973491] loop3: p2 size 2 extends beyond EOD, truncated
[ 1385.005936] binder_alloc: binder_alloc_mmap_handler: 23639 20ffd000-21000000 already mapped failed -16
[ 1385.020150] loop3: p3 start 201 is beyond EOD, truncated
21:37:56 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x500000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1385.060805] binder_alloc: binder_alloc_mmap_handler: 23639 20001000-20004000 already mapped failed -16
[ 1385.073699] binder: BINDER_SET_CONTEXT_MGR already set
[ 1385.092720] binder: 23644:23645 ioctl 40046207 0 returned -16
[ 1385.115244] binder: send failed reply for transaction 6398, target dead
[ 1385.122462] binder_alloc: 23618: binder_alloc_buf, no vma
[ 1385.128321] binder: undelivered TRANSACTION_ERROR: 29201
[ 1385.135361] binder: 23644:23651 transaction failed 29189/-3, size 24-8 line 2973
[ 1385.144494] loop3: p4 start 301 is beyond EOD, truncated
[ 1385.150197] loop3: p5 start 1 is beyond EOD, truncated
[ 1385.155778] binder: 23644:23645 got transaction to invalid handle
21:37:56 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf0ffffff00000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1385.162038] binder: 23644:23645 transaction failed 29201/-22, size 0-0 line 2834
[ 1385.169763] loop3: p6 start 1 is beyond EOD, truncated
[ 1385.175252] loop3: p7 start 1 is beyond EOD, truncated
[ 1385.180683] loop3: p8 start 1 is beyond EOD, truncated
[ 1385.188138] loop3: p9 start 1 is beyond EOD, truncated
[ 1385.195235] binder_alloc: 23644: binder_alloc_buf, no vma
[ 1385.200832] binder: 23644:23654 transaction failed 29189/-3, size 24-8 line 2973
[ 1385.208753] binder: 23644:23651 got transaction to invalid handle
21:37:56 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0xffffff7f)

[ 1385.215678] binder: undelivered TRANSACTION_ERROR: 29189
[ 1385.215827] binder: undelivered TRANSACTION_ERROR: 29201
[ 1385.231755] binder: undelivered TRANSACTION_ERROR: 29201
[ 1385.250005] loop3: p10 start 1 is beyond EOD, truncated
21:37:56 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x2, 0x40013, r1, 0x21)
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1385.272586] loop3: p11 start 1 is beyond EOD, truncated
[ 1385.315763] loop3: p12 start 1 is beyond EOD, truncated
[ 1385.331134] loop3: p13 start 1 is beyond EOD, truncated
[ 1385.351360] loop3: p14 start 1 is beyond EOD, truncated
[ 1385.355975] binder_alloc: 23661: binder_alloc_buf, no vma
21:37:56 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xffffff7f]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1385.362432] binder: release 23661:23664 transaction 6411 out, still active
[ 1385.373305] loop3: p15 start 1 is beyond EOD, truncated
[ 1385.375879] binder: unexpected work type, 4, not freed
[ 1385.394693] binder: BINDER_SET_CONTEXT_MGR already set
[ 1385.398525] loop3: p16 start 1 is beyond EOD, truncated
[ 1385.400100] binder: undelivered TRANSACTION_COMPLETE
[ 1385.411001] binder_alloc: 23661: binder_alloc_buf, no vma
[ 1385.420557] binder: 23661:23664 ioctl 40046207 0 returned -16
[ 1385.434253] binder: send failed reply for transaction 6411, target dead
[ 1385.440692] loop3: p17 start 1 is beyond EOD, truncated
[ 1385.468288] loop3: p18 start 1 is beyond EOD, truncated
21:37:56 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
ioctl$int_in(r0, 0x5473, &(0x7f0000000000)=0x10001)
read$FUSE(r0, &(0x7f0000000180), 0x1000)

[ 1385.508105] loop3: p19 start 1 is beyond EOD, truncated
[ 1385.549676] loop3: p20 start 1 is beyond EOD, truncated
[ 1385.569052] loop3: p21 start 1 is beyond EOD, truncated
[ 1385.574482] loop3: p22 start 1 is beyond EOD, truncated
[ 1385.592177] loop3: p23 start 1 is beyond EOD, truncated
[ 1385.605091] loop3: p24 start 1 is beyond EOD, truncated
[ 1385.610686] loop3: p25 start 1 is beyond EOD, truncated
[ 1385.616383] loop3: p26 start 1 is beyond EOD, truncated
[ 1385.616397] loop3: p27 start 1 is beyond EOD, truncated
[ 1385.616409] loop3: p28 start 1 is beyond EOD, truncated
[ 1385.616421] loop3: p29 start 1 is beyond EOD, truncated
[ 1385.616433] loop3: p30 start 1 is beyond EOD, truncated
[ 1385.616445] loop3: p31 start 1 is beyond EOD, truncated
[ 1385.616456] loop3: p32 start 1 is beyond EOD, truncated
[ 1385.616468] loop3: p33 start 1 is beyond EOD, truncated
[ 1385.616480] loop3: p34 start 1 is beyond EOD, truncated
[ 1385.616492] loop3: p35 start 1 is beyond EOD, truncated
[ 1385.616504] loop3: p36 start 1 is beyond EOD, truncated
[ 1385.616516] loop3: p37 start 1 is beyond EOD, truncated
[ 1385.616528] loop3: p38 start 1 is beyond EOD, truncated
[ 1385.616555] loop3: p39 start 1 is beyond EOD, truncated
[ 1385.616581] loop3: p40 start 1 is beyond EOD, truncated
[ 1385.616592] loop3: p41 start 1 is beyond EOD, truncated
[ 1385.616603] loop3: p42 start 1 is beyond EOD, truncated
[ 1385.616615] loop3: p43 start 1 is beyond EOD, truncated
[ 1385.616626] loop3: p44 start 1 is beyond EOD, truncated
[ 1385.616648] loop3: p45 start 1 is beyond EOD, truncated
[ 1385.616659] loop3: p46 start 1 is beyond EOD, truncated
[ 1385.616670] loop3: p47 start 1 is beyond EOD, truncated
[ 1385.616682] loop3: p48 start 1 is beyond EOD, truncated
[ 1385.616693] loop3: p49 start 1 is beyond EOD, truncated
[ 1385.616704] loop3: p50 start 1 is beyond EOD, truncated
[ 1385.616716] loop3: p51 start 1 is beyond EOD, truncated
[ 1385.616726] loop3: p52 start 1 is beyond EOD, truncated
[ 1385.616738] loop3: p53 start 1 is beyond EOD, truncated
[ 1385.616749] loop3: p54 start 1 is beyond EOD, truncated
[ 1385.616760] loop3: p55 start 1 is beyond EOD, truncated
[ 1385.616771] loop3: p56 start 1 is beyond EOD, truncated
[ 1385.616783] loop3: p57 start 1 is beyond EOD, truncated
[ 1385.616809] loop3: p58 start 1 is beyond EOD, truncated
[ 1385.616821] loop3: p59 start 1 is beyond EOD, truncated
[ 1385.616833] loop3: p60 start 1 is beyond EOD, truncated
[ 1385.616845] loop3: p61 start 1 is beyond EOD, truncated
[ 1385.616856] loop3: p62 start 1 is beyond EOD, truncated
[ 1385.616868] loop3: p63 start 1 is beyond EOD, truncated
[ 1385.616880] loop3: p64 start 1 is beyond EOD, truncated
[ 1385.616892] loop3: p65 start 1 is beyond EOD, truncated
[ 1385.616911] loop3: p66 start 1 is beyond EOD, truncated
[ 1385.616922] loop3: p67 start 1 is beyond EOD, truncated
[ 1385.616934] loop3: p68 start 1 is beyond EOD, truncated
[ 1385.616946] loop3: p69 start 1 is beyond EOD, truncated
[ 1385.616957] loop3: p70 start 1 is beyond EOD, truncated
[ 1385.616984] loop3: p71 start 1 is beyond EOD, truncated
[ 1385.616997] loop3: p72 start 1 is beyond EOD, truncated
[ 1385.617009] loop3: p73 start 1 is beyond EOD, truncated
[ 1385.617021] loop3: p74 start 1 is beyond EOD, truncated
[ 1385.617032] loop3: p75 start 1 is beyond EOD, truncated
[ 1385.617043] loop3: p76 start 1 is beyond EOD, truncated
[ 1385.617055] loop3: p77 start 1 is beyond EOD, truncated
[ 1385.617067] loop3: p78 start 1 is beyond EOD, truncated
[ 1385.617079] loop3: p79 start 1 is beyond EOD, truncated
[ 1385.628790] loop3: p80 start 1 is beyond EOD, truncated
[ 1385.913274] loop3: p81 start 1 is beyond EOD, truncated
[ 1385.918810] loop3: p82 start 1 is beyond EOD, truncated
[ 1385.924190] loop3: p83 start 1 is beyond EOD, truncated
[ 1385.929682] loop3: p84 start 1 is beyond EOD, truncated
[ 1385.935130] loop3: p85 start 1 is beyond EOD, truncated
[ 1385.940497] loop3: p86 start 1 is beyond EOD, truncated
[ 1385.945960] loop3: p87 start 1 is beyond EOD, truncated
[ 1385.951366] loop3: p88 start 1 is beyond EOD, truncated
[ 1385.956794] loop3: p89 start 1 is beyond EOD, truncated
[ 1385.962186] loop3: p90 start 1 is beyond EOD, truncated
[ 1385.967634] loop3: p91 start 1 is beyond EOD, truncated
[ 1385.973022] loop3: p92 start 1 is beyond EOD, truncated
[ 1385.978431] loop3: p93 start 1 is beyond EOD, truncated
[ 1385.983815] loop3: p94 start 1 is beyond EOD, truncated
[ 1385.989261] loop3: p95 start 1 is beyond EOD, truncated
[ 1385.994716] loop3: p96 start 1 is beyond EOD, truncated
[ 1386.000077] loop3: p97 start 1 is beyond EOD, truncated
[ 1386.005486] loop3: p98 start 1 is beyond EOD, truncated
[ 1386.010861] loop3: p99 start 1 is beyond EOD, truncated
[ 1386.016295] loop3: p100 start 1 is beyond EOD, truncated
[ 1386.021806] loop3: p101 start 1 is beyond EOD, truncated
[ 1386.027343] loop3: p102 start 1 is beyond EOD, truncated
[ 1386.032809] loop3: p103 start 1 is beyond EOD, truncated
[ 1386.038369] loop3: p104 start 1 is beyond EOD, truncated
[ 1386.043820] loop3: p105 start 1 is beyond EOD, truncated
[ 1386.049338] loop3: p106 start 1 is beyond EOD, truncated
[ 1386.054886] loop3: p107 start 1 is beyond EOD, truncated
[ 1386.060367] loop3: p108 start 1 is beyond EOD, truncated
[ 1386.065867] loop3: p109 start 1 is beyond EOD, truncated
[ 1386.071346] loop3: p110 start 1 is beyond EOD, truncated
[ 1386.076876] loop3: p111 start 1 is beyond EOD, truncated
[ 1386.082336] loop3: p112 start 1 is beyond EOD, truncated
[ 1386.087844] loop3: p113 start 1 is beyond EOD, truncated
[ 1386.093359] loop3: p114 start 1 is beyond EOD, truncated
[ 1386.098876] loop3: p115 start 1 is beyond EOD, truncated
[ 1386.104336] loop3: p116 start 1 is beyond EOD, truncated
[ 1386.111983] loop3: p117 start 1 is beyond EOD, truncated
[ 1386.117586] loop3: p118 start 1 is beyond EOD, truncated
[ 1386.123075] loop3: p119 start 1 is beyond EOD, truncated
[ 1386.128579] loop3: p120 start 1 is beyond EOD, truncated
[ 1386.134054] loop3: p121 start 1 is beyond EOD, truncated
[ 1386.139622] loop3: p122 start 1 is beyond EOD, truncated
[ 1386.145175] loop3: p123 start 1 is beyond EOD, truncated
[ 1386.150613] loop3: p124 start 1 is beyond EOD, truncated
[ 1386.156213] loop3: p125 start 1 is beyond EOD, truncated
[ 1386.161671] loop3: p126 start 1 is beyond EOD, truncated
[ 1386.167239] loop3: p127 start 1 is beyond EOD, truncated
[ 1386.172697] loop3: p128 start 1 is beyond EOD, truncated
[ 1386.178212] loop3: p129 start 1 is beyond EOD, truncated
[ 1386.183685] loop3: p130 start 1 is beyond EOD, truncated
[ 1386.189206] loop3: p131 start 1 is beyond EOD, truncated
[ 1386.194721] loop3: p132 start 1 is beyond EOD, truncated
[ 1386.200184] loop3: p133 start 1 is beyond EOD, truncated
[ 1386.205717] loop3: p134 start 1 is beyond EOD, truncated
[ 1386.211183] loop3: p135 start 1 is beyond EOD, truncated
[ 1386.216716] loop3: p136 start 1 is beyond EOD, truncated
[ 1386.222177] loop3: p137 start 1 is beyond EOD, truncated
[ 1386.227711] loop3: p138 start 1 is beyond EOD, truncated
[ 1386.233183] loop3: p139 start 1 is beyond EOD, truncated
[ 1386.238906] loop3: p140 start 1 is beyond EOD, truncated
[ 1386.244362] loop3: p141 start 1 is beyond EOD, truncated
[ 1386.249861] loop3: p142 start 1 is beyond EOD, truncated
[ 1386.255399] loop3: p143 start 1 is beyond EOD, truncated
[ 1386.260857] loop3: p144 start 1 is beyond EOD, truncated
[ 1386.266349] loop3: p145 start 1 is beyond EOD, truncated
[ 1386.271809] loop3: p146 start 1 is beyond EOD, truncated
[ 1386.277314] loop3: p147 start 1 is beyond EOD, truncated
[ 1386.282804] loop3: p148 start 1 is beyond EOD, truncated
[ 1386.288321] loop3: p149 start 1 is beyond EOD, truncated
[ 1386.293794] loop3: p150 start 1 is beyond EOD, truncated
[ 1386.299288] loop3: p151 start 1 is beyond EOD, truncated
[ 1386.304794] loop3: p152 start 1 is beyond EOD, truncated
[ 1386.310256] loop3: p153 start 1 is beyond EOD, truncated
[ 1386.315825] loop3: p154 start 1 is beyond EOD, truncated
[ 1386.321336] loop3: p155 start 1 is beyond EOD, truncated
[ 1386.326837] loop3: p156 start 1 is beyond EOD, truncated
[ 1386.332307] loop3: p157 start 1 is beyond EOD, truncated
[ 1386.337827] loop3: p158 start 1 is beyond EOD, truncated
[ 1386.343291] loop3: p159 start 1 is beyond EOD, truncated
[ 1386.348824] loop3: p160 start 1 is beyond EOD, truncated
[ 1386.354294] loop3: p161 start 1 is beyond EOD, truncated
[ 1386.359851] loop3: p162 start 1 is beyond EOD, truncated
[ 1386.365415] loop3: p163 start 1 is beyond EOD, truncated
[ 1386.370909] loop3: p164 start 1 is beyond EOD, truncated
[ 1386.376463] loop3: p165 start 1 is beyond EOD, truncated
[ 1386.381922] loop3: p166 start 1 is beyond EOD, truncated
[ 1386.387429] loop3: p167 start 1 is beyond EOD, truncated
[ 1386.392910] loop3: p168 start 1 is beyond EOD, truncated
[ 1386.398535] loop3: p169 start 1 is beyond EOD, truncated
[ 1386.404010] loop3: p170 start 1 is beyond EOD, truncated
[ 1386.409525] loop3: p171 start 1 is beyond EOD, truncated
[ 1386.415091] loop3: p172 start 1 is beyond EOD, truncated
[ 1386.420841] loop3: p173 start 1 is beyond EOD, truncated
[ 1386.426457] loop3: p174 start 1 is beyond EOD, truncated
[ 1386.431986] loop3: p175 start 1 is beyond EOD, truncated
[ 1386.437571] loop3: p176 start 1 is beyond EOD, truncated
[ 1386.443043] loop3: p177 start 1 is beyond EOD, truncated
[ 1386.443057] loop3: p178 start 1 is beyond EOD, truncated
[ 1386.443068] loop3: p179 start 1 is beyond EOD, truncated
[ 1386.443087] loop3: p180 start 1 is beyond EOD, truncated
[ 1386.455615] loop3: p181 start 1 is beyond EOD, truncated
[ 1386.473478] loop3: p182 start 1 is beyond EOD, truncated
[ 1386.479758] loop3: p183 start 1 is beyond EOD, truncated
[ 1386.485620] loop3: p184 start 1 is beyond EOD, truncated
[ 1386.491137] loop3: p185 start 1 is beyond EOD, truncated
[ 1386.497438] loop3: p186 start 1 is beyond EOD, truncated
[ 1386.502888] loop3: p187 start 1 is beyond EOD, truncated
[ 1386.508419] loop3: p188 start 1 is beyond EOD, truncated
[ 1386.513877] loop3: p189 start 1 is beyond EOD, truncated
[ 1386.519435] loop3: p190 start 1 is beyond EOD, truncated
[ 1386.524970] loop3: p191 start 1 is beyond EOD, truncated
[ 1386.530428] loop3: p192 start 1 is beyond EOD, truncated
[ 1386.535921] loop3: p193 start 1 is beyond EOD, truncated
[ 1386.541375] loop3: p194 start 1 is beyond EOD, truncated
[ 1386.546894] loop3: p195 start 1 is beyond EOD, truncated
[ 1386.552457] loop3: p196 start 1 is beyond EOD, truncated
[ 1386.557984] loop3: p197 start 1 is beyond EOD, truncated
[ 1386.563453] loop3: p198 start 1 is beyond EOD, truncated
[ 1386.568947] loop3: p199 start 1 is beyond EOD, truncated
[ 1386.574453] loop3: p200 start 1 is beyond EOD, truncated
[ 1386.579947] loop3: p201 start 1 is beyond EOD, truncated
[ 1386.585438] loop3: p202 start 1 is beyond EOD, truncated
[ 1386.590876] loop3: p203 start 1 is beyond EOD, truncated
[ 1386.596368] loop3: p204 start 1 is beyond EOD, truncated
[ 1386.601838] loop3: p205 start 1 is beyond EOD, truncated
[ 1386.607342] loop3: p206 start 1 is beyond EOD, truncated
[ 1386.612806] loop3: p207 start 1 is beyond EOD, truncated
[ 1386.618329] loop3: p208 start 1 is beyond EOD, truncated
[ 1386.623793] loop3: p209 start 1 is beyond EOD, truncated
[ 1386.630117] loop3: p210 start 1 is beyond EOD, truncated
[ 1386.635675] loop3: p211 start 1 is beyond EOD, truncated
[ 1386.641153] loop3: p212 start 1 is beyond EOD, truncated
[ 1386.646698] loop3: p213 start 1 is beyond EOD, truncated
[ 1386.652156] loop3: p214 start 1 is beyond EOD, truncated
[ 1386.657712] loop3: p215 start 1 is beyond EOD, truncated
[ 1386.663219] loop3: p216 start 1 is beyond EOD, truncated
[ 1386.668794] loop3: p217 start 1 is beyond EOD, truncated
[ 1386.674249] loop3: p218 start 1 is beyond EOD, truncated
[ 1386.679768] loop3: p219 start 1 is beyond EOD, truncated
[ 1386.685264] loop3: p220 start 1 is beyond EOD, truncated
[ 1386.690715] loop3: p221 start 1 is beyond EOD, truncated
[ 1386.696229] loop3: p222 start 1 is beyond EOD, truncated
[ 1386.701696] loop3: p223 start 1 is beyond EOD, truncated
[ 1386.707207] loop3: p224 start 1 is beyond EOD, truncated
[ 1386.712687] loop3: p225 start 1 is beyond EOD, truncated
[ 1386.718199] loop3: p226 start 1 is beyond EOD, truncated
[ 1386.723664] loop3: p227 start 1 is beyond EOD, truncated
[ 1386.729159] loop3: p228 start 1 is beyond EOD, truncated
[ 1386.734692] loop3: p229 start 1 is beyond EOD, truncated
[ 1386.740138] loop3: p230 start 1 is beyond EOD, truncated
[ 1386.745665] loop3: p231 start 1 is beyond EOD, truncated
[ 1386.751135] loop3: p232 start 1 is beyond EOD, truncated
[ 1386.757420] loop3: p233 start 1 is beyond EOD, truncated
[ 1386.762874] loop3: p234 start 1 is beyond EOD, truncated
[ 1386.768446] loop3: p235 start 1 is beyond EOD, truncated
[ 1386.773916] loop3: p236 start 1 is beyond EOD, truncated
[ 1386.779456] loop3: p237 start 1 is beyond EOD, truncated
[ 1386.784996] loop3: p238 start 1 is beyond EOD, truncated
[ 1386.790438] loop3: p239 start 1 is beyond EOD, truncated
[ 1386.796031] loop3: p240 start 1 is beyond EOD, truncated
[ 1386.801494] loop3: p241 start 1 is beyond EOD, truncated
[ 1386.807006] loop3: p242 start 1 is beyond EOD, truncated
[ 1386.812461] loop3: p243 start 1 is beyond EOD, truncated
[ 1386.817959] loop3: p244 start 1 is beyond EOD, truncated
[ 1386.823459] loop3: p245 start 1 is beyond EOD, truncated
[ 1386.829002] loop3: p246 start 1 is beyond EOD, truncated
[ 1386.834489] loop3: p247 start 1 is beyond EOD, truncated
[ 1386.840020] loop3: p248 start 1 is beyond EOD, truncated
[ 1386.845542] loop3: p249 start 1 is beyond EOD, truncated
[ 1386.851002] loop3: p250 start 1 is beyond EOD, truncated
[ 1386.856504] loop3: p251 start 1 is beyond EOD, truncated
[ 1386.861968] loop3: p252 start 1 is beyond EOD, truncated
[ 1386.867481] loop3: p253 start 1 is beyond EOD, truncated
[ 1386.872984] loop3: p254 start 1 is beyond EOD, truncated
[ 1386.878584] loop3: p255 start 1 is beyond EOD, truncated
21:37:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:58 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x3000000)

21:37:58 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x1)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x18000, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000100)={<r3=>0x0, 0x2}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000440)={r3, @in6={{0xa, 0x4e20, 0x7, @loopback, 0x8e}}, 0x2, 0x10000}, &(0x7f0000000180)=0x90)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r4 = msgget$private(0x0, 0x80)
msgctl$IPC_RMID(r4, 0x0)
dup3(r1, r0, 0x7ffffd)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:37:58 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf0ffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:58 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xee83, 0x40002)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000040)={<r1=>0x0, @in6={{0xa, 0x4e22, 0x3, @dev={0xfe, 0x80, [], 0xd}, 0x7}}, 0xe5, 0x0, 0x6, 0x1fe}, &(0x7f0000000100)=0x98)
getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000001180)=@assoc_value={r1}, &(0x7f00000011c0)=0x8)
write$P9_RWSTAT(r0, &(0x7f0000000140)={0xffffffffffffff9c, 0x7f, 0x2}, 0x7)

21:37:58 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1387.730207] binder_alloc_mmap_handler: 3 callbacks suppressed
[ 1387.730223] binder_alloc: binder_alloc_mmap_handler: 23689 20ffd000-21000000 already mapped failed -16
[ 1387.738895] binder_alloc: 23691: binder_alloc_buf, no vma
[ 1387.756797] binder_transaction: 3 callbacks suppressed
[ 1387.756814] binder: 23691:23698 transaction failed 29189/-3, size 24-8 line 2973
21:37:58 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xffffff9e]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1387.774211] binder_alloc: binder_alloc_mmap_handler: 23689 20001000-20004000 already mapped failed -16
[ 1387.786248] binder_alloc: binder_alloc_mmap_handler: 23689 20ffd000-21000000 already mapped failed -16
[ 1387.800007] binder: 23691:23698 got transaction to invalid handle
[ 1387.810248] binder: 23691:23698 transaction failed 29201/-22, size 0-0 line 2834
[ 1387.850459] binder: BINDER_SET_CONTEXT_MGR already set
[ 1387.869499] binder: 23691:23706 ioctl 40046207 0 returned -16
21:37:58 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x200000000000000)

[ 1387.869582]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1387.869596] loop3: partition table partially beyond EOD, 
[ 1387.884714] binder_alloc: 23691: binder_alloc_buf, no vma
[ 1387.986330] binder_release_work: 3 callbacks suppressed
[ 1387.986338] binder: undelivered TRANSACTION_ERROR: 29189
21:37:59 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x8]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1387.999025] binder: 23691:23698 transaction failed 29189/-3, size 24-8 line 2973
[ 1388.010652] binder: undelivered TRANSACTION_ERROR: 29201
[ 1388.058478] binder_alloc: binder_alloc_mmap_handler: 23714 20ffd000-21000000 already mapped failed -16
[ 1388.062732] binder: undelivered TRANSACTION_ERROR: 29189
[ 1388.078873] binder_alloc: binder_alloc_mmap_handler: 23714 20001000-20004000 already mapped failed -16
21:37:59 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x3f000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:59 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)
write$cgroup_type(r2, &(0x7f0000000280)='threaded\x00', 0x9)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000180)=[@reply={0x40406301, {0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)=[0x40, 0x58, 0x78, 0x68, 0x68, 0x48, 0x68, 0x38, 0x30]}}], 0xfffffffffffffd5a, 0x0, 0x0})

[ 1388.112450] binder_alloc: binder_alloc_mmap_handler: 23714 20ffd000-21000000 already mapped failed -16
[ 1388.160177] truncated
[ 1388.163115] loop3: p1 start 1 is beyond EOD, truncated
[ 1388.168789] loop3: p2 size 2 extends beyond EOD, truncated
[ 1388.195198] loop3: p3 start 201 is beyond EOD, truncated
[ 1388.203607] loop3: p4 start 301 is beyond EOD, truncated
21:37:59 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x7a000000)

[ 1388.218947] loop3: p5 start 1 is beyond EOD, truncated
[ 1388.232895] loop3: p6 start 1 is beyond EOD, truncated
[ 1388.248695] loop3: p7 start 1 is beyond EOD, truncated
[ 1388.261564] loop3: p8 start 1 is beyond EOD, truncated
[ 1388.271545] binder: release 23721:23725 transaction 6421 out, still active
[ 1388.279291] binder: 23721:23725 got reply transaction with no transaction stack
[ 1388.290074] binder: unexpected work type, 4, not freed
[ 1388.302549] loop3: p9 start 1 is beyond EOD, truncated
[ 1388.309181] binder: undelivered TRANSACTION_COMPLETE
[ 1388.321301] loop3: p10 start 1 is beyond EOD, truncated
[ 1388.327193] binder: 23721:23725 transaction failed 29201/-71, size 0-0 line 2741
[ 1388.354770] loop3: p11 start 1 is beyond EOD, truncated
[ 1388.361525] binder: 23721:23725 ioctl c0306201 20000040 returned -14
[ 1388.370270] loop3: p12 start 1 is beyond EOD, truncated
[ 1388.376664] loop3: p13 start 1 is beyond EOD, truncated
[ 1388.382553] loop3: p14 start 1 is beyond EOD, truncated
[ 1388.388817] loop3: p15 start 1 is beyond EOD, truncated
[ 1388.394295] binder_alloc: binder_alloc_mmap_handler: 23729 20ffd000-21000000 already mapped failed -16
[ 1388.395877] loop3: p16 start 1 is beyond EOD, truncated
[ 1388.404288] binder: BINDER_SET_CONTEXT_MGR already set
[ 1388.415044] binder: 23721:23725 ioctl 40046207 0 returned -16
[ 1388.415251] loop3: p17 start 1 is beyond EOD, truncated
[ 1388.424314] binder_alloc: binder_alloc_mmap_handler: 23729 20001000-20004000 already mapped failed -16
[ 1388.427102] binder_alloc: 23721: binder_alloc_buf, no vma
[ 1388.436562] binder_alloc: binder_alloc_mmap_handler: 23729 20ffd000-21000000 already mapped failed -16
[ 1388.441877] loop3: p18 start 1 is beyond EOD, truncated
[ 1388.457351] binder: 23721:23732 transaction failed 29189/-3, size 24-8 line 2973
[ 1388.457393] binder: 23721:23734 got reply transaction with no transaction stack
[ 1388.465435] binder: undelivered TRANSACTION_ERROR: 29189
[ 1388.473302] loop3: p19 start 1 is beyond EOD, truncated
[ 1388.478478] binder: 23721:23734 transaction failed 29201/-71, size 0-0 line 2741
[ 1388.484023] loop3: p20 start 1 is beyond EOD, truncated
[ 1388.491499] binder: 23721:23734 ioctl c0306201 20000040 returned -14
[ 1388.497091] loop3: p21 start 1 is beyond EOD, truncated
[ 1388.509605] loop3: p22 start 1 is beyond EOD, truncated
[ 1388.515472] loop3: p23 start 1 is beyond EOD, truncated
[ 1388.515530] binder: undelivered TRANSACTION_ERROR: 29201
[ 1388.520990] loop3: p24 start 1 is beyond EOD, truncated
[ 1388.532362] loop3: p25 start 1 is beyond EOD, truncated
[ 1388.542734] binder: send failed reply for transaction 6421, target dead
[ 1388.548565] loop3: p26 start 1 is beyond EOD, truncated
[ 1388.560259] loop3: p27 start 1 is beyond EOD, truncated
[ 1388.571233] binder: undelivered TRANSACTION_ERROR: 29201
[ 1388.577305] loop3: p28 start 1 is beyond EOD, truncated
[ 1388.592105] loop3: p29 start 1 is beyond EOD, truncated
[ 1388.603918] loop3: p30 start 1 is beyond EOD, truncated
[ 1388.609521] loop3: p31 start 1 is beyond EOD, truncated
[ 1388.629376] loop3: p32 start 1 is beyond EOD, truncated
[ 1388.655243] loop3: p33 start 1 is beyond EOD, truncated
[ 1388.665843] loop3: p34 start 1 is beyond EOD, truncated
[ 1388.675196] loop3: p35 start 1 is beyond EOD, truncated
[ 1388.680736] loop3: p36 start 1 is beyond EOD, truncated
[ 1388.686322] loop3: p37 start 1 is beyond EOD, truncated
[ 1388.691966] loop3: p38 start 1 is beyond EOD, truncated
[ 1388.697930] loop3: p39 start 1 is beyond EOD, truncated
[ 1388.697943] loop3: p40 start 1 is beyond EOD, truncated
[ 1388.697956] loop3: p41 start 1 is beyond EOD, truncated
[ 1388.697969] loop3: p42 start 1 is beyond EOD, truncated
[ 1388.697981] loop3: p43 start 1 is beyond EOD, truncated
[ 1388.697993] loop3: p44 start 1 is beyond EOD, truncated
[ 1388.698005] loop3: p45 start 1 is beyond EOD, truncated
[ 1388.698017] loop3: p46 start 1 is beyond EOD, truncated
[ 1388.698029] loop3: p47 start 1 is beyond EOD, truncated
[ 1388.698041] loop3: p48 start 1 is beyond EOD, truncated
[ 1388.698054] loop3: p49 start 1 is beyond EOD, truncated
[ 1388.698066] loop3: p50 start 1 is beyond EOD, truncated
[ 1388.698078] loop3: p51 start 1 is beyond EOD, truncated
[ 1388.698090] loop3: p52 start 1 is beyond EOD, truncated
[ 1388.698102] loop3: p53 start 1 is beyond EOD, truncated
[ 1388.698115] loop3: p54 start 1 is beyond EOD, truncated
[ 1388.698126] loop3: p55 start 1 is beyond EOD, truncated
[ 1388.698139] loop3: p56 start 1 is beyond EOD, truncated
[ 1388.698150] loop3: p57 start 1 is beyond EOD, truncated
[ 1388.698163] loop3: p58 start 1 is beyond EOD, truncated
[ 1388.698175] loop3: p59 start 1 is beyond EOD, truncated
[ 1388.698187] loop3: p60 start 1 is beyond EOD, truncated
[ 1388.698199] loop3: p61 start 1 is beyond EOD, truncated
[ 1388.698211] loop3: p62 start 1 is beyond EOD, truncated
[ 1388.698223] loop3: p63 start 1 is beyond EOD, truncated
[ 1388.698235] loop3: p64 start 1 is beyond EOD, truncated
[ 1388.698247] loop3: p65 start 1 is beyond EOD, truncated
[ 1388.698259] loop3: p66 start 1 is beyond EOD, truncated
[ 1388.698285] loop3: p67 start 1 is beyond EOD, truncated
[ 1388.698297] loop3: p68 start 1 is beyond EOD, truncated
[ 1388.698308] loop3: p69 start 1 is beyond EOD, truncated
[ 1388.698335] loop3: p70 start 1 is beyond EOD, truncated
[ 1388.698346] loop3: p71 start 1 is beyond EOD, truncated
[ 1388.698357] loop3: p72 start 1 is beyond EOD, truncated
[ 1388.698368] loop3: p73 start 1 is beyond EOD, truncated
[ 1388.698380] loop3: p74 start 1 is beyond EOD, truncated
[ 1388.698413] loop3: p75 start 1 is beyond EOD, truncated
[ 1388.698424] loop3: p76 start 1 is beyond EOD, truncated
[ 1388.698436] loop3: p77 start 1 is beyond EOD, truncated
[ 1388.698447] loop3: p78 start 1 is beyond EOD, truncated
[ 1388.698459] loop3: p79 start 1 is beyond EOD, truncated
[ 1388.698470] loop3: p80 start 1 is beyond EOD, truncated
21:37:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:37:59 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x13000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:37:59 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x7400)

21:37:59 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0xffffffffffffffe5)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r1 = dup3(0xffffffffffffffff, r0, 0x0)
inotify_init()
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
prctl$PR_GET_TIMERSLACK(0x1e)
setsockopt(r1, 0x6, 0xc62f51e, &(0x7f00000000c0)="c600ec0f0ccebd49a3510aaa1adfde688083b269d7c0cfd803c7c396b2fbaa94301da9889139d2c4a499cef2e48b9d47b2cedd9f602a2b1183fa146174912c67575a340f257e6b7e9b7f5c7980bd70dfb3746524d6bf5b71f6de92e365e7aef21c892f57c587cd58fe8871fd2a3e052c7a6940020404af3942d7468fe15067cb460970b38e425cafb2e7fcc7d684255d", 0x90)

21:37:59 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x30c)

[ 1388.698482] loop3: p81 start 1 is beyond EOD, truncated
[ 1388.698494] loop3: p82 start 1 is beyond EOD, truncated
[ 1388.698520] loop3: p83 start 1 is beyond EOD, truncated
[ 1388.698547] loop3: p84 start 1 is beyond EOD, truncated
[ 1388.698573] loop3: p85 start 1 is beyond EOD, truncated
[ 1388.698586] loop3: p86 start 1 is beyond EOD, truncated
[ 1388.698598] loop3: p87 start 1 is beyond EOD, truncated
[ 1388.698625] loop3: p88 start 1 is beyond EOD, truncated
[ 1388.698645] loop3: p89 start 1 is beyond EOD, truncated
[ 1388.698760] loop3: p90 start 1 is beyond EOD, truncated
[ 1388.698773] loop3: p91 start 1 is beyond EOD, truncated
[ 1388.698785] loop3: p92 start 1 is beyond EOD, truncated
[ 1388.698797] loop3: p93 start 1 is beyond EOD, truncated
[ 1388.698809] loop3: p94 start 1 is beyond EOD, truncated
[ 1388.698821] loop3: p95 start 1 is beyond EOD, truncated
[ 1388.698847] loop3: p96 start 1 is beyond EOD, truncated
[ 1388.698859] loop3: p97 start 1 is beyond EOD, truncated
[ 1388.698870] loop3: p98 start 1 is beyond EOD, truncated
[ 1388.698881] loop3: p99 start 1 is beyond EOD, truncated
[ 1388.698894] loop3: p100 start 1 is beyond EOD, truncated
[ 1388.883946] loop3: p101 start 1 is beyond EOD, truncated
[ 1388.893535] loop3: p102 start 1 is beyond EOD, truncated
[ 1389.024894] binder: 23747:23750 transaction failed 29189/-22, size 24-8 line 2834
[ 1389.032521] loop3: p103 start 1 is beyond EOD, truncated
[ 1389.045464] binder_alloc: binder_alloc_mmap_handler: 23745 20001000-20004000 already mapped failed -16
[ 1389.069658] loop3: p104 start 1 is beyond EOD, truncated
[ 1389.079790] binder: 23747:23756 transaction failed 29189/-22, size 24-8 line 2834
[ 1389.083245] loop3: p105 start 1 is beyond EOD, truncated
[ 1389.094126] loop3: p106 start 1 is beyond EOD, truncated
[ 1389.100179] loop3: p107 start 1 is beyond EOD, truncated
[ 1389.101018] binder: undelivered TRANSACTION_ERROR: 29189
[ 1389.106038] loop3: p108 start 1 is beyond EOD, truncated
[ 1389.115726] binder: undelivered TRANSACTION_ERROR: 29189
[ 1389.129801] loop3: p109 start 1 is beyond EOD, truncated
[ 1389.154777] loop3: p110 start 1 is beyond EOD, truncated
[ 1389.167786] loop3: p111 start 1 is beyond EOD, truncated
[ 1389.173305] loop3: p112 start 1 is beyond EOD, truncated
[ 1389.191025] loop3: p113 start 1 is beyond EOD, truncated
[ 1389.237955] loop3: p114 start 1 is beyond EOD, truncated
[ 1389.243524] loop3: p115 start 1 is beyond EOD, truncated
[ 1389.272878] loop3: p116 start 1 is beyond EOD, truncated
[ 1389.279415] loop3: p117 start 1 is beyond EOD, truncated
[ 1389.286972] loop3: p118 start 1 is beyond EOD, truncated
[ 1389.292698] loop3: p119 start 1 is beyond EOD, truncated
[ 1389.298898] loop3: p120 start 1 is beyond EOD, truncated
[ 1389.304694] loop3: p121 start 1 is beyond EOD, truncated
[ 1389.310406] loop3: p122 start 1 is beyond EOD, truncated
[ 1389.316790] loop3: p123 start 1 is beyond EOD, truncated
[ 1389.326593] loop3: p124 start 1 is beyond EOD, truncated
[ 1389.332348] loop3: p125 start 1 is beyond EOD, truncated
[ 1389.338205] loop3: p126 start 1 is beyond EOD, truncated
[ 1389.344053] loop3: p127 start 1 is beyond EOD, truncated
[ 1389.350013] loop3: p128 start 1 is beyond EOD, truncated
[ 1389.356104] loop3: p129 start 1 is beyond EOD, truncated
[ 1389.361713] loop3: p130 start 1 is beyond EOD, truncated
[ 1389.367322] loop3: p131 start 1 is beyond EOD, truncated
[ 1389.372826] loop3: p132 start 1 is beyond EOD, truncated
[ 1389.378396] loop3: p133 start 1 is beyond EOD, truncated
[ 1389.383875] loop3: p134 start 1 is beyond EOD, truncated
[ 1389.389459] loop3: p135 start 1 is beyond EOD, truncated
[ 1389.395627] loop3: p136 start 1 is beyond EOD, truncated
[ 1389.401099] loop3: p137 start 1 is beyond EOD, truncated
[ 1389.406691] loop3: p138 start 1 is beyond EOD, truncated
[ 1389.412162] loop3: p139 start 1 is beyond EOD, truncated
[ 1389.417719] loop3: p140 start 1 is beyond EOD, truncated
[ 1389.423186] loop3: p141 start 1 is beyond EOD, truncated
[ 1389.428738] loop3: p142 start 1 is beyond EOD, truncated
[ 1389.434203] loop3: p143 start 1 is beyond EOD, truncated
[ 1389.439774] loop3: p144 start 1 is beyond EOD, truncated
[ 1389.445323] loop3: p145 start 1 is beyond EOD, truncated
[ 1389.450773] loop3: p146 start 1 is beyond EOD, truncated
[ 1389.456305] loop3: p147 start 1 is beyond EOD, truncated
[ 1389.461792] loop3: p148 start 1 is beyond EOD, truncated
[ 1389.467348] loop3: p149 start 1 is beyond EOD, truncated
[ 1389.472879] loop3: p150 start 1 is beyond EOD, truncated
[ 1389.478455] loop3: p151 start 1 is beyond EOD, truncated
[ 1389.483919] loop3: p152 start 1 is beyond EOD, truncated
[ 1389.489468] loop3: p153 start 1 is beyond EOD, truncated
[ 1389.494968] loop3: p154 start 1 is beyond EOD, truncated
[ 1389.500424] loop3: p155 start 1 is beyond EOD, truncated
[ 1389.505957] loop3: p156 start 1 is beyond EOD, truncated
[ 1389.511426] loop3: p157 start 1 is beyond EOD, truncated
[ 1389.518145] loop3: p158 start 1 is beyond EOD, truncated
[ 1389.523603] loop3: p159 start 1 is beyond EOD, truncated
[ 1389.530019] loop3: p160 start 1 is beyond EOD, truncated
[ 1389.535561] loop3: p161 start 1 is beyond EOD, truncated
[ 1389.541035] loop3: p162 start 1 is beyond EOD, truncated
[ 1389.546550] loop3: p163 start 1 is beyond EOD, truncated
[ 1389.552023] loop3: p164 start 1 is beyond EOD, truncated
[ 1389.557528] loop3: p165 start 1 is beyond EOD, truncated
[ 1389.562990] loop3: p166 start 1 is beyond EOD, truncated
[ 1389.568536] loop3: p167 start 1 is beyond EOD, truncated
[ 1389.573994] loop3: p168 start 1 is beyond EOD, truncated
[ 1389.579493] loop3: p169 start 1 is beyond EOD, truncated
[ 1389.585015] loop3: p170 start 1 is beyond EOD, truncated
[ 1389.590463] loop3: p171 start 1 is beyond EOD, truncated
[ 1389.596002] loop3: p172 start 1 is beyond EOD, truncated
[ 1389.601459] loop3: p173 start 1 is beyond EOD, truncated
[ 1389.607007] loop3: p174 start 1 is beyond EOD, truncated
[ 1389.612463] loop3: p175 start 1 is beyond EOD, truncated
[ 1389.617974] loop3: p176 start 1 is beyond EOD, truncated
[ 1389.623464] loop3: p177 start 1 is beyond EOD, truncated
[ 1389.629003] loop3: p178 start 1 is beyond EOD, truncated
[ 1389.634469] loop3: p179 start 1 is beyond EOD, truncated
[ 1389.639996] loop3: p180 start 1 is beyond EOD, truncated
[ 1389.645522] loop3: p181 start 1 is beyond EOD, truncated
[ 1389.650991] loop3: p182 start 1 is beyond EOD, truncated
[ 1389.657544] loop3: p183 start 1 is beyond EOD, truncated
[ 1389.663185] loop3: p184 start 1 is beyond EOD, truncated
[ 1389.668787] loop3: p185 start 1 is beyond EOD, truncated
[ 1389.674286] loop3: p186 start 1 is beyond EOD, truncated
[ 1389.679839] loop3: p187 start 1 is beyond EOD, truncated
[ 1389.685359] loop3: p188 start 1 is beyond EOD, truncated
[ 1389.690805] loop3: p189 start 1 is beyond EOD, truncated
[ 1389.696320] loop3: p190 start 1 is beyond EOD, truncated
[ 1389.701793] loop3: p191 start 1 is beyond EOD, truncated
[ 1389.707315] loop3: p192 start 1 is beyond EOD, truncated
[ 1389.712781] loop3: p193 start 1 is beyond EOD, truncated
[ 1389.718303] loop3: p194 start 1 is beyond EOD, truncated
[ 1389.723779] loop3: p195 start 1 is beyond EOD, truncated
[ 1389.729285] loop3: p196 start 1 is beyond EOD, truncated
[ 1389.734835] loop3: p197 start 1 is beyond EOD, truncated
[ 1389.740291] loop3: p198 start 1 is beyond EOD, truncated
[ 1389.745808] loop3: p199 start 1 is beyond EOD, truncated
[ 1389.751281] loop3: p200 start 1 is beyond EOD, truncated
[ 1389.756805] loop3: p201 start 1 is beyond EOD, truncated
[ 1389.762268] loop3: p202 start 1 is beyond EOD, truncated
[ 1389.767769] loop3: p203 start 1 is beyond EOD, truncated
[ 1389.773232] loop3: p204 start 1 is beyond EOD, truncated
[ 1389.778759] loop3: p205 start 1 is beyond EOD, truncated
[ 1389.784222] loop3: p206 start 1 is beyond EOD, truncated
[ 1389.790653] loop3: p207 start 1 is beyond EOD, truncated
[ 1389.796200] loop3: p208 start 1 is beyond EOD, truncated
[ 1389.801664] loop3: p209 start 1 is beyond EOD, truncated
[ 1389.807181] loop3: p210 start 1 is beyond EOD, truncated
[ 1389.812662] loop3: p211 start 1 is beyond EOD, truncated
[ 1389.818177] loop3: p212 start 1 is beyond EOD, truncated
[ 1389.823632] loop3: p213 start 1 is beyond EOD, truncated
[ 1389.829165] loop3: p214 start 1 is beyond EOD, truncated
[ 1389.834729] loop3: p215 start 1 is beyond EOD, truncated
[ 1389.840186] loop3: p216 start 1 is beyond EOD, truncated
[ 1389.845709] loop3: p217 start 1 is beyond EOD, truncated
[ 1389.851180] loop3: p218 start 1 is beyond EOD, truncated
[ 1389.856708] loop3: p219 start 1 is beyond EOD, truncated
[ 1389.862179] loop3: p220 start 1 is beyond EOD, truncated
[ 1389.867750] loop3: p221 start 1 is beyond EOD, truncated
[ 1389.873754] loop3: p222 start 1 is beyond EOD, truncated
[ 1389.879289] loop3: p223 start 1 is beyond EOD, truncated
[ 1389.884807] loop3: p224 start 1 is beyond EOD, truncated
[ 1389.895193] loop3: p225 start 1 is beyond EOD, truncated
[ 1389.900677] loop3: p226 start 1 is beyond EOD, truncated
[ 1389.915984] loop3: p227 start 1 is beyond EOD, truncated
[ 1389.921468] loop3: p228 start 1 is beyond EOD, truncated
[ 1389.931804] loop3: p229 start 1 is beyond EOD, truncated
[ 1389.950769] loop3: p230 start 1 is beyond EOD, truncated
[ 1389.958199] loop3: p231 start 1 is beyond EOD, truncated
[ 1389.963677] loop3: p232 start 1 is beyond EOD, truncated
[ 1389.969582] loop3: p233 start 1 is beyond EOD, truncated
[ 1389.975430] loop3: p234 start 1 is beyond EOD, truncated
[ 1389.980903] loop3: p235 start 1 is beyond EOD, truncated
[ 1389.986979] loop3: p236 start 1 is beyond EOD, truncated
[ 1389.992500] loop3: p237 start 1 is beyond EOD, truncated
[ 1389.998526] loop3: p238 start 1 is beyond EOD, truncated
[ 1390.004000] loop3: p239 start 1 is beyond EOD, truncated
[ 1390.016323] loop3: p240 start 1 is beyond EOD, truncated
[ 1390.021810] loop3: p241 start 1 is beyond EOD, truncated
[ 1390.027706] loop3: p242 start 1 is beyond EOD, truncated
[ 1390.033175] loop3: p243 start 1 is beyond EOD, truncated
[ 1390.039056] loop3: p244 start 1 is beyond EOD, truncated
[ 1390.044523] loop3: p245 start 1 is beyond EOD, truncated
[ 1390.051520] loop3: p246 start 1 is beyond EOD, truncated
[ 1390.057348] loop3: p247 start 1 is beyond EOD, truncated
[ 1390.062820] loop3: p248 start 1 is beyond EOD, truncated
[ 1390.069441] loop3: p249 start 1 is beyond EOD, truncated
[ 1390.075454] loop3: p250 start 1 is beyond EOD, truncated
[ 1390.081010] loop3: p251 start 1 is beyond EOD, truncated
[ 1390.086925] loop3: p252 start 1 is beyond EOD, truncated
[ 1390.092538] loop3: p253 start 1 is beyond EOD, truncated
[ 1390.100155] loop3: p254 start 1 is beyond EOD, truncated
[ 1390.106077] loop3: p255 start 1 is beyond EOD, truncated
21:38:01 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:01 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x12000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:01 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:38:01 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x300000000000000)

21:38:01 executing program 4:
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000000)={0xffffffffffffffff, 0x7, 0x0, 0x20, 0x7ff, 0x4, 0x8})
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000180), 0x1000)

21:38:01 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

[ 1390.260347] binder: 23772:23775 got transaction to context manager from process owning it
[ 1390.321261] binder: 23772:23775 transaction failed 29201/-22, size 24-8 line 2825
[ 1390.354555] binder: 23772:23786 got transaction to invalid handle
21:38:01 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xa00000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1390.370915]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1390.370928] loop3: partition table partially beyond EOD, 
21:38:01 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x8000000000000000)

[ 1390.464757] binder: 23772:23786 transaction failed 29201/-22, size 0-0 line 2834
[ 1390.476313] binder: undelivered TRANSACTION_ERROR: 29201
[ 1390.486169] binder: 23772:23786 got transaction to context manager from process owning it
[ 1390.506794] binder: undelivered TRANSACTION_ERROR: 29201
[ 1390.512687] binder: 23772:23786 got transaction to invalid handle
21:38:01 executing program 1:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x4800, 0x0)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000140)={0x0, 0x7, 0x4, 0x10, {0x77359400}, {0x7, 0x0, 0x8, 0xffffffff, 0x2, 0x100000000, "356e9f4a"}, 0x1, 0x6, @planes=&(0x7f0000000100)={0x2, 0x4, @fd}, 0x4})
r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)
r3 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x7, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000280)=0x2, 0x4)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1390.658869] truncated
[ 1390.661984] loop3: p1 start 1 is beyond EOD, truncated
[ 1390.667969] loop3: p2 size 2 extends beyond EOD, truncated
[ 1390.703408] loop3: p3 start 201 is beyond EOD, truncated
[ 1390.730852] binder: release 23799:23800 transaction 6436 out, still active
[ 1390.733287] loop3: p4 start 301 is beyond EOD, truncated
[ 1390.740108] binder_alloc: 23799: binder_alloc_buf, no vma
21:38:01 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x600)

21:38:01 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x460a0000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1390.750704] binder: unexpected work type, 4, not freed
[ 1390.770098] loop3: p5 start 1 is beyond EOD, truncated
[ 1390.783016] binder: undelivered TRANSACTION_COMPLETE
[ 1390.788471] loop3: p6 start 1 is beyond EOD, truncated
[ 1390.794079] loop3: p7 start 1 is beyond EOD, truncated
[ 1390.826902] binder: BINDER_SET_CONTEXT_MGR already set
[ 1390.837340] loop3: p8 start 1 is beyond EOD, truncated
[ 1390.845172] binder_alloc: 23799: binder_alloc_buf, no vma
[ 1390.867124] binder: 23799:23800 ioctl 40046207 0 returned -16
[ 1390.873270] loop3: p9 start 1 is beyond EOD, truncated
[ 1390.898290] loop3: p10 start 1 is beyond EOD, truncated
[ 1390.908230] binder: send failed reply for transaction 6436, target dead
[ 1390.933257] loop3: p11 start 1 is beyond EOD, truncated
21:38:02 executing program 1:
perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/dev_mcast\x00')
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
preadv(r0, &(0x7f00000017c0), 0x10000000000001f7, 0x1000000)

[ 1390.979312] loop3: p12 start 1 is beyond EOD, truncated
[ 1391.005939] loop3: p13 start 1 is beyond EOD, truncated
[ 1391.059597] loop3: p14 start 1 is beyond EOD, truncated
[ 1391.144709] loop3: p15 start 1 is beyond EOD, truncated
[ 1391.175588] loop3: p16 start 1 is beyond EOD, truncated
[ 1391.208515] loop3: p17 start 1 is beyond EOD, truncated
[ 1391.286817] loop3: p18 start 1 is beyond EOD, truncated
[ 1391.329224] loop3: p19 start 1 is beyond EOD, truncated
[ 1391.354834] loop3: p20 start 1 is beyond EOD, truncated
[ 1391.384799] loop3: p21 start 1 is beyond EOD, truncated
[ 1391.404853] loop3: p22 start 1 is beyond EOD, truncated
[ 1391.424952] loop3: p23 start 1 is beyond EOD, truncated
[ 1391.445433] loop3: p24 start 1 is beyond EOD, truncated
[ 1391.464868] loop3: p25 start 1 is beyond EOD, truncated
[ 1391.470394] loop3: p26 start 1 is beyond EOD, truncated
[ 1391.494782] loop3: p27 start 1 is beyond EOD, truncated
[ 1391.511412] loop3: p28 start 1 is beyond EOD, truncated
[ 1391.525510] loop3: p29 start 1 is beyond EOD, truncated
[ 1391.531007] loop3: p30 start 1 is beyond EOD, truncated
[ 1391.536681] loop3: p31 start 1 is beyond EOD, truncated
[ 1391.542152] loop3: p32 start 1 is beyond EOD, truncated
[ 1391.549058] loop3: p33 start 1 is beyond EOD, truncated
[ 1391.554528] loop3: p34 start 1 is beyond EOD, truncated
[ 1391.560047] loop3: p35 start 1 is beyond EOD, truncated
[ 1391.565718] loop3: p36 start 1 is beyond EOD, truncated
[ 1391.571100] loop3: p37 start 1 is beyond EOD, truncated
[ 1391.576661] loop3: p38 start 1 is beyond EOD, truncated
[ 1391.582041] loop3: p39 start 1 is beyond EOD, truncated
[ 1391.587573] loop3: p40 start 1 is beyond EOD, truncated
[ 1391.592956] loop3: p41 start 1 is beyond EOD, truncated
[ 1391.598808] loop3: p42 start 1 is beyond EOD, truncated
[ 1391.604189] loop3: p43 start 1 is beyond EOD, truncated
[ 1391.609915] loop3: p44 start 1 is beyond EOD, truncated
[ 1391.615426] loop3: p45 start 1 is beyond EOD, truncated
[ 1391.621088] loop3: p46 start 1 is beyond EOD, truncated
[ 1391.626535] loop3: p47 start 1 is beyond EOD, truncated
[ 1391.632198] loop3: p48 start 1 is beyond EOD, truncated
[ 1391.637889] loop3: p49 start 1 is beyond EOD, truncated
[ 1391.643362] loop3: p50 start 1 is beyond EOD, truncated
[ 1391.648809] loop3: p51 start 1 is beyond EOD, truncated
[ 1391.654705] loop3: p52 start 1 is beyond EOD, truncated
[ 1391.660184] loop3: p53 start 1 is beyond EOD, truncated
[ 1391.684612] loop3: p54 start 1 is beyond EOD, truncated
[ 1391.690105] loop3: p55 start 1 is beyond EOD, truncated
[ 1391.695670] loop3: p56 start 1 is beyond EOD, truncated
[ 1391.721581] loop3: p57 start 1 is beyond EOD, truncated
[ 1391.727055] loop3: p58 start 1 is beyond EOD, truncated
[ 1391.742625] loop3: p59 start 1 is beyond EOD, truncated
[ 1391.748088] loop3: p60 start 1 is beyond EOD, truncated
[ 1391.758092] loop3: p61 start 1 is beyond EOD, truncated
[ 1391.763474] loop3: p62 start 1 is beyond EOD, truncated
[ 1391.768985] loop3: p63 start 1 is beyond EOD, truncated
[ 1391.774365] loop3: p64 start 1 is beyond EOD, truncated
[ 1391.779869] loop3: p65 start 1 is beyond EOD, truncated
[ 1391.785314] loop3: p66 start 1 is beyond EOD, truncated
[ 1391.790727] loop3: p67 start 1 is beyond EOD, truncated
[ 1391.796180] loop3: p68 start 1 is beyond EOD, truncated
[ 1391.801551] loop3: p69 start 1 is beyond EOD, truncated
[ 1391.806981] loop3: p70 start 1 is beyond EOD, truncated
[ 1391.812381] loop3: p71 start 1 is beyond EOD, truncated
[ 1391.817804] loop3: p72 start 1 is beyond EOD, truncated
[ 1391.823186] loop3: p73 start 1 is beyond EOD, truncated
[ 1391.828600] loop3: p74 start 1 is beyond EOD, truncated
[ 1391.833986] loop3: p75 start 1 is beyond EOD, truncated
[ 1391.839416] loop3: p76 start 1 is beyond EOD, truncated
[ 1391.844835] loop3: p77 start 1 is beyond EOD, truncated
[ 1391.850189] loop3: p78 start 1 is beyond EOD, truncated
[ 1391.855596] loop3: p79 start 1 is beyond EOD, truncated
[ 1391.860988] loop3: p80 start 1 is beyond EOD, truncated
[ 1391.866395] loop3: p81 start 1 is beyond EOD, truncated
[ 1391.871764] loop3: p82 start 1 is beyond EOD, truncated
[ 1391.877168] loop3: p83 start 1 is beyond EOD, truncated
[ 1391.882533] loop3: p84 start 1 is beyond EOD, truncated
[ 1391.887947] loop3: p85 start 1 is beyond EOD, truncated
[ 1391.893336] loop3: p86 start 1 is beyond EOD, truncated
[ 1391.898757] loop3: p87 start 1 is beyond EOD, truncated
[ 1391.904133] loop3: p88 start 1 is beyond EOD, truncated
[ 1391.909540] loop3: p89 start 1 is beyond EOD, truncated
[ 1391.914957] loop3: p90 start 1 is beyond EOD, truncated
[ 1391.920308] loop3: p91 start 1 is beyond EOD, truncated
[ 1391.925755] loop3: p92 start 1 is beyond EOD, truncated
[ 1391.931123] loop3: p93 start 1 is beyond EOD, truncated
[ 1391.936573] loop3: p94 start 1 is beyond EOD, truncated
[ 1391.941988] loop3: p95 start 1 is beyond EOD, truncated
[ 1391.947424] loop3: p96 start 1 is beyond EOD, truncated
[ 1391.952794] loop3: p97 start 1 is beyond EOD, truncated
[ 1391.958222] loop3: p98 start 1 is beyond EOD, truncated
[ 1391.963592] loop3: p99 start 1 is beyond EOD, truncated
[ 1391.968999] loop3: p100 start 1 is beyond EOD, truncated
[ 1391.974461] loop3: p101 start 1 is beyond EOD, truncated
[ 1391.979972] loop3: p102 start 1 is beyond EOD, truncated
[ 1391.985511] loop3: p103 start 1 is beyond EOD, truncated
[ 1391.990967] loop3: p104 start 1 is beyond EOD, truncated
[ 1391.996457] loop3: p105 start 1 is beyond EOD, truncated
[ 1392.001924] loop3: p106 start 1 is beyond EOD, truncated
[ 1392.007416] loop3: p107 start 1 is beyond EOD, truncated
[ 1392.012885] loop3: p108 start 1 is beyond EOD, truncated
[ 1392.018387] loop3: p109 start 1 is beyond EOD, truncated
[ 1392.023843] loop3: p110 start 1 is beyond EOD, truncated
[ 1392.029335] loop3: p111 start 1 is beyond EOD, truncated
[ 1392.034830] loop3: p112 start 1 is beyond EOD, truncated
[ 1392.040269] loop3: p113 start 1 is beyond EOD, truncated
[ 1392.045760] loop3: p114 start 1 is beyond EOD, truncated
[ 1392.051245] loop3: p115 start 1 is beyond EOD, truncated
[ 1392.056765] loop3: p116 start 1 is beyond EOD, truncated
[ 1392.062221] loop3: p117 start 1 is beyond EOD, truncated
[ 1392.067728] loop3: p118 start 1 is beyond EOD, truncated
[ 1392.073201] loop3: p119 start 1 is beyond EOD, truncated
[ 1392.078704] loop3: p120 start 1 is beyond EOD, truncated
[ 1392.084175] loop3: p121 start 1 is beyond EOD, truncated
[ 1392.089675] loop3: p122 start 1 is beyond EOD, truncated
[ 1392.095172] loop3: p123 start 1 is beyond EOD, truncated
[ 1392.100613] loop3: p124 start 1 is beyond EOD, truncated
[ 1392.106322] loop3: p125 start 1 is beyond EOD, truncated
[ 1392.113469] loop3: p126 start 1 is beyond EOD, truncated
[ 1392.119005] loop3: p127 start 1 is beyond EOD, truncated
[ 1392.124456] loop3: p128 start 1 is beyond EOD, truncated
[ 1392.129961] loop3: p129 start 1 is beyond EOD, truncated
[ 1392.135456] loop3: p130 start 1 is beyond EOD, truncated
[ 1392.140894] loop3: p131 start 1 is beyond EOD, truncated
[ 1392.146393] loop3: p132 start 1 is beyond EOD, truncated
[ 1392.151879] loop3: p133 start 1 is beyond EOD, truncated
[ 1392.157379] loop3: p134 start 1 is beyond EOD, truncated
[ 1392.162834] loop3: p135 start 1 is beyond EOD, truncated
[ 1392.168339] loop3: p136 start 1 is beyond EOD, truncated
[ 1392.173827] loop3: p137 start 1 is beyond EOD, truncated
[ 1392.179340] loop3: p138 start 1 is beyond EOD, truncated
[ 1392.184841] loop3: p139 start 1 is beyond EOD, truncated
[ 1392.190279] loop3: p140 start 1 is beyond EOD, truncated
[ 1392.195769] loop3: p141 start 1 is beyond EOD, truncated
[ 1392.201228] loop3: p142 start 1 is beyond EOD, truncated
[ 1392.206737] loop3: p143 start 1 is beyond EOD, truncated
[ 1392.212193] loop3: p144 start 1 is beyond EOD, truncated
[ 1392.217694] loop3: p145 start 1 is beyond EOD, truncated
[ 1392.223149] loop3: p146 start 1 is beyond EOD, truncated
[ 1392.228655] loop3: p147 start 1 is beyond EOD, truncated
[ 1392.234149] loop3: p148 start 1 is beyond EOD, truncated
[ 1392.239748] loop3: p149 start 1 is beyond EOD, truncated
[ 1392.245274] loop3: p150 start 1 is beyond EOD, truncated
[ 1392.250754] loop3: p151 start 1 is beyond EOD, truncated
[ 1392.256277] loop3: p152 start 1 is beyond EOD, truncated
[ 1392.261770] loop3: p153 start 1 is beyond EOD, truncated
[ 1392.267261] loop3: p154 start 1 is beyond EOD, truncated
[ 1392.272733] loop3: p155 start 1 is beyond EOD, truncated
[ 1392.278231] loop3: p156 start 1 is beyond EOD, truncated
[ 1392.283692] loop3: p157 start 1 is beyond EOD, truncated
[ 1392.289182] loop3: p158 start 1 is beyond EOD, truncated
[ 1392.294706] loop3: p159 start 1 is beyond EOD, truncated
[ 1392.300180] loop3: p160 start 1 is beyond EOD, truncated
[ 1392.305752] loop3: p161 start 1 is beyond EOD, truncated
[ 1392.311218] loop3: p162 start 1 is beyond EOD, truncated
[ 1392.316770] loop3: p163 start 1 is beyond EOD, truncated
[ 1392.322226] loop3: p164 start 1 is beyond EOD, truncated
[ 1392.327756] loop3: p165 start 1 is beyond EOD, truncated
[ 1392.333251] loop3: p166 start 1 is beyond EOD, truncated
[ 1392.338760] loop3: p167 start 1 is beyond EOD, truncated
[ 1392.344213] loop3: p168 start 1 is beyond EOD, truncated
[ 1392.349714] loop3: p169 start 1 is beyond EOD, truncated
[ 1392.355227] loop3: p170 start 1 is beyond EOD, truncated
[ 1392.360688] loop3: p171 start 1 is beyond EOD, truncated
[ 1392.366193] loop3: p172 start 1 is beyond EOD, truncated
[ 1392.371662] loop3: p173 start 1 is beyond EOD, truncated
[ 1392.377159] loop3: p174 start 1 is beyond EOD, truncated
[ 1392.382649] loop3: p175 start 1 is beyond EOD, truncated
[ 1392.388180] loop3: p176 start 1 is beyond EOD, truncated
[ 1392.393815] loop3: p177 start 1 is beyond EOD, truncated
[ 1392.399310] loop3: p178 start 1 is beyond EOD, truncated
[ 1392.404807] loop3: p179 start 1 is beyond EOD, truncated
[ 1392.410287] loop3: p180 start 1 is beyond EOD, truncated
[ 1392.415800] loop3: p181 start 1 is beyond EOD, truncated
[ 1392.421255] loop3: p182 start 1 is beyond EOD, truncated
[ 1392.426756] loop3: p183 start 1 is beyond EOD, truncated
[ 1392.432214] loop3: p184 start 1 is beyond EOD, truncated
[ 1392.437720] loop3: p185 start 1 is beyond EOD, truncated
[ 1392.443179] loop3: p186 start 1 is beyond EOD, truncated
[ 1392.448773] loop3: p187 start 1 is beyond EOD, truncated
[ 1392.454226] loop3: p188 start 1 is beyond EOD, truncated
[ 1392.459734] loop3: p189 start 1 is beyond EOD, truncated
[ 1392.465229] loop3: p190 start 1 is beyond EOD, truncated
[ 1392.470682] loop3: p191 start 1 is beyond EOD, truncated
[ 1392.476275] loop3: p192 start 1 is beyond EOD, truncated
[ 1392.481732] loop3: p193 start 1 is beyond EOD, truncated
[ 1392.487223] loop3: p194 start 1 is beyond EOD, truncated
[ 1392.492701] loop3: p195 start 1 is beyond EOD, truncated
[ 1392.498225] loop3: p196 start 1 is beyond EOD, truncated
[ 1392.503682] loop3: p197 start 1 is beyond EOD, truncated
[ 1392.509176] loop3: p198 start 1 is beyond EOD, truncated
[ 1392.514726] loop3: p199 start 1 is beyond EOD, truncated
[ 1392.520179] loop3: p200 start 1 is beyond EOD, truncated
[ 1392.525693] loop3: p201 start 1 is beyond EOD, truncated
[ 1392.531162] loop3: p202 start 1 is beyond EOD, truncated
[ 1392.536719] loop3: p203 start 1 is beyond EOD, truncated
[ 1392.542207] loop3: p204 start 1 is beyond EOD, truncated
[ 1392.547708] loop3: p205 start 1 is beyond EOD, truncated
[ 1392.553173] loop3: p206 start 1 is beyond EOD, truncated
[ 1392.558988] loop3: p207 start 1 is beyond EOD, truncated
[ 1392.564446] loop3: p208 start 1 is beyond EOD, truncated
[ 1392.569947] loop3: p209 start 1 is beyond EOD, truncated
[ 1392.575456] loop3: p210 start 1 is beyond EOD, truncated
[ 1392.580895] loop3: p211 start 1 is beyond EOD, truncated
[ 1392.586405] loop3: p212 start 1 is beyond EOD, truncated
[ 1392.591857] loop3: p213 start 1 is beyond EOD, truncated
[ 1392.597352] loop3: p214 start 1 is beyond EOD, truncated
[ 1392.602815] loop3: p215 start 1 is beyond EOD, truncated
[ 1392.608308] loop3: p216 start 1 is beyond EOD, truncated
[ 1392.613772] loop3: p217 start 1 is beyond EOD, truncated
[ 1392.619268] loop3: p218 start 1 is beyond EOD, truncated
[ 1392.624792] loop3: p219 start 1 is beyond EOD, truncated
[ 1392.630244] loop3: p220 start 1 is beyond EOD, truncated
[ 1392.635884] loop3: p221 start 1 is beyond EOD, truncated
[ 1392.641360] loop3: p222 start 1 is beyond EOD, truncated
[ 1392.646857] loop3: p223 start 1 is beyond EOD, truncated
[ 1392.652330] loop3: p224 start 1 is beyond EOD, truncated
[ 1392.657824] loop3: p225 start 1 is beyond EOD, truncated
[ 1392.663285] loop3: p226 start 1 is beyond EOD, truncated
[ 1392.668778] loop3: p227 start 1 is beyond EOD, truncated
[ 1392.674232] loop3: p228 start 1 is beyond EOD, truncated
[ 1392.679728] loop3: p229 start 1 is beyond EOD, truncated
[ 1392.685237] loop3: p230 start 1 is beyond EOD, truncated
[ 1392.690675] loop3: p231 start 1 is beyond EOD, truncated
[ 1392.696167] loop3: p232 start 1 is beyond EOD, truncated
[ 1392.701627] loop3: p233 start 1 is beyond EOD, truncated
[ 1392.707180] loop3: p234 start 1 is beyond EOD, truncated
[ 1392.712666] loop3: p235 start 1 is beyond EOD, truncated
[ 1392.718174] loop3: p236 start 1 is beyond EOD, truncated
[ 1392.723634] loop3: p237 start 1 is beyond EOD, truncated
[ 1392.729135] loop3: p238 start 1 is beyond EOD, truncated
[ 1392.734628] loop3: p239 start 1 is beyond EOD, truncated
[ 1392.740072] loop3: p240 start 1 is beyond EOD, truncated
[ 1392.745567] loop3: p241 start 1 is beyond EOD, truncated
[ 1392.751061] loop3: p242 start 1 is beyond EOD, truncated
[ 1392.756548] loop3: p243 start 1 is beyond EOD, truncated
[ 1392.762041] loop3: p244 start 1 is beyond EOD, truncated
[ 1392.767555] loop3: p245 start 1 is beyond EOD, truncated
[ 1392.773049] loop3: p246 start 1 is beyond EOD, truncated
[ 1392.778548] loop3: p247 start 1 is beyond EOD, truncated
[ 1392.784009] loop3: p248 start 1 is beyond EOD, truncated
[ 1392.789573] loop3: p249 start 1 is beyond EOD, truncated
[ 1392.795089] loop3: p250 start 1 is beyond EOD, truncated
[ 1392.800540] loop3: p251 start 1 is beyond EOD, truncated
[ 1392.806034] loop3: p252 start 1 is beyond EOD, truncated
[ 1392.811506] loop3: p253 start 1 is beyond EOD, truncated
[ 1392.817016] loop3: p254 start 1 is beyond EOD, truncated
[ 1392.822473] loop3: p255 start 1 is beyond EOD, truncated
21:38:03 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x1000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:03 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x7, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x100000000000000, 0x8000, 0xff, 0x100000001, <r1=>0x0}, &(0x7f0000000040)=0x10)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000080)={r1, @in={{0x2, 0x4e24, @empty}}}, 0x84)

21:38:03 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:03 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
prctl$PR_GET_TIMERSLACK(0x1e)

21:38:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:03 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x4)

21:38:03 executing program 1:
sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009)
r0 = perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000180))
r1 = syz_open_procfs(0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x10000000000001f7, 0x0)
geteuid()

[ 1392.920518] binder_alloc_mmap_handler: 9 callbacks suppressed
[ 1392.920537] binder_alloc: binder_alloc_mmap_handler: 23832 20001000-20004000 already mapped failed -16
21:38:04 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xb]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:04 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x600000000000000)

[ 1393.070872]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1393.070888] loop3: partition table partially beyond EOD, 
21:38:04 executing program 1:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, 0x0, &(0x7f0000000080))

[ 1393.209301] truncated
[ 1393.212182] loop3: p1 start 1 is beyond EOD, truncated
[ 1393.218268] loop3: p2 size 2 extends beyond EOD, truncated
[ 1393.231303] loop3: p3 start 201 is beyond EOD, truncated
[ 1393.237149] loop3: p4 start 301 is beyond EOD, truncated
[ 1393.242867] loop3: p5 start 1 is beyond EOD, truncated
[ 1393.248465] loop3: p6 start 1 is beyond EOD, truncated
[ 1393.253997] loop3: p7 start 1 is beyond EOD, truncated
21:38:04 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x13]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1393.259582] loop3: p8 start 1 is beyond EOD, truncated
[ 1393.265582] loop3: p9 start 1 is beyond EOD, truncated
[ 1393.271569] loop3: p10 start 1 is beyond EOD, truncated
[ 1393.277697] loop3: p11 start 1 is beyond EOD, truncated
[ 1393.284505] loop3: p12 start 1 is beyond EOD, truncated
[ 1393.290505] binder_alloc: binder_alloc_mmap_handler: 23854 20ffd000-21000000 already mapped failed -16
[ 1393.336226] loop3: p13 start 1 is beyond EOD, truncated
21:38:04 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, &(0x7f0000000ac0)='\xa7\x1d\x0043\xf2x\xe7\xe1\xf7\xfcZ\xcb\xc5\xf0J\xb0\xd5\r\t@-M\xa3\xd2\x9d0\xdc\xdcit0<l\xad\x8eb\xdd\xe1\x0f\xa5o\xaa\x9c;\x99_\x8dg\xd5\x18\xac\xb0\xdf\xd6\b\x92\x91\xe5\xf8sC\xa4|2`\x9ah\xf9\x94#\xef\x83\xc4\xba\xf8\x0e\xbc`\xf2\xc41\xe5R\xecr!\xb8\x06\x91K\xa9L_\x8b\xef\xcd\x7f\x98on\xa8F\xfd,`\xa9\xf9\xaf\x9a6\xf3\x06O\xedN')

[ 1393.374498] loop3: p14 start 1 is beyond EOD, truncated
[ 1393.421262] loop3: p15 start 1 is beyond EOD, truncated
[ 1393.429816] binder_alloc: binder_alloc_mmap_handler: 23854 20001000-20004000 already mapped failed -16
[ 1393.441804] loop3: p16 start 1 is beyond EOD, truncated
[ 1393.447574] loop3: p17 start 1 is beyond EOD, truncated
[ 1393.453223] loop3: p18 start 1 is beyond EOD, truncated
[ 1393.459928] loop3: p19 start 1 is beyond EOD, truncated
[ 1393.466991] loop3: p20 start 1 is beyond EOD, truncated
[ 1393.472634] loop3: p21 start 1 is beyond EOD, truncated
[ 1393.478363] loop3: p22 start 1 is beyond EOD, truncated
[ 1393.484005] loop3: p23 start 1 is beyond EOD, truncated
[ 1393.490314] loop3: p24 start 1 is beyond EOD, truncated
[ 1393.501527] loop3: p25 start 1 is beyond EOD, truncated
[ 1393.507768] loop3: p26 start 1 is beyond EOD, truncated
[ 1393.513407] loop3: p27 start 1 is beyond EOD, truncated
21:38:04 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x2]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1393.530825] loop3: p28 start 1 is beyond EOD, truncated
[ 1393.549060] loop3: p29 start 1 is beyond EOD, truncated
[ 1393.577969] loop3: p30 start 1 is beyond EOD, truncated
[ 1393.606137] loop3: p31 start 1 is beyond EOD, truncated
[ 1393.631988] loop3: p32 start 1 is beyond EOD, truncated
[ 1393.680525] loop3: p33 start 1 is beyond EOD, truncated
[ 1393.730297] loop3: p34 start 1 is beyond EOD, truncated
[ 1393.787398] loop3: p35 start 1 is beyond EOD, truncated
21:38:04 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x200)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000000)={0x8, 0x4, 0x4, 0x0, {}, {0x3, 0xc, 0x5, 0x9, 0x0, 0x0, "e8f95a12"}, 0x3ff, 0x0, @fd=<r1=>r0, 0x4})
write$binfmt_elf32(r1, &(0x7f0000001a00)=ANY=[@ANYBLOB="7f454c460501020121fbffffffffffff02000300000000004c010000380000004500000001000000070020000200c0ff0600060000000000010000600010000000000000050000000100000083260000e963000004000000050000000900000006000000010000801f000000010000000600000000080000a3a73c53659b4e4718a372baa8a465116b03000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fae6ecfde13824e000000000000000000000000000000000000000000000000000000000000000000000000000000000092b3d68577950000000000000000000000000000009100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076d832f84fbb92944bfcf5bd9bfe72dd625ab9d188f641b5de252d7ed1f422f41f6cc6eb24c14683f5c862880af0d073cd01cdcd6fa6462693c47955065186b9d12d7c94f005b482deec0734e62edd1a596270ce7ef8163696f5aefa01831db6d7ac6eb2611bbd8cc434184ff7215ad2a61bccf8529c8e5ec9996e40c99c366ee53061d81c8f5c053efce23a0cddf40a422660888c7530e23f41b37be5b6f81028186e2cc0e6a7fda6f99bc84557060cb98a678da92aab8587ecf62dea605d7884dc"], 0x78a)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000100)={<r3=>0x0, 0x3}, &(0x7f0000000140)=0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000001940)={r3, 0x365, 0x40, 0xf1b9}, 0x10)
ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f00000000c0)=0x9)

[ 1393.807715] loop3: p36 start 1 is beyond EOD, truncated
[ 1393.863663] loop3: p37 start 1 is beyond EOD, truncated
[ 1393.874458] loop3: p38 start 1 is beyond EOD, truncated
[ 1393.879962] loop3: p39 start 1 is beyond EOD, truncated
[ 1393.885425] loop3: p40 start 1 is beyond EOD, truncated
[ 1393.890807] loop3: p41 start 1 is beyond EOD, truncated
[ 1393.896258] loop3: p42 start 1 is beyond EOD, truncated
[ 1393.901632] loop3: p43 start 1 is beyond EOD, truncated
[ 1393.907100] loop3: p44 start 1 is beyond EOD, truncated
[ 1393.912480] loop3: p45 start 1 is beyond EOD, truncated
[ 1393.918017] loop3: p46 start 1 is beyond EOD, truncated
[ 1393.923472] loop3: p47 start 1 is beyond EOD, truncated
[ 1393.929475] loop3: p48 start 1 is beyond EOD, truncated
[ 1393.934906] loop3: p49 start 1 is beyond EOD, truncated
[ 1393.940295] loop3: p50 start 1 is beyond EOD, truncated
[ 1393.945797] loop3: p51 start 1 is beyond EOD, truncated
[ 1393.951172] loop3: p52 start 1 is beyond EOD, truncated
[ 1393.957097] loop3: p53 start 1 is beyond EOD, truncated
[ 1393.962481] loop3: p54 start 1 is beyond EOD, truncated
[ 1393.967944] loop3: p55 start 1 is beyond EOD, truncated
[ 1393.973315] loop3: p56 start 1 is beyond EOD, truncated
[ 1393.979541] loop3: p57 start 1 is beyond EOD, truncated
[ 1393.984963] loop3: p58 start 1 is beyond EOD, truncated
[ 1393.990356] loop3: p59 start 1 is beyond EOD, truncated
[ 1393.995835] loop3: p60 start 1 is beyond EOD, truncated
[ 1394.001211] loop3: p61 start 1 is beyond EOD, truncated
[ 1394.007491] loop3: p62 start 1 is beyond EOD, truncated
[ 1394.012876] loop3: p63 start 1 is beyond EOD, truncated
[ 1394.018409] loop3: p64 start 1 is beyond EOD, truncated
[ 1394.023776] loop3: p65 start 1 is beyond EOD, truncated
[ 1394.029212] loop3: p66 start 1 is beyond EOD, truncated
[ 1394.034709] loop3: p67 start 1 is beyond EOD, truncated
[ 1394.040087] loop3: p68 start 1 is beyond EOD, truncated
[ 1394.045508] loop3: p69 start 1 is beyond EOD, truncated
[ 1394.050904] loop3: p70 start 1 is beyond EOD, truncated
[ 1394.056315] loop3: p71 start 1 is beyond EOD, truncated
[ 1394.061708] loop3: p72 start 1 is beyond EOD, truncated
[ 1394.067128] loop3: p73 start 1 is beyond EOD, truncated
[ 1394.072497] loop3: p74 start 1 is beyond EOD, truncated
[ 1394.077907] loop3: p75 start 1 is beyond EOD, truncated
[ 1394.083292] loop3: p76 start 1 is beyond EOD, truncated
[ 1394.088723] loop3: p77 start 1 is beyond EOD, truncated
[ 1394.094092] loop3: p78 start 1 is beyond EOD, truncated
[ 1394.099521] loop3: p79 start 1 is beyond EOD, truncated
[ 1394.104932] loop3: p80 start 1 is beyond EOD, truncated
[ 1394.110293] loop3: p81 start 1 is beyond EOD, truncated
[ 1394.115715] loop3: p82 start 1 is beyond EOD, truncated
[ 1394.121102] loop3: p83 start 1 is beyond EOD, truncated
[ 1394.126519] loop3: p84 start 1 is beyond EOD, truncated
[ 1394.131937] loop3: p85 start 1 is beyond EOD, truncated
[ 1394.138188] loop3: p86 start 1 is beyond EOD, truncated
[ 1394.143552] loop3: p87 start 1 is beyond EOD, truncated
[ 1394.149050] loop3: p88 start 1 is beyond EOD, truncated
[ 1394.154423] loop3: p89 start 1 is beyond EOD, truncated
[ 1394.159928] loop3: p90 start 1 is beyond EOD, truncated
[ 1394.165391] loop3: p91 start 1 is beyond EOD, truncated
[ 1394.170774] loop3: p92 start 1 is beyond EOD, truncated
[ 1394.176187] loop3: p93 start 1 is beyond EOD, truncated
[ 1394.181571] loop3: p94 start 1 is beyond EOD, truncated
[ 1394.186986] loop3: p95 start 1 is beyond EOD, truncated
[ 1394.192382] loop3: p96 start 1 is beyond EOD, truncated
[ 1394.197819] loop3: p97 start 1 is beyond EOD, truncated
[ 1394.203199] loop3: p98 start 1 is beyond EOD, truncated
[ 1394.208625] loop3: p99 start 1 is beyond EOD, truncated
[ 1394.214007] loop3: p100 start 1 is beyond EOD, truncated
[ 1394.219530] loop3: p101 start 1 is beyond EOD, truncated
[ 1394.225090] loop3: p102 start 1 is beyond EOD, truncated
[ 1394.230531] loop3: p103 start 1 is beyond EOD, truncated
[ 1394.236183] loop3: p104 start 1 is beyond EOD, truncated
[ 1394.241720] loop3: p105 start 1 is beyond EOD, truncated
[ 1394.247265] loop3: p106 start 1 is beyond EOD, truncated
[ 1394.252720] loop3: p107 start 1 is beyond EOD, truncated
[ 1394.258262] loop3: p108 start 1 is beyond EOD, truncated
[ 1394.263724] loop3: p109 start 1 is beyond EOD, truncated
[ 1394.270051] loop3: p110 start 1 is beyond EOD, truncated
[ 1394.275554] loop3: p111 start 1 is beyond EOD, truncated
[ 1394.281043] loop3: p112 start 1 is beyond EOD, truncated
[ 1394.286553] loop3: p113 start 1 is beyond EOD, truncated
[ 1394.292016] loop3: p114 start 1 is beyond EOD, truncated
[ 1394.297531] loop3: p115 start 1 is beyond EOD, truncated
[ 1394.302986] loop3: p116 start 1 is beyond EOD, truncated
[ 1394.308486] loop3: p117 start 1 is beyond EOD, truncated
[ 1394.313955] loop3: p118 start 1 is beyond EOD, truncated
[ 1394.319493] loop3: p119 start 1 is beyond EOD, truncated
[ 1394.324988] loop3: p120 start 1 is beyond EOD, truncated
[ 1394.330433] loop3: p121 start 1 is beyond EOD, truncated
[ 1394.335937] loop3: p122 start 1 is beyond EOD, truncated
[ 1394.341392] loop3: p123 start 1 is beyond EOD, truncated
[ 1394.346912] loop3: p124 start 1 is beyond EOD, truncated
[ 1394.352364] loop3: p125 start 1 is beyond EOD, truncated
[ 1394.357874] loop3: p126 start 1 is beyond EOD, truncated
[ 1394.363322] loop3: p127 start 1 is beyond EOD, truncated
[ 1394.368825] loop3: p128 start 1 is beyond EOD, truncated
[ 1394.374495] loop3: p129 start 1 is beyond EOD, truncated
[ 1394.380004] loop3: p130 start 1 is beyond EOD, truncated
[ 1394.385494] loop3: p131 start 1 is beyond EOD, truncated
[ 1394.390937] loop3: p132 start 1 is beyond EOD, truncated
[ 1394.397213] loop3: p133 start 1 is beyond EOD, truncated
[ 1394.402670] loop3: p134 start 1 is beyond EOD, truncated
[ 1394.408177] loop3: p135 start 1 is beyond EOD, truncated
[ 1394.413645] loop3: p136 start 1 is beyond EOD, truncated
[ 1394.419169] loop3: p137 start 1 is beyond EOD, truncated
[ 1394.424664] loop3: p138 start 1 is beyond EOD, truncated
[ 1394.430103] loop3: p139 start 1 is beyond EOD, truncated
[ 1394.435598] loop3: p140 start 1 is beyond EOD, truncated
[ 1394.441076] loop3: p141 start 1 is beyond EOD, truncated
[ 1394.446606] loop3: p142 start 1 is beyond EOD, truncated
[ 1394.452084] loop3: p143 start 1 is beyond EOD, truncated
[ 1394.457591] loop3: p144 start 1 is beyond EOD, truncated
[ 1394.463080] loop3: p145 start 1 is beyond EOD, truncated
[ 1394.468573] loop3: p146 start 1 is beyond EOD, truncated
[ 1394.474048] loop3: p147 start 1 is beyond EOD, truncated
[ 1394.479769] loop3: p148 start 1 is beyond EOD, truncated
[ 1394.485323] loop3: p149 start 1 is beyond EOD, truncated
[ 1394.490777] loop3: p150 start 1 is beyond EOD, truncated
[ 1394.496270] loop3: p151 start 1 is beyond EOD, truncated
[ 1394.501735] loop3: p152 start 1 is beyond EOD, truncated
[ 1394.507241] loop3: p153 start 1 is beyond EOD, truncated
[ 1394.512696] loop3: p154 start 1 is beyond EOD, truncated
[ 1394.518192] loop3: p155 start 1 is beyond EOD, truncated
[ 1394.523678] loop3: p156 start 1 is beyond EOD, truncated
[ 1394.529948] loop3: p157 start 1 is beyond EOD, truncated
[ 1394.535455] loop3: p158 start 1 is beyond EOD, truncated
[ 1394.540917] loop3: p159 start 1 is beyond EOD, truncated
[ 1394.546439] loop3: p160 start 1 is beyond EOD, truncated
[ 1394.551893] loop3: p161 start 1 is beyond EOD, truncated
[ 1394.557502] loop3: p162 start 1 is beyond EOD, truncated
[ 1394.562963] loop3: p163 start 1 is beyond EOD, truncated
[ 1394.568460] loop3: p164 start 1 is beyond EOD, truncated
[ 1394.573935] loop3: p165 start 1 is beyond EOD, truncated
[ 1394.579449] loop3: p166 start 1 is beyond EOD, truncated
[ 1394.584974] loop3: p167 start 1 is beyond EOD, truncated
[ 1394.590431] loop3: p168 start 1 is beyond EOD, truncated
[ 1394.595956] loop3: p169 start 1 is beyond EOD, truncated
[ 1394.601434] loop3: p170 start 1 is beyond EOD, truncated
[ 1394.606938] loop3: p171 start 1 is beyond EOD, truncated
[ 1394.612395] loop3: p172 start 1 is beyond EOD, truncated
[ 1394.617928] loop3: p173 start 1 is beyond EOD, truncated
[ 1394.623427] loop3: p174 start 1 is beyond EOD, truncated
[ 1394.628969] loop3: p175 start 1 is beyond EOD, truncated
[ 1394.634426] loop3: p176 start 1 is beyond EOD, truncated
[ 1394.639943] loop3: p177 start 1 is beyond EOD, truncated
[ 1394.645441] loop3: p178 start 1 is beyond EOD, truncated
[ 1394.650892] loop3: p179 start 1 is beyond EOD, truncated
[ 1394.657170] loop3: p180 start 1 is beyond EOD, truncated
[ 1394.662798] loop3: p181 start 1 is beyond EOD, truncated
[ 1394.668594] loop3: p182 start 1 is beyond EOD, truncated
[ 1394.674042] loop3: p183 start 1 is beyond EOD, truncated
[ 1394.679550] loop3: p184 start 1 is beyond EOD, truncated
[ 1394.685068] loop3: p185 start 1 is beyond EOD, truncated
[ 1394.690519] loop3: p186 start 1 is beyond EOD, truncated
[ 1394.696043] loop3: p187 start 1 is beyond EOD, truncated
[ 1394.701518] loop3: p188 start 1 is beyond EOD, truncated
[ 1394.707081] loop3: p189 start 1 is beyond EOD, truncated
[ 1394.712581] loop3: p190 start 1 is beyond EOD, truncated
[ 1394.718160] loop3: p191 start 1 is beyond EOD, truncated
[ 1394.723631] loop3: p192 start 1 is beyond EOD, truncated
[ 1394.729129] loop3: p193 start 1 is beyond EOD, truncated
[ 1394.734658] loop3: p194 start 1 is beyond EOD, truncated
[ 1394.740113] loop3: p195 start 1 is beyond EOD, truncated
[ 1394.745883] loop3: p196 start 1 is beyond EOD, truncated
[ 1394.753806] loop3: p197 start 1 is beyond EOD, truncated
[ 1394.759585] loop3: p198 start 1 is beyond EOD, truncated
[ 1394.765234] loop3: p199 start 1 is beyond EOD, truncated
[ 1394.770799] loop3: p200 start 1 is beyond EOD, truncated
[ 1394.776474] loop3: p201 start 1 is beyond EOD, truncated
[ 1394.782283] loop3: p202 start 1 is beyond EOD, truncated
[ 1394.789179] loop3: p203 start 1 is beyond EOD, truncated
[ 1394.795049] loop3: p204 start 1 is beyond EOD, truncated
[ 1394.800671] loop3: p205 start 1 is beyond EOD, truncated
[ 1394.806224] loop3: p206 start 1 is beyond EOD, truncated
[ 1394.811683] loop3: p207 start 1 is beyond EOD, truncated
[ 1394.817173] loop3: p208 start 1 is beyond EOD, truncated
[ 1394.822653] loop3: p209 start 1 is beyond EOD, truncated
[ 1394.828147] loop3: p210 start 1 is beyond EOD, truncated
[ 1394.833633] loop3: p211 start 1 is beyond EOD, truncated
[ 1394.839127] loop3: p212 start 1 is beyond EOD, truncated
[ 1394.844657] loop3: p213 start 1 is beyond EOD, truncated
[ 1394.850095] loop3: p214 start 1 is beyond EOD, truncated
[ 1394.855628] loop3: p215 start 1 is beyond EOD, truncated
[ 1394.861119] loop3: p216 start 1 is beyond EOD, truncated
[ 1394.866609] loop3: p217 start 1 is beyond EOD, truncated
[ 1394.872096] loop3: p218 start 1 is beyond EOD, truncated
[ 1394.877591] loop3: p219 start 1 is beyond EOD, truncated
[ 1394.883052] loop3: p220 start 1 is beyond EOD, truncated
[ 1394.888543] loop3: p221 start 1 is beyond EOD, truncated
[ 1394.894013] loop3: p222 start 1 is beyond EOD, truncated
[ 1394.899500] loop3: p223 start 1 is beyond EOD, truncated
[ 1394.904998] loop3: p224 start 1 is beyond EOD, truncated
[ 1394.910437] loop3: p225 start 1 is beyond EOD, truncated
[ 1394.916749] loop3: p226 start 1 is beyond EOD, truncated
[ 1394.922198] loop3: p227 start 1 is beyond EOD, truncated
[ 1394.927764] loop3: p228 start 1 is beyond EOD, truncated
[ 1394.933243] loop3: p229 start 1 is beyond EOD, truncated
[ 1394.938752] loop3: p230 start 1 is beyond EOD, truncated
[ 1394.944226] loop3: p231 start 1 is beyond EOD, truncated
[ 1394.949719] loop3: p232 start 1 is beyond EOD, truncated
[ 1394.955248] loop3: p233 start 1 is beyond EOD, truncated
[ 1394.960710] loop3: p234 start 1 is beyond EOD, truncated
[ 1394.966232] loop3: p235 start 1 is beyond EOD, truncated
[ 1394.971689] loop3: p236 start 1 is beyond EOD, truncated
[ 1394.977174] loop3: p237 start 1 is beyond EOD, truncated
[ 1394.982672] loop3: p238 start 1 is beyond EOD, truncated
[ 1394.988173] loop3: p239 start 1 is beyond EOD, truncated
[ 1394.993671] loop3: p240 start 1 is beyond EOD, truncated
[ 1394.999172] loop3: p241 start 1 is beyond EOD, truncated
[ 1395.004701] loop3: p242 start 1 is beyond EOD, truncated
[ 1395.010144] loop3: p243 start 1 is beyond EOD, truncated
[ 1395.015627] loop3: p244 start 1 is beyond EOD, truncated
[ 1395.021119] loop3: p245 start 1 is beyond EOD, truncated
[ 1395.026628] loop3: p246 start 1 is beyond EOD, truncated
[ 1395.032119] loop3: p247 start 1 is beyond EOD, truncated
[ 1395.037608] loop3: p248 start 1 is beyond EOD, truncated
[ 1395.043091] loop3: p249 start 1 is beyond EOD, truncated
[ 1395.049281] loop3: p250 start 1 is beyond EOD, truncated
[ 1395.054954] loop3: p251 start 1 is beyond EOD, truncated
[ 1395.060415] loop3: p252 start 1 is beyond EOD, truncated
[ 1395.066011] loop3: p253 start 1 is beyond EOD, truncated
[ 1395.071469] loop3: p254 start 1 is beyond EOD, truncated
[ 1395.077355] loop3: p255 start 1 is beyond EOD, truncated
21:38:06 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:06 executing program 1:
r0 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000400)="97cbf09a58faf80b2ea2eada54d655ab04a7ab151756b00e6d621e301a34f340e10cbbb1e7f7d3aed2056841a16f9cc36ae9d743e5defc79212231b39e71abf5728b4503643ac5dd6868cf3ec3833bcadf8a53252d5499764fb05a8c91d2cace89e3f7664dce910d31963ac94a2862018523ae97264e213e10106288a8beefd4e7f95aff9de1108b6175ce42bac1a9a6d9d5e405e66ff16bbc2b6d730ec3ea91b4b68795241d69915f9f0ec4fe978e04ad40534d96a32507c2d8fa8d915b09df1b50aa64511b24023df4678b7b53ba62adbac9315b837090f75dc6d4ef50c5d095f90cac6b9ebc2e49ed59401d3596488dd6dc0a48459bf1340302fe41818c12f2982373264123f2e5a8c211c844ae544e38cd2c2c61effbf36ee1257d7537c43a46b3862e3a57f63e152a6be9547bcf965ab0776cc0450da3b64e7376fca5541aa4559ef2582d094afe7ebc37aca0a00f3718c546744e8d39b1c5f981bb69f3c340bd37a76bfaaf51cdf479921d6253a30e9a70aa8c7355b967f2f21e6cf32ea4cfc0f719619abea14b4763f9c79cc492dbe89fea3189ae70d5ac837bb4b7824acd43b9b3357ad64b5c11bde7bfdbfee8853232cfbac8648bba3f2d5af3c40fd0f928b0938c6457c7a566f9393f63123ebc069ab78b840e0968d0cc03fcf5fad2281737f19bc5c96a9d03edc9c44dcb04528ef5d51522c6a14811b13034417ea7f116d6bf1269e4eedae3957ca70eee6307a230da1259a725d494c3498b13f71a851ae41cf9b31837ef34c27c8ea875e417fd2d5bc7fab94998954d7bcba3f97f8325aa0d772b6ceccf2a7d0e035faccb381048143f5800e0fb32c89f44dc386c00d171bf3e807d2f248b1acfd7666e9a6f55d58d577a681170fe0ead865d445f5ebf82687d3b465a22a99362ba2f5e187c12a5d515dabce0d2ffe6d4a5bc0e50d7df4ddab00ff1173f147007b77e970d9df2710d4cacc987a6e9a38fb18e64e1dfeb800061c8f9fac5848955bdf54a327f904efeb5cb7468292e0eb829144b0c99bca47bc817e683d7ab8b8eada2ced0b72dfda7e30682f5d71111b0b45601828be8b3133fa68165af0c0f49be38eebffb3ead7ae51a2cbde96775f185862a3e0e6cf34cff14979b8d60101703eec1b1e4b676678d89aa75fec32313425f3d6ff1c469cc17f544a7a2d9b282121331cf5b8e6eefa868606fefcd6bfe9b155245efac378a37313ea8a30dfb0d4d992b703a2cfdd3af3a74ec1149088f069ca1b54ef58310e44eb87d3bdbe7622856f49e10d52c42ad8adefca896208f070e49036d1b05fe031e25bb5f8f36937446cb45699c25c1283d49a2dc39962c70aa42d7cad499dd08fbfe977b1f7bc0f20431727c50950d74b68261ecb8a2f548eb9a19f376aaaf99736dc0b08c27d554eda627f439a6d6057787bc305b263f462fec9c1470e13322b952df0794f8d18cb23e87b4beb76ddba3323ca4dc67030ece09e8e7abd239de3de1d124e2a0b45498c4e745a8237fd10e1d006c59630c0cfdc0e9c81ca8122d56f44878eb8de8600d6390fee6997feede978cb85409e6c491bb22e6324e80598d563a53854a130c897959e7208749e3de57123c6756862044b3b08b1f49f687c7716320d3c597387c81b8b27c504a0a9e9750138857b20621d577c4bae3a36e1a77ad2626a423efb4da8213b62f445603ff20ed272e7b6fadb2cc17da5c6341a66d6d2df7086d93de44b22da061f158710d6e958acc011e36648f32feb81348bb10a50b801a5c24a703172b984cc08a565440bf9661cd92633d7d06411356e5f68ec7d1a062debedd3d8a8e857e2ddfec40f9c8aa24a95ff0941e7335be1836d59df7c02e3224f95800887935aa870553a50aff339ac9c89fa55da3ea24ec97b791f5abf7e810afdace7717c6c38b19b04ccb598a9b413e628fef78b1fad82670444799c89dc81fb350b66193ac349a854a3fa2c876d09936c888c5db6c875e7b7ae4724c7e5974e1f698670186d680313c6f2743e708f775eb727d1c4868404f453a29c50b69c637f1310632a98c0bcf89667b92243f3942f9ca2e4a40677595aba32de9347c149a1dedf814ae0b9db5927eb636870f0a349493a7b1b1463f10ef494a7cedf55712d574655e41669e27b7b93b2b10226b6eaa713230964fdfaf12b4cff629d6135da8a71a2b033b942e996b0067ccd28901b5085e28638629dd83bc18446b17ad9063116e084333ceb9378ab062247b109371f4ff23e544fb721355972708efb76ec799964ac029631f74c250d2372e409c76e2e8f8f9e5446b8f5360515c27f47dea44ad301fd57c58ade82401ccac96289b386133cd8a717c566e22427dca685e1e0e30e95b3d957c7be73ed6598a5735cbbeb40f14b42d747ab55ab52c47165b06e959169b3747d8dcfe8e33accffa815ad86355b3021a610addebc5a531c9b29ce1eab6942346cca7e80a846f55c0c74ba80c420b35d20f19b2527ccebf8b8bed460ff8fcbce4d76102d1a12ff3172d8a992e4901b08015d5dedfdf4f00d645f0bd276275ed52ded000dcfe719983c629c081778f44e1029bc66209d55fb1ceb3e2a8c01abbf7374c1846e5458a4d1220950f271b8ceedf5e420bcabf492214ab9d8c4be36f9a50b2d3ebf9f49b52f5eccddbaaa1a620f2e64662b2b0f50c7d2605686626d9d1856458fe85fbbb18899b5d7a6c4955ab194f6d175625c50497b0156e0bbbd3de168656a1bd0c456a0dbcc1f855d6f2f5267126de26e7086525ace284779b2d647a40d33ff6f76baaa54a7f9a54efc1a78b1f75c62cfbcb824b37bc6c10894e8865a1aca561953f68913a61bc573df39ec0b01a3488dde437b660b3aa93188c670f7f41f63985c63577fe6a6357613c0b2a118bc8dd0bf52b095f91ccd8d60c7f0a7b5070041f8842d0101f0867c9ea82fe81fee9117a8534a1b322d430822dfa748152fde919df9445615b93590759cce780969533da9d9c228686f4518dbab3a698996d1bec2ab7cc85ddce239bc21fac0482c915cf07f8fb9c06f8dee536d4b95ee7ad2f8539f6c285852ecbed50b655417d9c6a9ca94c7c9a0965bd9f180ee2a4ffd03bd13659768bb038534fb645f26c1e7eaaacc4b432a7530cb97e3a116ae8c1f9165528a4dc0895db7e5de099f4cda1259c1eebe894eaf7afba296b195474437792d991f41e8499f0399afbcaded3c3ef222cfe9e86a06b4b1894d26f1aa8eef18e133419027514c2bf474600e1c4daf622819b213b615781fe8ea815e728a0be75ac067786e1c2e780dbf06e8ae767161635e93bdeb1fad59d8b10b72ae78c8259663b4d7f4abf64e065553c1326d3cfcca9a46b818c70538f15ec302ee95138c526f2cb27bcb5d0f5010ecf89847779bc1bc370a78aad404311eea1eface0813aaf53cd22bb1e7d8722c7387080c0f1838f3707aaa42e464887e487036e8762e2f4eabb6d11aa3081498ef76d24b0ca8f84f44a041417fb1cc3ea07f8c557177245feb9a1ff82fdad5f9f2cf8b04b74a90b61a5cbe170fb01572f65fe4ccc262157377483f26564f90fd58569c28b9a9c58dd28a533f2a5ab0c791151357580fb68970c5a4898c0210a8af9e0408715d896795ac6e5fa8c5eecacc041b504d1ed8d2c406bbafcab70bf3633345deecdba412e52af434dd270ce635510368cc9ab569e7a76406e5113902ad168451b155f3d9ef2ad32f5527d6ccc64bc541d0d5492de1c69ebefc7b5cc211642b9b12f43ba52fb2ab8888ea60281184bd9f57c99455e9380c792150a2e94ec23ee96f1fbbfe3f48145904e00b51c3cb9c37daa0a62237d680538884da254cb079a03ba3d7f910c42f405fbbe3bfd348f0692ccb7ba3cc0cfe2e33b96dfe2970b7b8e6de77a3ef956a8f860e3e334588ae05e7afae302232b50103ce8520e84a77be836c3caa4b30f8d572203111eb72a6992c76cd2b254b4556c45f562526b7d70b3202dc01dc9b3ae54513f5b1cf4e2a2399d6a003b55625bc178e93e86a08ee2daa0efd976c12b6369b6d5dcd88ba878d481a64b354dd64833876d6c984229d325aff6aaf4251be28b86e6e5ff44795737a9289456a167c1f5b49ac46dad28964b408fefb3197dc16ced565de2083ee37827db4932d9dced9f086997710bffb2ef0bb282813c457b9c30a01ae5bed3af70ef58360c633f40aa71b355f130628d924a53afcea40ad958c89d39d382b559d2c8e12f4ab8c8f8c4fbfdcc0b86b807804fe87a2ae44a7d22264c8481d244ecfcc91d3a4861b574268083ab1ca4d84bd1e10931ebadc85a9659c4cdd911f22edeca2aad8611c5b9bed96c92088bdcda33224b601db669cb508809df694b30d58726662b79bec935ab02b1de8814a52d17e3a9cca60637d356c3d019a484ed5a09fcf7264efab390c763c5aa61424d331271da8474da80c8eddf94e77dea779f5421188db64e6db3a3ad9170dfe085006c1040a1ef1d87614e53a14684af622c6739cebb301fd3796ddcad8c9116652db033680a9be11c2ac010d6cdec81428c7c9b6150fdf77cb4ccb0c0cbeb4e04efc4d02cf628b995349328dd80b9ad85809be7dc32cb378ff9a10d95be4f153c67881683342b757151866bfe7fe45660ae8319", 0xcda}], 0x1}, 0x4010)
socket$kcm(0xa, 0x6, 0x0)

21:38:06 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x1f00000000000000)

21:38:06 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x11]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:06 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\b', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:06 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x5, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)

21:38:06 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xb00000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1395.195129] binder_alloc: binder_alloc_mmap_handler: 23884 20ffd000-21000000 already mapped failed -16
21:38:06 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x101002, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000bc0)=""/246)
ioctl$PPPIOCSFLAGS(0xffffffffffffffff, 0x40047459, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a45322, 0x0)
write$P9_RLOPEN(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000002840)={'team0\x00'})

[ 1395.257974] binder_alloc: binder_alloc_mmap_handler: 23884 20001000-20004000 already mapped failed -16
[ 1395.282360] binder_alloc: binder_alloc_mmap_handler: 23884 20ffd000-21000000 already mapped failed -16
21:38:06 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x1f000000)

21:38:06 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x3000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1395.371256]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1395.371270] loop3: partition table partially beyond EOD, 
[ 1395.548848] binder_alloc: binder_alloc_mmap_handler: 23912 20ffd000-21000000 already mapped failed -16
[ 1395.567022] binder_alloc: binder_alloc_mmap_handler: 23912 20001000-20004000 already mapped failed -16
[ 1395.578332] binder_alloc: binder_alloc_mmap_handler: 23912 20ffd000-21000000 already mapped failed -16
21:38:06 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x500]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1395.605237] truncated
[ 1395.608581] loop3: p1 start 1 is beyond EOD, truncated
[ 1395.631803] loop3: p2 size 2 extends beyond EOD, truncated
21:38:06 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x4800000000000000)

[ 1395.662138] loop3: p3 start 201 is beyond EOD, truncated
[ 1395.669257] loop3: p4 start 301 is beyond EOD, truncated
[ 1395.685090] loop3: p5 start 1 is beyond EOD, truncated
[ 1395.690924] loop3: p6 start 1 is beyond EOD, truncated
[ 1395.717222] loop3: p7 start 1 is beyond EOD, truncated
[ 1395.744487] loop3: p8 start 1 is beyond EOD, truncated
[ 1395.765535] binder_alloc: binder_alloc_mmap_handler: 23924 20ffd000-21000000 already mapped failed -16
[ 1395.776768] loop3: p9 start 1 is beyond EOD, truncated
[ 1395.789156] loop3: p10 start 1 is beyond EOD, truncated
[ 1395.800338] loop3: p11 start 1 is beyond EOD, truncated
[ 1395.807797] loop3: p12 start 1 is beyond EOD, truncated
[ 1395.813660] loop3: p13 start 1 is beyond EOD, truncated
[ 1395.846884] loop3: p14 start 1 is beyond EOD, truncated
[ 1395.870380] loop3: p15 start 1 is beyond EOD, truncated
[ 1395.893652] loop3: p16 start 1 is beyond EOD, truncated
[ 1395.900160] loop3: p17 start 1 is beyond EOD, truncated
[ 1395.916292] loop3: p18 start 1 is beyond EOD, truncated
[ 1395.921673] loop3: p19 start 1 is beyond EOD, truncated
[ 1395.934881] loop3: p20 start 1 is beyond EOD, truncated
[ 1395.940616] loop3: p21 start 1 is beyond EOD, truncated
[ 1395.946553] loop3: p22 start 1 is beyond EOD, truncated
[ 1395.952054] loop3: p23 start 1 is beyond EOD, truncated
[ 1395.957806] loop3: p24 start 1 is beyond EOD, truncated
[ 1395.963385] loop3: p25 start 1 is beyond EOD, truncated
[ 1395.969262] loop3: p26 start 1 is beyond EOD, truncated
[ 1395.974976] loop3: p27 start 1 is beyond EOD, truncated
[ 1395.984662] loop3: p28 start 1 is beyond EOD, truncated
[ 1396.004676] loop3: p29 start 1 is beyond EOD, truncated
[ 1396.017460] loop3: p30 start 1 is beyond EOD, truncated
[ 1396.023026] loop3: p31 start 1 is beyond EOD, truncated
[ 1396.029022] loop3: p32 start 1 is beyond EOD, truncated
[ 1396.035789] loop3: p33 start 1 is beyond EOD, truncated
[ 1396.048373] loop3: p34 start 1 is beyond EOD, truncated
[ 1396.065119] loop3: p35 start 1 is beyond EOD, truncated
[ 1396.070724] loop3: p36 start 1 is beyond EOD, truncated
[ 1396.076774] loop3: p37 start 1 is beyond EOD, truncated
[ 1396.082377] loop3: p38 start 1 is beyond EOD, truncated
[ 1396.088324] loop3: p39 start 1 is beyond EOD, truncated
[ 1396.093921] loop3: p40 start 1 is beyond EOD, truncated
[ 1396.103834] loop3: p41 start 1 is beyond EOD, truncated
[ 1396.109872] loop3: p42 start 1 is beyond EOD, truncated
[ 1396.117163] loop3: p43 start 1 is beyond EOD, truncated
[ 1396.122720] loop3: p44 start 1 is beyond EOD, truncated
[ 1396.128657] loop3: p45 start 1 is beyond EOD, truncated
[ 1396.134209] loop3: p46 start 1 is beyond EOD, truncated
[ 1396.140252] loop3: p47 start 1 is beyond EOD, truncated
[ 1396.146251] loop3: p48 start 1 is beyond EOD, truncated
[ 1396.152480] loop3: p49 start 1 is beyond EOD, truncated
[ 1396.158471] loop3: p50 start 1 is beyond EOD, truncated
[ 1396.165754] loop3: p51 start 1 is beyond EOD, truncated
[ 1396.171768] loop3: p52 start 1 is beyond EOD, truncated
[ 1396.182613] loop3: p53 start 1 is beyond EOD, truncated
[ 1396.189448] loop3: p54 start 1 is beyond EOD, truncated
[ 1396.195358] loop3: p55 start 1 is beyond EOD, truncated
[ 1396.200948] loop3: p56 start 1 is beyond EOD, truncated
[ 1396.220956] loop3: p57 start 1 is beyond EOD, truncated
[ 1396.227710] loop3: p58 start 1 is beyond EOD, truncated
[ 1396.233188] loop3: p59 start 1 is beyond EOD, truncated
[ 1396.239671] loop3: p60 start 1 is beyond EOD, truncated
[ 1396.245950] loop3: p61 start 1 is beyond EOD, truncated
[ 1396.251423] loop3: p62 start 1 is beyond EOD, truncated
[ 1396.257105] loop3: p63 start 1 is beyond EOD, truncated
[ 1396.262471] loop3: p64 start 1 is beyond EOD, truncated
[ 1396.267981] loop3: p65 start 1 is beyond EOD, truncated
[ 1396.273355] loop3: p66 start 1 is beyond EOD, truncated
[ 1396.278805] loop3: p67 start 1 is beyond EOD, truncated
[ 1396.284175] loop3: p68 start 1 is beyond EOD, truncated
[ 1396.289605] loop3: p69 start 1 is beyond EOD, truncated
[ 1396.295034] loop3: p70 start 1 is beyond EOD, truncated
[ 1396.300422] loop3: p71 start 1 is beyond EOD, truncated
[ 1396.305847] loop3: p72 start 1 is beyond EOD, truncated
[ 1396.311232] loop3: p73 start 1 is beyond EOD, truncated
[ 1396.316720] loop3: p74 start 1 is beyond EOD, truncated
[ 1396.322092] loop3: p75 start 1 is beyond EOD, truncated
[ 1396.327567] loop3: p76 start 1 is beyond EOD, truncated
[ 1396.332946] loop3: p77 start 1 is beyond EOD, truncated
[ 1396.338370] loop3: p78 start 1 is beyond EOD, truncated
[ 1396.343745] loop3: p79 start 1 is beyond EOD, truncated
[ 1396.349154] loop3: p80 start 1 is beyond EOD, truncated
[ 1396.354539] loop3: p81 start 1 is beyond EOD, truncated
[ 1396.359984] loop3: p82 start 1 is beyond EOD, truncated
[ 1396.365387] loop3: p83 start 1 is beyond EOD, truncated
[ 1396.370753] loop3: p84 start 1 is beyond EOD, truncated
[ 1396.377131] loop3: p85 start 1 is beyond EOD, truncated
[ 1396.382489] loop3: p86 start 1 is beyond EOD, truncated
[ 1396.387953] loop3: p87 start 1 is beyond EOD, truncated
[ 1396.393343] loop3: p88 start 1 is beyond EOD, truncated
[ 1396.398767] loop3: p89 start 1 is beyond EOD, truncated
[ 1396.404136] loop3: p90 start 1 is beyond EOD, truncated
[ 1396.409545] loop3: p91 start 1 is beyond EOD, truncated
[ 1396.415013] loop3: p92 start 1 is beyond EOD, truncated
[ 1396.420374] loop3: p93 start 1 is beyond EOD, truncated
[ 1396.425833] loop3: p94 start 1 is beyond EOD, truncated
[ 1396.431248] loop3: p95 start 1 is beyond EOD, truncated
[ 1396.436667] loop3: p96 start 1 is beyond EOD, truncated
[ 1396.442035] loop3: p97 start 1 is beyond EOD, truncated
[ 1396.447467] loop3: p98 start 1 is beyond EOD, truncated
[ 1396.452841] loop3: p99 start 1 is beyond EOD, truncated
[ 1396.458270] loop3: p100 start 1 is beyond EOD, truncated
[ 1396.463734] loop3: p101 start 1 is beyond EOD, truncated
[ 1396.469247] loop3: p102 start 1 is beyond EOD, truncated
[ 1396.474861] loop3: p103 start 1 is beyond EOD, truncated
[ 1396.480307] loop3: p104 start 1 is beyond EOD, truncated
[ 1396.485832] loop3: p105 start 1 is beyond EOD, truncated
[ 1396.491292] loop3: p106 start 1 is beyond EOD, truncated
[ 1396.496797] loop3: p107 start 1 is beyond EOD, truncated
[ 1396.502268] loop3: p108 start 1 is beyond EOD, truncated
[ 1396.508545] loop3: p109 start 1 is beyond EOD, truncated
[ 1396.513994] loop3: p110 start 1 is beyond EOD, truncated
[ 1396.519489] loop3: p111 start 1 is beyond EOD, truncated
[ 1396.525003] loop3: p112 start 1 is beyond EOD, truncated
[ 1396.530459] loop3: p113 start 1 is beyond EOD, truncated
[ 1396.535976] loop3: p114 start 1 is beyond EOD, truncated
[ 1396.541439] loop3: p115 start 1 is beyond EOD, truncated
[ 1396.546953] loop3: p116 start 1 is beyond EOD, truncated
[ 1396.552412] loop3: p117 start 1 is beyond EOD, truncated
[ 1396.557918] loop3: p118 start 1 is beyond EOD, truncated
[ 1396.563416] loop3: p119 start 1 is beyond EOD, truncated
[ 1396.568929] loop3: p120 start 1 is beyond EOD, truncated
[ 1396.574384] loop3: p121 start 1 is beyond EOD, truncated
[ 1396.579907] loop3: p122 start 1 is beyond EOD, truncated
[ 1396.585428] loop3: p123 start 1 is beyond EOD, truncated
[ 1396.590872] loop3: p124 start 1 is beyond EOD, truncated
[ 1396.596390] loop3: p125 start 1 is beyond EOD, truncated
[ 1396.601886] loop3: p126 start 1 is beyond EOD, truncated
[ 1396.607399] loop3: p127 start 1 is beyond EOD, truncated
[ 1396.612876] loop3: p128 start 1 is beyond EOD, truncated
[ 1396.618385] loop3: p129 start 1 is beyond EOD, truncated
[ 1396.623862] loop3: p130 start 1 is beyond EOD, truncated
[ 1396.629387] loop3: p131 start 1 is beyond EOD, truncated
[ 1396.635613] loop3: p132 start 1 is beyond EOD, truncated
[ 1396.641116] loop3: p133 start 1 is beyond EOD, truncated
[ 1396.646622] loop3: p134 start 1 is beyond EOD, truncated
[ 1396.652095] loop3: p135 start 1 is beyond EOD, truncated
[ 1396.657594] loop3: p136 start 1 is beyond EOD, truncated
[ 1396.663100] loop3: p137 start 1 is beyond EOD, truncated
[ 1396.668704] loop3: p138 start 1 is beyond EOD, truncated
[ 1396.674205] loop3: p139 start 1 is beyond EOD, truncated
[ 1396.679757] loop3: p140 start 1 is beyond EOD, truncated
[ 1396.685293] loop3: p141 start 1 is beyond EOD, truncated
[ 1396.690735] loop3: p142 start 1 is beyond EOD, truncated
[ 1396.696249] loop3: p143 start 1 is beyond EOD, truncated
[ 1396.701709] loop3: p144 start 1 is beyond EOD, truncated
[ 1396.707207] loop3: p145 start 1 is beyond EOD, truncated
[ 1396.712675] loop3: p146 start 1 is beyond EOD, truncated
[ 1396.718211] loop3: p147 start 1 is beyond EOD, truncated
[ 1396.723670] loop3: p148 start 1 is beyond EOD, truncated
[ 1396.729165] loop3: p149 start 1 is beyond EOD, truncated
[ 1396.734689] loop3: p150 start 1 is beyond EOD, truncated
[ 1396.740138] loop3: p151 start 1 is beyond EOD, truncated
[ 1396.745636] loop3: p152 start 1 is beyond EOD, truncated
[ 1396.751111] loop3: p153 start 1 is beyond EOD, truncated
[ 1396.756619] loop3: p154 start 1 is beyond EOD, truncated
[ 1396.762091] loop3: p155 start 1 is beyond EOD, truncated
[ 1396.768433] loop3: p156 start 1 is beyond EOD, truncated
[ 1396.773877] loop3: p157 start 1 is beyond EOD, truncated
[ 1396.779451] loop3: p158 start 1 is beyond EOD, truncated
[ 1396.784946] loop3: p159 start 1 is beyond EOD, truncated
[ 1396.790418] loop3: p160 start 1 is beyond EOD, truncated
[ 1396.796070] loop3: p161 start 1 is beyond EOD, truncated
[ 1396.801586] loop3: p162 start 1 is beyond EOD, truncated
[ 1396.807106] loop3: p163 start 1 is beyond EOD, truncated
[ 1396.812592] loop3: p164 start 1 is beyond EOD, truncated
[ 1396.818089] loop3: p165 start 1 is beyond EOD, truncated
[ 1396.823571] loop3: p166 start 1 is beyond EOD, truncated
[ 1396.829104] loop3: p167 start 1 is beyond EOD, truncated
[ 1396.834680] loop3: p168 start 1 is beyond EOD, truncated
[ 1396.840150] loop3: p169 start 1 is beyond EOD, truncated
[ 1396.845666] loop3: p170 start 1 is beyond EOD, truncated
[ 1396.851123] loop3: p171 start 1 is beyond EOD, truncated
[ 1396.856618] loop3: p172 start 1 is beyond EOD, truncated
[ 1396.862110] loop3: p173 start 1 is beyond EOD, truncated
[ 1396.867604] loop3: p174 start 1 is beyond EOD, truncated
[ 1396.873079] loop3: p175 start 1 is beyond EOD, truncated
[ 1396.878580] loop3: p176 start 1 is beyond EOD, truncated
[ 1396.884056] loop3: p177 start 1 is beyond EOD, truncated
[ 1396.889593] loop3: p178 start 1 is beyond EOD, truncated
[ 1396.895807] loop3: p179 start 1 is beyond EOD, truncated
[ 1396.901284] loop3: p180 start 1 is beyond EOD, truncated
[ 1396.906828] loop3: p181 start 1 is beyond EOD, truncated
[ 1396.912292] loop3: p182 start 1 is beyond EOD, truncated
[ 1396.917805] loop3: p183 start 1 is beyond EOD, truncated
[ 1396.923268] loop3: p184 start 1 is beyond EOD, truncated
[ 1396.928767] loop3: p185 start 1 is beyond EOD, truncated
[ 1396.934227] loop3: p186 start 1 is beyond EOD, truncated
[ 1396.939740] loop3: p187 start 1 is beyond EOD, truncated
[ 1396.945229] loop3: p188 start 1 is beyond EOD, truncated
[ 1396.950683] loop3: p189 start 1 is beyond EOD, truncated
[ 1396.956200] loop3: p190 start 1 is beyond EOD, truncated
[ 1396.961663] loop3: p191 start 1 is beyond EOD, truncated
[ 1396.967159] loop3: p192 start 1 is beyond EOD, truncated
[ 1396.972620] loop3: p193 start 1 is beyond EOD, truncated
[ 1396.978143] loop3: p194 start 1 is beyond EOD, truncated
[ 1396.983597] loop3: p195 start 1 is beyond EOD, truncated
[ 1396.989113] loop3: p196 start 1 is beyond EOD, truncated
[ 1396.994628] loop3: p197 start 1 is beyond EOD, truncated
[ 1397.000094] loop3: p198 start 1 is beyond EOD, truncated
[ 1397.005583] loop3: p199 start 1 is beyond EOD, truncated
[ 1397.011047] loop3: p200 start 1 is beyond EOD, truncated
[ 1397.016574] loop3: p201 start 1 is beyond EOD, truncated
[ 1397.022033] loop3: p202 start 1 is beyond EOD, truncated
[ 1397.028318] loop3: p203 start 1 is beyond EOD, truncated
[ 1397.033766] loop3: p204 start 1 is beyond EOD, truncated
[ 1397.039274] loop3: p205 start 1 is beyond EOD, truncated
[ 1397.044788] loop3: p206 start 1 is beyond EOD, truncated
[ 1397.050243] loop3: p207 start 1 is beyond EOD, truncated
[ 1397.055772] loop3: p208 start 1 is beyond EOD, truncated
[ 1397.061228] loop3: p209 start 1 is beyond EOD, truncated
[ 1397.066756] loop3: p210 start 1 is beyond EOD, truncated
[ 1397.072212] loop3: p211 start 1 is beyond EOD, truncated
[ 1397.077730] loop3: p212 start 1 is beyond EOD, truncated
[ 1397.083228] loop3: p213 start 1 is beyond EOD, truncated
[ 1397.088734] loop3: p214 start 1 is beyond EOD, truncated
[ 1397.094207] loop3: p215 start 1 is beyond EOD, truncated
[ 1397.099722] loop3: p216 start 1 is beyond EOD, truncated
[ 1397.105220] loop3: p217 start 1 is beyond EOD, truncated
[ 1397.110672] loop3: p218 start 1 is beyond EOD, truncated
[ 1397.116763] loop3: p219 start 1 is beyond EOD, truncated
[ 1397.122216] loop3: p220 start 1 is beyond EOD, truncated
[ 1397.127768] loop3: p221 start 1 is beyond EOD, truncated
[ 1397.133228] loop3: p222 start 1 is beyond EOD, truncated
[ 1397.138732] loop3: p223 start 1 is beyond EOD, truncated
[ 1397.144189] loop3: p224 start 1 is beyond EOD, truncated
[ 1397.149696] loop3: p225 start 1 is beyond EOD, truncated
[ 1397.155827] loop3: p226 start 1 is beyond EOD, truncated
[ 1397.161296] loop3: p227 start 1 is beyond EOD, truncated
[ 1397.166823] loop3: p228 start 1 is beyond EOD, truncated
[ 1397.172279] loop3: p229 start 1 is beyond EOD, truncated
[ 1397.177832] loop3: p230 start 1 is beyond EOD, truncated
[ 1397.183289] loop3: p231 start 1 is beyond EOD, truncated
[ 1397.188789] loop3: p232 start 1 is beyond EOD, truncated
[ 1397.194266] loop3: p233 start 1 is beyond EOD, truncated
[ 1397.199821] loop3: p234 start 1 is beyond EOD, truncated
[ 1397.205314] loop3: p235 start 1 is beyond EOD, truncated
[ 1397.210756] loop3: p236 start 1 is beyond EOD, truncated
[ 1397.216250] loop3: p237 start 1 is beyond EOD, truncated
[ 1397.221717] loop3: p238 start 1 is beyond EOD, truncated
[ 1397.227219] loop3: p239 start 1 is beyond EOD, truncated
[ 1397.232704] loop3: p240 start 1 is beyond EOD, truncated
[ 1397.238212] loop3: p241 start 1 is beyond EOD, truncated
[ 1397.243727] loop3: p242 start 1 is beyond EOD, truncated
[ 1397.249229] loop3: p243 start 1 is beyond EOD, truncated
[ 1397.254739] loop3: p244 start 1 is beyond EOD, truncated
[ 1397.260196] loop3: p245 start 1 is beyond EOD, truncated
[ 1397.265716] loop3: p246 start 1 is beyond EOD, truncated
[ 1397.271189] loop3: p247 start 1 is beyond EOD, truncated
[ 1397.276777] loop3: p248 start 1 is beyond EOD, truncated
[ 1397.282238] loop3: p249 start 1 is beyond EOD, truncated
[ 1397.288586] loop3: p250 start 1 is beyond EOD, truncated
[ 1397.294033] loop3: p251 start 1 is beyond EOD, truncated
[ 1397.299548] loop3: p252 start 1 is beyond EOD, truncated
[ 1397.305032] loop3: p253 start 1 is beyond EOD, truncated
[ 1397.310469] loop3: p254 start 1 is beyond EOD, truncated
[ 1397.315966] loop3: p255 start 1 is beyond EOD, truncated
21:38:08 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x0, 0x0)

21:38:08 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x1300]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:08 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x20000000)

21:38:08 executing program 4:
r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4)
syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000080))
read$FUSE(r0, &(0x7f0000001180), 0xf98)

21:38:08 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x02', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:08 executing program 1:
r0 = socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c)
sendmsg(r0, &(0x7f0000014fc8)={&(0x7f0000006ff0)=@in={0x2, 0x4e23, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[{0x20, 0x0, 0x7, "071005feffa425b0f2"}], 0x20}, 0x0)

21:38:08 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x3f00]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:08 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x92, 0x20c00)
set_thread_area(&(0x7f0000000000)={0x0, 0x1000, 0x4000, 0x5, 0x1, 0x40, 0x3, 0x5, 0x4, 0x84})
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001240)=0x4)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f00000012c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8008}, 0xc, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="2801000043b63607e5753fcab2c383299dfa5579b3ff98857520fb002f8b250b0439dc6a571da667230c5fc47b909dae266870e042e9f2140ab6ea0686597d185c3d154d8630cfc63084e9b33e902e37c853fe2d3ce3d2d7f99d2df6c58a102fb20ee67f02e66d1f51838798255e4d38a4a6f4c4659679bc938968f5238fca5c0d554bba4cdbcb1df3b01d3edf09cf434662017322ba94dc2fdb73fe27c99d209242d47c38a226ea1eefc9889e6271b9e3f7b0abbc45bd99643605a12b870720728df324f49fc3e3c61168227ac989226fc6714d05067568c76f3cf6cf5a6967d9c3ff2b7200000000000000000000", @ANYRES16=r1, @ANYBLOB="000028bd7000fbdbdf250800000028000200080002000600000008000100ff030000040004000400040004000400040004000400040020000700080002009329000008000200050000000c0003000000010000000000100007000c000400a5300000000000000c00020004000400040004005c000700080001000800000008000100628c00000c0004000400000000000000080001000600000008000200018000000c00030005000000000000000c00040008000000000000000c000300b93900000000000008000100000000002800060004000200040002000400020008000100ffffffff080001000100000008000100870600002c00070008000100020000000c00030003000000000000000c000300000000000000000008000200c8000000"], 0x128}}, 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000001180)={<r2=>0x0, 0xa, "867f48b306b38587baa7"}, &(0x7f00000011c0)=0x12)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000001200)={r2, 0x6}, 0x8)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
finit_module(r0, &(0x7f0000000080)='&\'posix_acl_accesseth0\x00', 0x3)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000002, 0x9013, r0, 0x0)

21:38:08 executing program 1:
sched_setaffinity(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/igmp\x00')
preadv(r0, &(0x7f00000017c0), 0x10000000000001f7, 0x0)

21:38:08 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x60000000)

21:38:08 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x0, 0x0)

21:38:08 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x900000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:08 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x13f, 0x1004}}, 0x20)
r2 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x1, 0x2)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000100)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r1, r2}}, 0x18)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000140)={0x2a, 0x4, 0x0, {0x6, 0x9, 0x2, 0x0, [0x0, 0x0]}}, 0x2a)

21:38:08 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xffffff7f00000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:08 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x0, 0x0)

21:38:08 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x9, 0x4000)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@broadcast}, 0x0, @in=@broadcast}}, &(0x7f00000000c0)=0xe8)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000100)={r3, 0x0, 0x100000000, 0x400, 0x5, 0x8, 0x8001})
finit_module(r0, &(0x7f0000000000)='/dev/binder#\x00', 0x1)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)

[ 1398.052251] binder_alloc_mmap_handler: 8 callbacks suppressed
[ 1398.052266] binder_alloc: binder_alloc_mmap_handler: 23990 20ffd000-21000000 already mapped failed -16
[ 1398.090592] binder_alloc: binder_alloc_mmap_handler: 23990 20001000-20004000 already mapped failed -16
[ 1398.101159] binder_alloc: binder_alloc_mmap_handler: 23990 20ffd000-21000000 already mapped failed -16
21:38:09 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x5000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:09 executing program 1:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9ad, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='pids.events\x00', 0x0, 0x0)

21:38:09 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x20000)
ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f00000000c0)={0x9, 0x1, {0x57, 0x1, 0x401, {0x3, 0x9}, {0x4, 0xf2a4}, @cond=[{0x81, 0x0, 0x1f, 0x1, 0x10000}, {0x13a, 0x9, 0x100000000, 0xabb, 0x20, 0xd2ba}]}, {0x56, 0x4, 0x3, {0x2}, {0x8, 0x100000001}, @rumble={0x4, 0xfffffffffffffffa}}})
r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
getsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f00000001c0)=""/150, &(0x7f0000000280)=0x96)
mkdir(&(0x7f0000000040)='./file0\x00', 0x90)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r3, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r3, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f00000002c0)={0x0, r1, 0x10000, 0x6, 0x4, 0x4})

21:38:09 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x0e', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:09 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

21:38:09 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x1100]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1398.528924] binder_alloc: binder_alloc_mmap_handler: 24009 20ffd000-21000000 already mapped failed -16
[ 1398.554122] binder_alloc: binder_alloc_mmap_handler: 24009 20001000-20004000 already mapped failed -16
21:38:09 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0xc)
fsetxattr$security_smack_entry(r0, &(0x7f0000000180)='sec\x01\x00\x00\x00\x00\x00\x00\x00ACK64EXEC\x00', 0x0, 0x0, 0x40000000000002)

[ 1398.575147] binder_alloc: binder_alloc_mmap_handler: 24009 20ffd000-21000000 already mapped failed -16
21:38:09 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xfffffffc]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:09 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x8e6)
read$FUSE(r0, &(0x7f0000000180), 0x9b)

21:38:09 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

21:38:09 executing program 2:
r0 = socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000001c0)=""/198, &(0x7f0000000000)=0xc6)
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)

21:38:09 executing program 1:
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f0000000180)="400000000200000019000000dc0100002c000000010000000200000000ffffffff2000000020000040000000000000003d5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0)

21:38:09 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xfcffffff00000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1398.961727] binder_alloc: binder_alloc_mmap_handler: 24046 20ffd000-21000000 already mapped failed -16
21:38:10 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

[ 1399.049065] binder_alloc: binder_alloc_mmap_handler: 24046 20ffd000-21000000 already mapped failed -16
21:38:10 executing program 1:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000000240)=[{{&(0x7f0000000480)=@ipx, 0x178, &(0x7f0000000140)=[{&(0x7f00000003c0)=""/162, 0xfffffffffffffe40}, {&(0x7f0000000540)=""/219}, {&(0x7f00000007c0)=""/184}, {&(0x7f0000000700)=""/191}], 0x0, &(0x7f0000002540)=""/4096, 0xfffffffffffffdcb}}], 0x40001c2, 0x0, 0x0)

[ 1399.265190] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
[ 1399.277597] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
[ 1399.292130] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
21:38:10 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x1000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:10 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x300000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:10 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = socket(0x15, 0x7, 0x6)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={<r1=>0x0, 0x1}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f00000000c0)=r1, 0x4)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r2, 0x0)

21:38:10 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1a0}])

21:38:10 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x11000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1399.598806] binder_alloc: binder_alloc_mmap_handler: 24070 20ffd000-21000000 already mapped failed -16
[ 1399.617116] binder_alloc: binder_alloc_mmap_handler: 24070 20001000-20004000 already mapped failed -16
[ 1399.654858] Dev loop3: unable to read RDB block 1
[ 1399.660302]  loop3: unable to read partition table
[ 1399.674527] loop3: partition table beyond EOD, truncated
[ 1399.688050] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:10 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180), 0x1000)
clock_gettime(0x7, &(0x7f0000000000))

21:38:10 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000007, 0x2000000010, r0, 0x0)

21:38:10 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x300]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:10 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:10 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1a0}])

21:38:10 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x9effffff00000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1400.043332] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
[ 1400.062562] Dev loop3: unable to read RDB block 1
[ 1400.073431] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
[ 1400.084216]  loop3: unable to read partition table
21:38:11 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1400.105964] loop3: partition table beyond EOD, truncated
[ 1400.106478] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'.
[ 1400.144503] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:11 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xffffffeb, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:11 executing program 2:
syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x382)
r2 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00')
sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="040028bd7000ffdbdf2502000000080004000300000008fb00004e24000008000300ffe6ffff07000300ff000000"], 0x34}, 0x1, 0x0, 0x0, 0x40810}, 0x800)

21:38:11 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1a0}])

21:38:11 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xffff0000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:11 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:11 executing program 4:
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0)
r0 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x6, 0x19, &(0x7f0000000140), 0x4)

[ 1400.786423] Dev loop3: unable to read RDB block 1
[ 1400.791354]  loop3: unable to read partition table
[ 1400.817464] loop3: partition table beyond EOD, truncated
21:38:11 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x8000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1400.837708] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:11 executing program 4:
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={<r0=>0x0, 0x0})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socketpair(0x10, 0x80003, 0x6, &(0x7f0000000000))

21:38:11 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040), 0x0, 0x1a0}])

21:38:12 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x2, 0xf}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {r2, 0x9}}, 0x10)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)

21:38:12 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xb00]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:12 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1401.156511] Dev loop3: unable to read RDB block 1
[ 1401.161694]  loop3: unable to read partition table
[ 1401.183507] loop3: partition table beyond EOD, truncated
[ 1401.224880] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:12 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm-control\x00', 0x404800, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000240)={0x9, 0xb4af, 0x7, {0x0, 0x1c9c380}, 0x10000, 0x8001})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r2=>0x0}, &(0x7f0000000040)=0xc)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x180c0, 0x20)
ioctl$BLKFRASET(r3, 0x1264, &(0x7f00000001c0)=0x7)
sched_rr_get_interval(r2, &(0x7f00000000c0))

21:38:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:12 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040), 0x0, 0x1a0}])

21:38:12 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x5]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:12 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xfeffffff00000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:12 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:13 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x600000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1402.025775] Dev loop3: unable to read RDB block 1
[ 1402.030931]  loop3: unable to read partition table
[ 1402.056686] loop3: partition table beyond EOD, truncated
[ 1402.065084] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:13 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x800003e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f00000002c0)={0x5, 0x0, [{}, {}, {}, {}, {}]})
ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r2 = socket(0x10, 0x802, 0x0)
sendmsg$alg(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
write(r2, &(0x7f0000000000)="1b0000004a000700ab092500090007000aab80ff01000000000036", 0x1b)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x400, 0x40000)
ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000040)={0x10000, 0xfffffffffffff800, 0x1, 0x7b3f, 0xf83, 0xac, 0x5, 0xd42, 0x100000000})
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

21:38:13 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
socket$inet6(0xa, 0x803, 0x200000003)
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:13 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040), 0x0, 0x1a0}])

21:38:13 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x1300000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1402.326787] binder: 24201:24202 ioctl c008ae91 200002c0 returned -22
[ 1402.442239] binder: 24201:24213 ioctl c008ae91 200002c0 returned -22
21:38:13 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x400000)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000940)={{0xa, 0x4e23, 0xffffffffffffffe1, @local, 0x7fff}, {0xa, 0x4e21, 0x8, @remote, 0x2}, 0x47, [0x9, 0x1, 0x0, 0x4, 0xcb, 0x8001, 0x9, 0x54]}, 0x5c)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x30800, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000009c0)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000000000001b00000005000000f00600008805000060020000400100008805000088050000580600005806000058060000580600005806000005000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="00000000ffffffff000000ffffffff00000000000000000000000000000000007465616d5f736c6176655f3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000eb0000200000000000000000000000000000080140010000000000000000000000000000000000000000006a32003000616464727479706500000000000000000000000000000000000000000000200010000000000001000000000000004000736574000000000000000000000000000000000000000000000000000000008000000104000009000000c394ffff00040000020000000400000001f8000038004e45544d41500000000000000000000000000000000000000000000000000100000002000000e00000027f000001070000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e800200100000000000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000fbffffff04000000000000000200000038004e45544d4150000000000000000000000000000000000000000000000000010000000f000000ac14140a7f0000010000006400000000ac1414aae0000002ffffffffff0000007465616d5f736c6176655f300000000069703667726530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000000002540000000000000000000000000000f0022803000000000000000000000000000000000000000000000000280074746c0000000000000000000000000000000000d80e00000000000000000209000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c65300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000003800524544495245435400000000000000000000000000000000000000000000010000000a000000ac1414117f000001ffff0065000000007f000001e0000001ffffffffffffff0073797a6b616c6c65723100000000000076657468305f746f5f626f6e64000000000000000000000000000000ff000000e4ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000af0003100000000000000000c7361878d4a26d498ec52a16191f0000000000009800d0000000000000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000004000000e0000001e00000014e2003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280000000000000000000000ff07000000000000000000000000305238be48171ccb67a24a2888f06b715bf2b17bf908982556e306b9be8270af56e312431819a01a"], 0x750)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f00000001c0)={0x77359400}, 0x10)

21:38:13 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x2000000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1402.555425] Dev loop3: unable to read RDB block 1
[ 1402.560365]  loop3: unable to read partition table
[ 1402.582671] loop3: partition table beyond EOD, truncated
[ 1402.610982] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:13 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xffffffeb, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:13 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
socket$inet6(0xa, 0x803, 0x200000003)
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:13 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001", 0x30, 0x1a0}])

[ 1402.966231] Dev loop3: unable to read RDB block 1
[ 1402.971362]  loop3: unable to read partition table
[ 1403.001919] loop3: partition table beyond EOD, truncated
[ 1403.021993] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:14 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x4000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:14 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x4]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:14 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10c012, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

21:38:14 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
socket$inet6(0xa, 0x803, 0x200000003)
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:14 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001", 0x30, 0x1a0}])

21:38:14 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x400000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1403.226836] binder_alloc_mmap_handler: 16 callbacks suppressed
[ 1403.226854] binder_alloc: binder_alloc_mmap_handler: 24243 20ffd000-21000000 already mapped failed -16
21:38:14 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)

[ 1403.343352] Dev loop3: unable to read RDB block 1
[ 1403.350174]  loop3: unable to read partition table
[ 1403.378025] loop3: partition table beyond EOD, truncated
[ 1403.400240] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:14 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x820a6a296000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:14 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1403.571313] binder_alloc: binder_alloc_mmap_handler: 24264 20ffd000-21000000 already mapped failed -16
[ 1403.591360] binder: BINDER_SET_CONTEXT_MGR already set
[ 1403.591744] binder_alloc: binder_alloc_mmap_handler: 24264 20001000-20004000 already mapped failed -16
[ 1403.598115] binder: 24264:24271 ioctl 40046207 0 returned -16
21:38:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:14 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001", 0x30, 0x1a0}])

21:38:14 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7, 0x0)
write$FUSE_IOCTL(r1, &(0x7f0000000040)={0x20, 0x0, 0x8, {0x9, 0x4, 0x3, 0x1}}, 0x20)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

[ 1403.915891] binder_alloc: binder_alloc_mmap_handler: 24282 20ffd000-21000000 already mapped failed -16
[ 1403.915957] Dev loop3: unable to read RDB block 1
[ 1403.937484]  loop3: unable to read partition table
[ 1403.958340] loop3: partition table beyond EOD, truncated
[ 1403.969109] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
[ 1403.997510] binder_alloc: binder_alloc_mmap_handler: 24282 20001000-20004000 already mapped failed -16
[ 1404.011504] binder_alloc: binder_alloc_mmap_handler: 24282 20ffd000-21000000 already mapped failed -16
21:38:15 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xe00, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:15 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x3]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:15 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:15 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c900", 0x48, 0x1a0}])

21:38:15 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r2, 0x0)
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000000)={0x7fffffff, 0x9, 0x2, 0x0, 0x0, [{r0, 0x0, 0x1}, {r2, 0x0, 0xfe28}]})

[ 1404.345491] Dev loop3: unable to read RDB block 1
[ 1404.358893]  loop3: unable to read partition table
[ 1404.365737] binder_alloc: binder_alloc_mmap_handler: 24302 20ffd000-21000000 already mapped failed -16
[ 1404.382785] loop3: partition table beyond EOD, truncated
21:38:15 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x460a000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1404.398585] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:15 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1404.444548] binder_alloc: binder_alloc_mmap_handler: 24302 20001000-20004000 already mapped failed -16
[ 1404.472373] binder_alloc: binder_alloc_mmap_handler: 24302 20ffd000-21000000 already mapped failed -16
21:38:15 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x600]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:15 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c900", 0x48, 0x1a0}])

[ 1404.746737] Dev loop3: unable to read RDB block 1
[ 1404.754711]  loop3: unable to read partition table
[ 1404.759940] loop3: partition table beyond EOD, truncated
[ 1404.766563] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:15 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r3 = dup(r1)
write$P9_RLINK(r3, &(0x7f0000000000)={0x7, 0x47, 0x2}, 0x7)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x5, 0x12, r0, 0x0)
ioctl$PIO_UNISCRNMAP(r3, 0x4b6a, &(0x7f00000000c0)="4a846e1d0bd72a18603b67efed04ed3b1c6109d5e6a90c4d67d449ee172f12546e78fab49bd6d263def4531d83a1064f417f01e948d2b65befc164bcfc3d1ed77a06fd4ffa")

21:38:15 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xfffffff0]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1404.986538] binder_alloc: binder_alloc_mmap_handler: 24337 20001000-20004000 already mapped failed -16
21:38:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x2, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:16 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c900", 0x48, 0x1a0}])

21:38:16 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, 0xffffffffffffffff, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:16 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x6]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:16 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0xfffffffffffffffc, 0x20015, r0, 0x4)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

21:38:16 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1405.489689] Dev loop3: unable to read RDB block 1
[ 1405.494931]  loop3: unable to read partition table
[ 1405.514136] loop3: partition table beyond EOD, truncated
21:38:16 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x2000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:16 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x1)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = gettid()
syz_open_procfs(r1, &(0x7f0000000000)='net/hci\x00')
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

[ 1405.533362] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:16 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c900000064000000000432000520", 0x54, 0x1a0}])

[ 1405.811721] Dev loop3: unable to read RDB block 1
21:38:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:16 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r2 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(0xffffffffffffffff, r1, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:16 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf00]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1405.834439]  loop3: unable to read partition table
[ 1405.839790] loop3: partition table beyond EOD, truncated
[ 1405.845705] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
[ 1406.201403] cgroup: fork rejected by pids controller in /syz4
21:38:17 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x800000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:17 executing program 2:
r0 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x1, 0x200000)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000001200)={{0x6, 0x3, 0x0, 0x4, 'syz0\x00', 0x8}, 0x0, [0x6, 0x2, 0x6, 0x9, 0x0, 0x8, 0x768, 0x10000, 0x101, 0x8, 0x0, 0xd5, 0x3153, 0x1e, 0x9, 0x400, 0x3, 0x9, 0x100, 0xc0aa, 0x2, 0x7, 0x20, 0x4, 0xfffffffffffffff8, 0x0, 0xba8, 0xffffffff, 0x3, 0x6, 0xe3f, 0x7, 0x1, 0x100000001, 0x9, 0x0, 0x6, 0x3, 0x3, 0xffffffffffffd575, 0x1, 0x5, 0xffff, 0x101, 0xfff, 0xfffffffffffffffc, 0x100000000, 0x2b, 0x80000000, 0x7, 0xfffffffffffffffa, 0xffffffffffff8001, 0x868b, 0xffffffffffffffff, 0x3, 0x8, 0x100, 0xab, 0x9, 0x5, 0xfffffffffffff8b5, 0x0, 0x0, 0x4, 0x990, 0x3, 0x5, 0x1, 0x8000, 0x8, 0x1f, 0xc9, 0x6, 0x2a4, 0x1, 0xfffffffffffffffb, 0x1263, 0x7ff, 0x1, 0x200, 0x9, 0x1, 0xf4bfe7b, 0x5, 0x7, 0x0, 0x8001, 0x4, 0x3, 0x8, 0x8, 0x8, 0x80, 0x1, 0x6, 0x8562, 0x4, 0x1, 0x81, 0x9, 0x3, 0x1, 0x9, 0x4, 0x7f, 0x100000000, 0x5, 0x3, 0x1, 0x7fffffff, 0xffffffff, 0x5, 0x5, 0x3ff, 0x81, 0x4, 0x9, 0x1000, 0x5, 0x2, 0x7fffffff, 0x0, 0x4, 0x100000000, 0x5, 0x1, 0x8, 0x9]})
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x4000, 0x0)
name_to_handle_at(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000001700)=ANY=[@ANYBLOB="0810000000080000d29b6ef2fa33be52e5148d009298fef0aaa317b53c96e7a292ec7cda67901cb73f09927d4a6011acb6328225f666a65e5daa39c238180324b8bf6dbc24c93ec12e4833fd0e9789f0b26e936320a250820a8e7c07c8986fc5bf35b235d15e3eee12be844edb66327a72d16c5b294e028d70cc01f30d2a1a3ca30186550f2a38fb1a09c24248829e879a7079b78dd0473702c1a659c9384f29e713563d4378b68e804ddfe5dc13a822ff0b8e88a2524b2ff53289a089e4bfe3ae419aa9b230555d0d51fbdb8b12794b7a4a67b9be27d8cba08accf7ac468430c71aad0087585ebd2465b8212f84d2e439a40dcb1b5385ee8b11813e0a8c5ba8ccbca842ba144ac009b590b19b665f8de52a589407586ef289d50b87d8bfe9bcd206b601fb86315ad9ffa5094b3e9a4ffb9fc13a4fa971c64944e5bf210e3b3a195fd96a4ca3ed142f24e7fa7f0e360bd760603916ea56c25402c25e9f5854bdb1dcfeb144c150253e2d07d5d676a8e186598fcd6c6fcbfc3bc09f5ab8e2bffb95d93328f637f4e27605eb5c027031ab10ec81141acd9e5ff6a5422e8147b0ce9897231ffb0081bb55d1cc52bb59a0c2b295c166aa653f2043039626ed47aaeaab2731d80280f075d3d3d612c0950821ade5f133e0b5d9cfdf2ffded8199a939c011219d57e6bbb81103816ee5f2280685a759644afab4aff145dac88149e6b2a2d3e4e5f0ac2fabace36f142efe3a4057832a91da2d0d23f18232a3bc477996d223a701f438a8371dd6309f1fad43a540dbaf1d728980752a9e05a327d04446b4f55f211b676f9c95dbbd5d405b82418bda9f44bcdf3998ceaaea9c1f6b9122528532fca709e48980a6e7d7eca0eaedbba286a1c9f9fee70de0c0f351b1dd38fe3d999960e9b92c0de877d1dcddd925a1f336de62b96f0ce69abdaacabf94fbead11ac94717dc35e8e658b0c2e568521e1ba2b19c03c81a2a1b900205f12bff00a0a780eaf940a653be7567924970f9ec3997fedaf58d1b8f0f77d89915a4335aa8fffaf622fd5c6e66c96e6738277981f714e244b0aff4073beb94c42335a0bc1327a6442fd6c7581345e6560aeb38fdd2c9166f9136146a8f91b0aed7b16a96b4917c8cb5b81f9d3dfd7c0b7506a16e9ec432ceebe5eebc4e9d4b4c1f359b04fdff15d594242ee7aec03428fab47eeac1c17a74a055faae161ac7ea9b044ffe331c5a59069f424e5e5b86037ef9764cab1a3a5516fb6e5e8b2ec096d65cbdf372a48227fb54d8e6b2e90b31ec00d8d7bf78e842d2b00371f3a798e01817f2857b5d82814fce9f31cd953cb900ca6c5c4b0a31b49ed93038aa44f70816a21a2e1ccde673ec28074732f06778aed2b158906e13efb6f57c66f2182d4a524405d21f618e35ced804207a6c7948cbc1b51fdbbd1ac89481f302b0944bb61706c011a5160fe2c66c05c5d48da7ed65e5e8357e7ad20b845019caee3a322d01f4965f2eabcc96600609e841a15245b6f95e5088e771316684974e9a2a7e16b4afc6b38f3c1b1889a3f6f23ebc833d7526bb435d614a0f8a431573c276427e0eac5752cfa7b227a44c01de1d2b48c624dc5bd228c4f687662a90c5800217ce7d14cc99f3ad0e72fd4e19458f2a4e6eda7b9d98a38f160ba8707e77eb5611db7632b4ce37e09350b26e45de2f50e7f46259a3cc25c01961bae89c491c6ab4a84a231df18f47b23a992759d720823097f3045ebdb4be96e071d335e70825421856e6d1eff229cffda9e20364ddc4f40a2377e5f809fec347a5dbbf9ede253638ddc6ab863aa50431a4ca69da5a6156301e6a25dbb356b212abe0972156d793981864e689ddfe64cb4c2aa3d74056cc7c9dfae1d0f72c86c2247b96195f193a68eaea53074f83dd942fc2f3fd180992b63e2d30bec77181ccc87eab31ddd281a77315e3ce6a04a679e5519b28b9a8cd4c6947a92a1ce516435db8b79070cdda20778f721064a551ac4085c7cdc2fd0d8dd41f826b5d267bfa58ec0a68e2da776da476809a98b865ab30d6582d37207f0b90f41d7690b25534a6ac1d5bf8f73a82f9b157d6e97f192000fd36fba4a36e32a2c06fc80bc99cc9360786e506e11806f4b0f8d16137e591344ab9e7d113572f182ebe9067db6ca1adac54f60c76a40d2215fd61568b7f1316450d8d341ade37034a23f7916b59a30bd503141e516a6dd3389842a899ca9f3bb228c912bd4f416bcabd77f7f0ee1ac0c89196f06ea01fc0a3cd01318562559b289c1086d96205299f092fc4694b721522c4a39264bfa9bdfe3fd5d5d7544738cd4380bf84c0e68d5b4b62493c0f2acaff1c8a62ecd5ce4100a6d8d6e87c774a66a1f932c2139119d6dffbf7d6d6b830d7d462f84014c13c9bd212a7793e049e4ede48256617ed945fb9ddfce2c8efef454a1aa4799e8eb8e847ec1d42d9f980a78b3a8741bd5f5e5584809bdf077f4b91c3b7fdbc71eb476e5a63761a3c9a17504c1610544ff28291499b6078428e02b3c1a53ee2efcd61cdfdf570fa2b1e10f28b8347f36b0766c5e2222170ed3afcb28f29f8e8c3295a213cb23e44a6f2ca65ac23964fe95d7232f54d003e793c73709a30ee54d5a5283cb9afa0c7ee98fdc32d6f5be578c397a69bd6fff5cd08305ac67a35bd1240ccd42643d4c99bf03c7efd1f05e995de13e2d9f22c88ea0027d0ee9a57531dd94b73e42861ad085c546ed75de02f6873c823d09e055caba0f2e08000126c2afe7b6ddd2f7ed56a067b24d5ec6b8af752ef6d599a83284506834980bc1ba60d8a02772e24e2a25cae418b6e04c271c607d5621363d2348536b23838fb08616234eed165e925ed8c4705125f85b40a49460acadab889f114948622b82ff088c1f469022ce154c52473645ae1f9c5bdee80c27f448da7c52ed1cb2d4e837a817664b9be9ccba13a91ee3732ae33cc661b65eacaea477cdb0ddcfa514bb205af56de0e6a035784e6d0ae862d586b434683eed4e6cd218a0d689b4451b939e500f29bd99407f2617e09e34d3ee7fa9414f5158befcbb8ae2e6ca6c63f931b706f566816ac25818cf62725b24f990157a79489a408eadc194fc8c825e604c7cb814e28169524022367b146c88ef106da7572549e849ca198ca477f293fc768502b34b4502e432e71d8707ed4c7ca4041dc8d9ae64ed97761f2cc26ae5d15d1f0983f08077c3ae94c4eabcf9d53316abe1bf27c0bcecc5dbffca5bc1fd97557c6c9cc86e1dddc8131c7f6b2e3656add960875565322e029c41db413b8af758573634ba668091720ec6510fba3f261db6c62cf81bfaf795768d6c537e1d5ba3e3f37aba9b9dc7ffbeaabf03e5262d4442d6062b875242d46675b0755a2d96f580664d0c775d26148d2974e3313e5bbd2dc3d1bb52c798ecfd5002d51075961bcb628624fb90695dc68dfe3583e5037c7a10afc5521360c72632a6b5acdc89b0cfa25c006339a964d8088552d4dbcc65eb78ba308e7c68c52555fad4445e5cfb26c24f8f06fe2a08f0826c3ecb63e29c4c7706a34ba83fe265ecc51e50948972a206fb75cd8974fc36122935fb6d80eca773a25694e219485bbf600590b082bd81a3f46f7ef9eb01d5444d7e91a6ee9e8fd4b332a0220e0f5c5e1e2be1bbbf33b7760aa77ce79fc64228684a39278ce8146c2cb21cbf59e26b337f7396b21087b6d3e9655b772e7b1537037276ccfa72027642537f0bfefde819eb639845d2caefdb651764cfc47e57658e3c9490bdb9c395a29f43bd92d434198543cb3d565005f83034a87f8a7dd534f82a3b5c117fd875862f33df03944103546febe281a210f1de50a321b88572568d9c238db339e647f0c91b4bac8efb8c3ced91b21a3937f42990ca42c17468b3b609fe01e7ad6a4cea202d3bd20888a9d3bb802422df57c769ed6da80c39141cf3ca84e20f4bcacad66de818be7e9c4b8c928e95be0f8a6918aed327307994d86774f82219e4fda3da7f73eb72da1232eba493db8f2858995157aa92b60a85d160d17726ce9376ae9381bf6a340c7a46463113e78c6a8f8a7b498477953b4f8a3cf3741739d4365b98d422555c5191c118c2aa4779e747de761caf410986436476882c0653a09302e7e47293061b2c30c60581f9c2ebcc5fe77de07f389a2c8b4fba0e31bdfd1622f05c3fa004f0fb31987637870ff563533011ccfbdec23ef00739861926d478271d65b2e5f62f0b22cbd7b9ba834390234478164c660a158207d6418d7f47fd19bf8c58532fcec47b88c67f841da30fe061d5b08699988686ef679083909cfff79ccc00de7f326bbad2a0970e92deee26cb39a7918d867711ae517e5afb998844a9972b4bec65df9facbbc3551d30a73d32e17dadf4735c8e71a7188677dbaf6f4cacffea851bf75aefc165f0a960aa7214511b34567a1e938c41ae94c433ee21e1103badcff0faaf9fddb406c4bb883abb07ce0d572195df3fba7988d5f9bbfb01164ead5055d461906833eb4a1b26adba64dc12694843847b0f2d1ed1e747f911f43d3a61a3cdac0ee67c2ec974c10f884bd35e2b2a280eb41f333209026bb5a6af2dbbe9c6dc2a63af7f68e416afed3e823577644d94896f5068677446e942c28825b91594432db43aab824d75303d5e67fbd2d104f3cca5c4228103f628961f95b4c41ada9beae6db4a2235b18ede583fedb963e198e957063e5a488916eeffe68544107902b40f40039884339da1d563d9fcb045299599aabdaaf2777d816d501d4fb67d2d304a01cb3b65cfa3095cba450c139938fb1564a3654c642b70e00c79c9a2e2b5ab361ad75ca45eacf6d0b4377c2754d9521487ffcdebc26f52aa2ee330d779648173d395f8b13e931d42bbb8f4b7e6374533078ef28eb0b9ca3f69cf001ed39e89c58ef6b9795161c332a67bd275a12e0aaf730da5f30fd059d3baa12fafbceb40d16e56bd1940d0e1c255f027423d2b42a29fa5d319872997c1b1153b82808e5a8ef15a3b434096c0c0a3075e43422f92e7b27c697f639830898e0800d3dc469c32dd5b2286775958a7ec91838649daa3147ce47106add89c340b25d3e86f1454b100b0b19dd8bc6b570627e56dc8d972222b3d82d0714d4d3e3dc709bb84c0b25c193ecb5e0267ef672de6b6d83d040c97da856bc865b73fc55d88c44e7f541b9bbc7346442a9af6ba879df7402a0463fca465d2e62ca3468e0c0023d1f6f4860dd7ed0cfe930f923417dcd7b433f7d6288c5a0dc450adefba42963e10af312be718f838532922de1b4a9e257a2d671acb6423bafd578342e37e443bc36040bdd85379d2518b3a8b6191b80851458c1afb4af72cb6d53be2080103508d26aecbaad67afffe4024e3fc9dc37e73c614f969bc002c129b39b8c4fded690210ee2e7953d145ee4063208c5cdc232afbdb0aab761f5424f22d0007c5a88b4a52643e4293e5d897a68b071e79728a217ce873b529783508771b7ee37ccf3d89b0f68dbcddad7af800ae9ba53a10a80ebf5166768eaa32b1869877851bf1f1817417ead7e20ccb1d57341f6fb316eca5d768ab11ca06cbcf5b198add3fcbbe6052de03a4003cea0673de88ba67f8b0790b8c8e20bb82ef747c246ce251578354d17431e7f3b7cfcd6769fa9a0f5eb9d7599a569baa0e34ac8eaa12da850441083fc8ad3592b0c8199a5e64071aea6b909cc25545c8116594c0ddd4ba54d29f71b5c70ffe9143a86b59e27e9db105bb36b46bd1c339d8f9a0b80a544dbbadd242025fda785065897d846e6c5f30c0630a201b8d917709d445beaa36eb2d70d936e79805fbadb7fe23a648f1de0bc4e5ab8161925365ed66812269827f5f417bad3206112f981868784311937d8d10b97c2c6f0719dfb3c00be2657c935f67ded7b07dbd584638bd9cebdfb9b316f63aaa4e45c8eb32dc748da755351e23514f10df534c8d5513291817a98bc3b2c6ca478cf8b180efb3b15a8c8c6941333b50f7af7d4a0164cf281c0f662c7b50763c087596101ffbae394a4a868cec2cb700000000000"], &(0x7f00000000c0), 0x1400)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f00000001c0)={<r3=>0x0, <r4=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000200)={r3, r4/1000+30000}, 0x10)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x20111, r2, 0x20000000000000)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r2, 0x0)

21:38:17 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c900000064000000000432000520", 0x54, 0x1a0}])

21:38:17 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:17 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xa46]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:17 executing program 1:
close(0xffffffffffffffff)
r0 = socket(0x840000000002, 0x3, 0xff)
connect$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r2 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r0, r1, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1406.549822] Dev loop3: unable to read RDB block 1
21:38:17 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x20013, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

[ 1406.603810]  loop3: unable to read partition table
21:38:17 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x1000000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1406.656683] loop3: partition table beyond EOD, truncated
[ 1406.674767] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:17 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(0xffffffffffffffff)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:17 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x9effffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:17 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c900000064000000000432000520", 0x54, 0x1a0}])

[ 1407.097358] Dev loop3: unable to read RDB block 1
[ 1407.111733]  loop3: unable to read partition table
[ 1407.155063] loop3: partition table beyond EOD, truncated
[ 1407.160936] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:18 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xe00000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:18 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = mmap$binder(&(0x7f0000001000/0x10000)=nil, 0x10000, 0x0, 0x10010, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x9c, 0x0, &(0x7f00000001c0)=[@acquire={0x40046305, 0x3}, @decrefs={0x40046307, 0x3}, @increfs_done={0x40106308, r2, 0x2}, @clear_death={0x400c630f, 0x4}, @increfs, @dead_binder_done={0x40086310, 0x1}, @acquire={0x40046305, 0x2}, @transaction_sg={0x40486311, {{0x4, 0x0, 0x2, 0x0, 0x11, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000000)=[@fd={0x66642a85, 0x0, r0, 0x0, 0x3}], &(0x7f0000000040)=[0x28]}, 0x6}}], 0x42, 0x0, &(0x7f00000000c0)="2e64826c4eb3b38228e20ae7672d51b793fea3f0f2eadf59807b880e433a908ee8f42c2e6da5bd9ef2ce3abe3708fac18970c55fbd7ded635225a0df699fe4b2452a"})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)

21:38:18 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x0, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:18 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x10000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:18 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000", 0x5a, 0x1a0}])

[ 1407.592084] binder: 24455:24457 Acquire 1 refcount change on invalid ref 3 ret -22
[ 1407.645745] binder: 24455:24457 DecRefs 0 refcount change on invalid ref 3 ret -22
21:38:18 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

[ 1407.732880] binder: 24455:24457 BC_INCREFS_DONE u0000000000000000 no match
[ 1407.746464] Dev loop3: unable to read RDB block 1
[ 1407.750124] binder: 24455:24457 BC_CLEAR_DEATH_NOTIFICATION invalid ref 4
[ 1407.751624]  loop3: unable to read partition table
[ 1407.758882] binder: 24455:24457 IncRefs 0 refcount change on invalid ref 0 ret -22
[ 1407.771574] binder: 24455:24457 BC_DEAD_BINDER_DONE 0000000000000001 not found
21:38:18 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x1200]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:18 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x0, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1407.779186] binder: 24455:24457 Acquire 1 refcount change on invalid ref 2 ret -22
[ 1407.788548] binder: 24455:24457 got transaction to invalid handle
[ 1407.795158] binder_transaction: 5 callbacks suppressed
[ 1407.795178] binder: 24455:24457 transaction failed 29201/-22, size 24-8 line 2834
[ 1407.809096] loop3: partition table beyond EOD, truncated
[ 1407.819420] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
[ 1407.908149] binder: 24455:24469 Acquire 1 refcount change on invalid ref 3 ret -22
[ 1407.935742] binder: 24455:24469 DecRefs 0 refcount change on invalid ref 3 ret -22
21:38:19 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000", 0x5a, 0x1a0}])

[ 1407.970747] binder: 24455:24469 BC_INCREFS_DONE u0000000000000000 no match
21:38:19 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xffff000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1408.014985] binder: 24455:24469 BC_CLEAR_DEATH_NOTIFICATION invalid ref 4
[ 1408.046685] binder: 24455:24469 IncRefs 0 refcount change on invalid ref 0 ret -22
[ 1408.074913] binder: 24455:24469 BC_DEAD_BINDER_DONE 0000000000000001 not found
[ 1408.113081] binder: 24455:24469 Acquire 1 refcount change on invalid ref 2 ret -22
21:38:19 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0x0)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1408.122683] binder: 24455:24469 got transaction to invalid handle
[ 1408.141759] binder: 24455:24469 transaction failed 29201/-22, size 24-8 line 2834
[ 1408.210006] binder_release_work: 5 callbacks suppressed
[ 1408.210013] binder: undelivered TRANSACTION_ERROR: 29201
[ 1408.221434] binder: undelivered TRANSACTION_ERROR: 29201
[ 1408.235866] Dev loop3: unable to read RDB block 1
[ 1408.241016]  loop3: unable to read partition table
21:38:19 executing program 2:
syz_open_dev$binder(&(0x7f0000000380)='/dev/binder#\x00', 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, @perf_config_ext, 0x4, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x8, 0x2000)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000100), &(0x7f0000000300)=0x4)
write$FUSE_GETXATTR(r1, &(0x7f0000000340)={0x18, 0x0, 0x3, {0x6}}, 0x18)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_ACCEPT(r1, &(0x7f00000001c0)={0x8, 0x120, 0xfa00, {0xfffffffffffffffd, {0x7ff, 0xe4, "96e930dbb42867953ca0e09410c92845aa59699dfe7fcc17baa5f86ce6a1b3a755cdbe2647fcccc23a5f62ada44cf28703a245e9cf0a64f3fd35e195128d0917494ee30bed5c926e32788ddde14717ea716f9184f60dd53e3dd30f293c703f3dba927ee5aa3b71ae3873f4cab49c251667570015f0e42f1cb8e413e77c98293d105a6a15335c926ec12bbf94dede535ae55856c69603d25aa0301942cb922ee7cd07324067eae423e5d386ef43f5e07f7fdcd9194344cd146d72887e420c10e2c17976a6c72ae1ea0b9747094a4f16f5fd9f198e265290211862a097b30ab530a5c7ea62bfaae6e517ecad4cc3c90c4365f23b6eb3dfb45d3c7a94ffb0111c5f", 0xec, 0x7786, 0x1bd3, 0x3f, 0x7, 0x401, 0x7, 0x1}, r2}}, 0x128)
r3 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r3, 0x0)

[ 1408.292241] loop3: partition table beyond EOD, truncated
[ 1408.307962] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:20 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:20 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x20000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:20 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000", 0x5a, 0x1a0}])

21:38:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xe000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:20 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x800)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=[&(0x7f0000000040)='nodev\x00'], &(0x7f0000000340)=[&(0x7f0000000100)='em0em0}wlan1\'vboxnet1user\x00', &(0x7f00000001c0)='/dev/binder#\x00', &(0x7f0000000200)='\\.%+@)\x00', &(0x7f0000000240)='(\\mime_type^\x00', &(0x7f0000000280)='\xb5selinuxcpuseteth0\x00', &(0x7f00000002c0)='/dev/binder#\x00', &(0x7f0000000300)='*,\x00'])
r2 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000e, 0x80010, r0, 0x0)
r3 = request_key(&(0x7f0000000400)='id_resolver\x00', &(0x7f0000000440)={'syz', 0x1}, &(0x7f0000000480)=',\\selfvmnet1)\x00', 0xfffffffffffffff9)
keyctl$negate(0xd, r2, 0xecc7, r3)

21:38:20 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1409.318802] binder_alloc_mmap_handler: 9 callbacks suppressed
[ 1409.318820] binder_alloc: binder_alloc_mmap_handler: 24522 20ffd000-21000000 already mapped failed -16
[ 1409.342596] Dev loop3: unable to read RDB block 1
[ 1409.360178]  loop3: unable to read partition table
21:38:20 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x6000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1409.380215] loop3: partition table beyond EOD, truncated
[ 1409.380637] binder_alloc: binder_alloc_mmap_handler: 24522 20001000-20004000 already mapped failed -16
[ 1409.387107] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
[ 1409.462563] binder_alloc: binder_alloc_mmap_handler: 24522 20ffd000-21000000 already mapped failed -16
21:38:20 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d30600", 0x5d, 0x1a0}])

21:38:20 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, 0x0)
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:20 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x460a]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:20 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x420080, 0x0)
ioctl$KVM_SET_FPU(r1, 0x41a0ae8d, &(0x7f00000001c0)={[], 0x8, 0x20, 0x10000, 0x0, 0x4fca, 0x103000, 0x0, [], 0x800})

[ 1409.717446] Dev loop3: unable to read RDB block 1
[ 1409.749483]  loop3: unable to read partition table
[ 1409.796435] loop3: partition table beyond EOD, truncated
[ 1409.814720] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
[ 1409.875322] binder_alloc: binder_alloc_mmap_handler: 24558 20ffd000-21000000 already mapped failed -16
21:38:20 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x9]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:20 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x0, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1409.961395] binder_alloc: binder_alloc_mmap_handler: 24558 20ffd000-21000000 already mapped failed -16
21:38:21 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d30600", 0x5d, 0x1a0}])

[ 1410.049166] binder_alloc: binder_alloc_mmap_handler: 24558 20001000-20004000 already mapped failed -16
[ 1410.287017] Dev loop3: unable to read RDB block 1
[ 1410.344931]  loop3: unable to read partition table
[ 1410.383115] loop3: partition table beyond EOD, truncated
[ 1410.409584] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:21 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x2000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:21 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x2)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x1000000, 0x1e, r0, 0x2000000000400000)

21:38:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x700, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:21 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d30600", 0x5d, 0x1a0}])

21:38:21 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x0, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1410.641771] binder_alloc: binder_alloc_mmap_handler: 24587 20001000-20004000 already mapped failed -16
[ 1410.655880] Dev loop3: unable to read RDB block 1
[ 1410.665982]  loop3: unable to read partition table
[ 1410.676306] loop3: partition table beyond EOD, truncated
21:38:21 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xa000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1410.691284] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:21 executing program 2:
syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x40000802)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

21:38:21 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055", 0x5f, 0x1a0}])

21:38:21 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x9000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:22 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x0, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1410.973383] binder_alloc: binder_alloc_mmap_handler: 24613 20ffd000-21000000 already mapped failed -16
[ 1411.021506] binder_alloc: binder_alloc_mmap_handler: 24613 20001000-20004000 already mapped failed -16
[ 1411.063194] binder_alloc: binder_alloc_mmap_handler: 24613 20ffd000-21000000 already mapped failed -16
[ 1411.116083] Dev loop3: unable to read RDB block 1
[ 1411.128043]  loop3: unable to read partition table
[ 1411.178047] loop3: partition table beyond EOD, truncated
[ 1411.231462] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:22 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f00000000c0)=@generic={0x0, 0x1000, 0x784})
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x10, r1, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x80000, 0x0)
connect$bt_sco(r2, &(0x7f0000000240)={0x1f, {0x7, 0x3, 0x0, 0x3, 0x2, 0x8}}, 0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x0, 0x1009}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x7, @local, 0x6f1}, {0xa, 0x4e23, 0x5, @mcast2}, r3, 0x5}}, 0x48)

[ 1411.438049] binder: 24636:24638 ioctl 8940 200000c0 returned -22
[ 1411.520182] binder: 24636:24642 ioctl 8940 200000c0 returned -22
21:38:22 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:22 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf0]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:22 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x0)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x700000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:22 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055", 0x5f, 0x1a0}])

21:38:22 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xb4, 0x0, &(0x7f00000001c0)=[@increfs_done={0x40106308, r1, 0x1}, @acquire={0x40046305, 0x2}, @clear_death={0x400c630f, 0x0, 0x1}, @reply={0x40406301, {0x2, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000040)=[@flat={0x77622a85, 0x10b}, @ptr={0x70742a85, 0x1, &(0x7f0000000000), 0x1, 0x4, 0x1e}], &(0x7f00000000c0)=[0x78, 0x30]}}, @acquire_done={0x40106309, r1, 0x1}, @free_buffer={0x40086303, r1}, @clear_death={0x400c630f, 0x2, 0x3}, @increfs_done={0x40106308, r1, 0x3}], 0x42, 0x0, &(0x7f0000000280)="1df116aea84a5d9bbc04a284b2354818872905de3c831edd792ccec1d24fabdf40a11823f7439cc8b61ac1decec9d13b11448837e6f754aaf047994a9c9e5f30d7ab"})

21:38:22 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x96a2a62008]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1411.878106] binder: 24650:24654 BC_INCREFS_DONE u0000000000000000 no match
[ 1411.894748] binder: 24650:24654 Acquire 1 refcount change on invalid ref 2 ret -22
[ 1411.940714] binder: 24650:24654 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[ 1411.955110] binder: 24650:24654 got reply transaction with no transaction stack
[ 1411.966079] Dev loop3: unable to read RDB block 1
[ 1411.970987]  loop3: unable to read partition table
[ 1411.989009] binder: 24650:24654 transaction failed 29201/-71, size 64-16 line 2741
[ 1412.012086] loop3: partition table beyond EOD, truncated
[ 1412.029895] binder: undelivered TRANSACTION_ERROR: 29201
[ 1412.035977] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
21:38:23 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x0)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:23 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x1100000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:23 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055", 0x5f, 0x1a0}])

21:38:23 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x400, 0x0)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000040)={'eql\x00', 0x7})
r3 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000e, 0x10, r0, 0x1)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r3, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={r2, 0x6, 0x1, 0x5, &(0x7f00000000c0)=[0x0], 0x1}, 0x20)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r3, 0x0)

[ 1412.361033] Dev loop3: unable to read RDB block 1
[ 1412.379930]  loop3: unable to read partition table
21:38:23 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x3f00000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1412.418464] loop3: partition table beyond EOD, truncated
[ 1412.465070] Unknown ioctl 35106
[ 1412.471852] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
[ 1412.552073] Unknown ioctl 35106
21:38:23 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:23 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x0)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:23 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60}])

21:38:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x3f000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:24 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x100000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:24 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_ADD_BUFS(r0, 0xc0206416, &(0x7f0000000040)={0x10001, 0xe6, 0x5, 0x94, 0x17, 0x101})
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)

21:38:24 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0xf000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:24 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60}])

21:38:24 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xf0]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:24 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x1)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x12, r0, 0x80000000)

21:38:24 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
socket$inet6(0xa, 0x803, 0x200000003)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:24 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xfffffffc]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:25 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:25 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60}])

21:38:25 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000100)={0x0, 0x65, 0x5, &(0x7f00000000c0)=0x3})
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f00000001c0))
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000000001, 0x12, r1, 0x0)

21:38:25 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
socket$inet6(0xa, 0x803, 0x200000003)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:25 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x13]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:25 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x7000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:25 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x1000000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:25 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000560000000000000bb00000000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a784503102c4dd63c3f3f2512676cc00a9a59fe453bab6860f727d06c7b9e882fe5c23051d59591c81a6dcf497b9dd74daee3d040802884ef5aa3962ffc244406f7814416a13738f314ee13edd8d364f4dc825470d6aa3adb56e71f1324ad21aab1331c13c"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'])
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r2, 0x0)

21:38:25 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
socket$inet6(0xa, 0x803, 0x200000003)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1414.493266] binder_alloc_mmap_handler: 16 callbacks suppressed
[ 1414.493286] binder_alloc: binder_alloc_mmap_handler: 24783 20ffd000-21000000 already mapped failed -16
21:38:25 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
socket$inet6(0xa, 0x803, 0x200000003)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:25 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xffffff7f00000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1414.623198] binder_alloc: binder_alloc_mmap_handler: 24783 20001000-20004000 already mapped failed -16
[ 1414.696938] binder_alloc: binder_alloc_mmap_handler: 24783 20ffd000-21000000 already mapped failed -16
21:38:25 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x0, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:26 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xfffff000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:26 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x2)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x4528, 0x80000)
ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f00000000c0)={0x80, 0x0, 0x1, r2})

21:38:26 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x0, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x700000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

[ 1415.297010] binder_alloc: binder_alloc_mmap_handler: 24807 20ffd000-21000000 already mapped failed -16
[ 1415.406590] binder_alloc: binder_alloc_mmap_handler: 24807 20001000-20004000 already mapped failed -16
21:38:26 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x400000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xffffff7f]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1415.481772] binder_alloc: binder_alloc_mmap_handler: 24807 20ffd000-21000000 already mapped failed -16
21:38:26 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x0, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:26 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x800)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

21:38:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xfcffffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1415.796639] binder_alloc: binder_alloc_mmap_handler: 24833 20ffd000-21000000 already mapped failed -16
[ 1415.856156] binder_alloc: binder_alloc_mmap_handler: 24833 20001000-20004000 already mapped failed -16
21:38:26 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x600]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1415.897752] binder_alloc: binder_alloc_mmap_handler: 24833 20ffd000-21000000 already mapped failed -16
21:38:27 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x100, 0x400)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000040)={<r1=>0x0, 0x401, 0x0, 0x5, 0x5}, &(0x7f00000000c0)=0x18)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r1, 0xd9}, &(0x7f00000001c0)=0x8)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r2, 0x0)

21:38:27 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x7000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:27 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xa46]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:27 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, 0x0)
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:27 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x400000, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/sco\x00')
renameat2(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000100)='./file0\x00', 0x1)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)

21:38:27 executing program 3:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1416.530840] binder_alloc: binder_alloc_mmap_handler: 24863 20001000-20004000 already mapped failed -16
[ 1416.589321]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1416.589336] loop3: partition table partially beyond EOD, truncated
[ 1416.726281] loop3: p1 start 1 is beyond EOD, truncated
21:38:27 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x2000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:27 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x12]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:27 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, 0x0)
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1416.775103] loop3: p2 size 2 extends beyond EOD, truncated
21:38:27 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, @perf_config_ext, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x6)

[ 1416.846269] loop3: p3 start 201 is beyond EOD, truncated
21:38:27 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x200000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1416.892750] loop3: p4 start 301 is beyond EOD, truncated
[ 1416.914094] loop3: p5 start 1 is beyond EOD, truncated
[ 1416.929367] loop3: p6 start 1 is beyond EOD, truncated
[ 1416.954014] loop3: p7 start 1 is beyond EOD, truncated
[ 1416.965828] loop3: p8 start 1 is beyond EOD, truncated
[ 1416.993875] loop3: p9 start 1 is beyond EOD, truncated
21:38:28 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, 0x0)
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1417.040107] loop3: p10 start 1 is beyond EOD, truncated
[ 1417.075068] loop3: p11 start 1 is beyond EOD, truncated
[ 1417.080658] loop3: p12 start 1 is beyond EOD, truncated
[ 1417.115582] loop3: p13 start 1 is beyond EOD, truncated
21:38:28 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x900000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1417.146986] loop3: p14 start 1 is beyond EOD, truncated
[ 1417.152525] loop3: p15 start 1 is beyond EOD, truncated
[ 1417.181149] loop3: p16 start 1 is beyond EOD, truncated
[ 1417.194126] loop3: p17 start 1 is beyond EOD, truncated
[ 1417.219875] loop3: p18 start 1 is beyond EOD, truncated
[ 1417.242497] loop3: p19 start 1 is beyond EOD, truncated
[ 1417.266842] loop3: p20 start 1 is beyond EOD, truncated
[ 1417.277551] loop3: p21 start 1 is beyond EOD, truncated
[ 1417.288159] loop3: p22 start 1 is beyond EOD, truncated
[ 1417.378880] loop3: p23 start 1 is beyond EOD, truncated
[ 1417.454451] loop3: p24 start 1 is beyond EOD, truncated
[ 1417.477775] loop3: p25 start 1 is beyond EOD, truncated
[ 1417.483195] loop3: p26 start 1 is beyond EOD, truncated
[ 1417.488723] loop3: p27 start 1 is beyond EOD, truncated
[ 1417.494107] loop3: p28 start 1 is beyond EOD, truncated
[ 1417.499605] loop3: p29 start 1 is beyond EOD, truncated
[ 1417.505445] loop3: p30 start 1 is beyond EOD, truncated
[ 1417.510892] loop3: p31 start 1 is beyond EOD, truncated
[ 1417.518616] loop3: p32 start 1 is beyond EOD, truncated
[ 1417.524008] loop3: p33 start 1 is beyond EOD, truncated
[ 1417.524021] loop3: p34 start 1 is beyond EOD, truncated
[ 1417.524033] loop3: p35 start 1 is beyond EOD, truncated
[ 1417.524046] loop3: p36 start 1 is beyond EOD, truncated
[ 1417.524058] loop3: p37 start 1 is beyond EOD, truncated
21:38:28 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x1)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:38:28 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x300000a, 0x110, r0, 0x0)

21:38:28 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x10000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:28 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140))
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1417.524070] loop3: p38 start 1 is beyond EOD, truncated
[ 1417.524087] loop3: p39 start 1 is beyond EOD, truncated
[ 1417.574449] loop3: p40 start 1 is beyond EOD, truncated
[ 1417.587220] loop3: p41 start 1 is beyond EOD, truncated
[ 1417.603940] loop3: p42 start 1 is beyond EOD, truncated
[ 1417.611335] loop3: p43 start 1 is beyond EOD, truncated
[ 1417.636575] loop3: p44 start 1 is beyond EOD, truncated
[ 1417.645789] loop3: p45 start 1 is beyond EOD, truncated
[ 1417.651453] loop3: p46 start 1 is beyond EOD, truncated
[ 1417.657698] loop3: p47 start 1 is beyond EOD, truncated
[ 1417.679129] loop3: p48 start 1 is beyond EOD, truncated
[ 1417.697277] binder: release 24910:24914 transaction 6447 out, still active
[ 1417.711921] binder_alloc: 24910: binder_alloc_buf, no vma
[ 1417.720098] binder: unexpected work type, 4, not freed
[ 1417.732884] loop3: p49 start 1 is beyond EOD, truncated
[ 1417.765347] binder: undelivered TRANSACTION_COMPLETE
[ 1417.770784] binder: 24910:24914 transaction failed 29189/-3, size 0-0 line 2973
[ 1417.780111] loop3: p50 start 1 is beyond EOD, truncated
[ 1417.840435] loop3: p51 start 1 is beyond EOD, truncated
[ 1417.848489] loop3: p52 start 1 is beyond EOD, truncated
[ 1417.855830] loop3: p53 start 1 is beyond EOD, truncated
[ 1417.870254] loop3: p54 start 1 is beyond EOD, truncated
[ 1417.876591] loop3: p55 start 1 is beyond EOD, truncated
[ 1417.882174] loop3: p56 start 1 is beyond EOD, truncated
[ 1417.887955] loop3: p57 start 1 is beyond EOD, truncated
[ 1417.893583] loop3: p58 start 1 is beyond EOD, truncated
[ 1417.899517] loop3: p59 start 1 is beyond EOD, truncated
[ 1417.905153] loop3: p60 start 1 is beyond EOD, truncated
[ 1417.910739] loop3: p61 start 1 is beyond EOD, truncated
[ 1417.916457] loop3: p62 start 1 is beyond EOD, truncated
[ 1417.922038] loop3: p63 start 1 is beyond EOD, truncated
[ 1417.932782] binder: undelivered TRANSACTION_ERROR: 29189
[ 1417.938805] binder: send failed reply for transaction 6447, target dead
[ 1417.958248] loop3: p64 start 1 is beyond EOD, truncated
[ 1417.981349] loop3: p65 start 1 is beyond EOD, truncated
[ 1417.991283] loop3: p66 start 1 is beyond EOD, truncated
[ 1417.997732] loop3: p67 start 1 is beyond EOD, truncated
[ 1418.003401] loop3: p68 start 1 is beyond EOD, truncated
[ 1418.009959] loop3: p69 start 1 is beyond EOD, truncated
[ 1418.016207] loop3: p70 start 1 is beyond EOD, truncated
[ 1418.021624] loop3: p71 start 1 is beyond EOD, truncated
[ 1418.027230] loop3: p72 start 1 is beyond EOD, truncated
[ 1418.032696] loop3: p73 start 1 is beyond EOD, truncated
[ 1418.038359] loop3: p74 start 1 is beyond EOD, truncated
[ 1418.043745] loop3: p75 start 1 is beyond EOD, truncated
[ 1418.049256] loop3: p76 start 1 is beyond EOD, truncated
[ 1418.054713] loop3: p77 start 1 is beyond EOD, truncated
[ 1418.060089] loop3: p78 start 1 is beyond EOD, truncated
[ 1418.065614] loop3: p79 start 1 is beyond EOD, truncated
[ 1418.071007] loop3: p80 start 1 is beyond EOD, truncated
[ 1418.076440] loop3: p81 start 1 is beyond EOD, truncated
[ 1418.081823] loop3: p82 start 1 is beyond EOD, truncated
[ 1418.087276] loop3: p83 start 1 is beyond EOD, truncated
[ 1418.092687] loop3: p84 start 1 is beyond EOD, truncated
[ 1418.098148] loop3: p85 start 1 is beyond EOD, truncated
[ 1418.103531] loop3: p86 start 1 is beyond EOD, truncated
[ 1418.108995] loop3: p87 start 1 is beyond EOD, truncated
[ 1418.114380] loop3: p88 start 1 is beyond EOD, truncated
[ 1418.119813] loop3: p89 start 1 is beyond EOD, truncated
[ 1418.125235] loop3: p90 start 1 is beyond EOD, truncated
[ 1418.130597] loop3: p91 start 1 is beyond EOD, truncated
[ 1418.136045] loop3: p92 start 1 is beyond EOD, truncated
[ 1418.141436] loop3: p93 start 1 is beyond EOD, truncated
[ 1418.146869] loop3: p94 start 1 is beyond EOD, truncated
[ 1418.152255] loop3: p95 start 1 is beyond EOD, truncated
[ 1418.157705] loop3: p96 start 1 is beyond EOD, truncated
[ 1418.163075] loop3: p97 start 1 is beyond EOD, truncated
[ 1418.168503] loop3: p98 start 1 is beyond EOD, truncated
[ 1418.173883] loop3: p99 start 1 is beyond EOD, truncated
[ 1418.179356] loop3: p100 start 1 is beyond EOD, truncated
[ 1418.184884] loop3: p101 start 1 is beyond EOD, truncated
[ 1418.190338] loop3: p102 start 1 is beyond EOD, truncated
[ 1418.195898] loop3: p103 start 1 is beyond EOD, truncated
[ 1418.201398] loop3: p104 start 1 is beyond EOD, truncated
[ 1418.206979] loop3: p105 start 1 is beyond EOD, truncated
[ 1418.212441] loop3: p106 start 1 is beyond EOD, truncated
[ 1418.217990] loop3: p107 start 1 is beyond EOD, truncated
[ 1418.223467] loop3: p108 start 1 is beyond EOD, truncated
[ 1418.228993] loop3: p109 start 1 is beyond EOD, truncated
[ 1418.234460] loop3: p110 start 1 is beyond EOD, truncated
[ 1418.239981] loop3: p111 start 1 is beyond EOD, truncated
[ 1418.245483] loop3: p112 start 1 is beyond EOD, truncated
[ 1418.250936] loop3: p113 start 1 is beyond EOD, truncated
[ 1418.256451] loop3: p114 start 1 is beyond EOD, truncated
[ 1418.261926] loop3: p115 start 1 is beyond EOD, truncated
[ 1418.267479] loop3: p116 start 1 is beyond EOD, truncated
[ 1418.272950] loop3: p117 start 1 is beyond EOD, truncated
[ 1418.278474] loop3: p118 start 1 is beyond EOD, truncated
[ 1418.283934] loop3: p119 start 1 is beyond EOD, truncated
[ 1418.289454] loop3: p120 start 1 is beyond EOD, truncated
[ 1418.294964] loop3: p121 start 1 is beyond EOD, truncated
[ 1418.300412] loop3: p122 start 1 is beyond EOD, truncated
[ 1418.305940] loop3: p123 start 1 is beyond EOD, truncated
[ 1418.311444] loop3: p124 start 1 is beyond EOD, truncated
[ 1418.317092] loop3: p125 start 1 is beyond EOD, truncated
[ 1418.322562] loop3: p126 start 1 is beyond EOD, truncated
[ 1418.328166] loop3: p127 start 1 is beyond EOD, truncated
[ 1418.333656] loop3: p128 start 1 is beyond EOD, truncated
[ 1418.339209] loop3: p129 start 1 is beyond EOD, truncated
[ 1418.344721] loop3: p130 start 1 is beyond EOD, truncated
[ 1418.350181] loop3: p131 start 1 is beyond EOD, truncated
[ 1418.355702] loop3: p132 start 1 is beyond EOD, truncated
[ 1418.361208] loop3: p133 start 1 is beyond EOD, truncated
[ 1418.366732] loop3: p134 start 1 is beyond EOD, truncated
[ 1418.372193] loop3: p135 start 1 is beyond EOD, truncated
[ 1418.377717] loop3: p136 start 1 is beyond EOD, truncated
[ 1418.383206] loop3: p137 start 1 is beyond EOD, truncated
[ 1418.388747] loop3: p138 start 1 is beyond EOD, truncated
[ 1418.394239] loop3: p139 start 1 is beyond EOD, truncated
[ 1418.399783] loop3: p140 start 1 is beyond EOD, truncated
[ 1418.405291] loop3: p141 start 1 is beyond EOD, truncated
[ 1418.410733] loop3: p142 start 1 is beyond EOD, truncated
[ 1418.416239] loop3: p143 start 1 is beyond EOD, truncated
[ 1418.421707] loop3: p144 start 1 is beyond EOD, truncated
[ 1418.427231] loop3: p145 start 1 is beyond EOD, truncated
[ 1418.432701] loop3: p146 start 1 is beyond EOD, truncated
[ 1418.438226] loop3: p147 start 1 is beyond EOD, truncated
[ 1418.443714] loop3: p148 start 1 is beyond EOD, truncated
[ 1418.449319] loop3: p149 start 1 is beyond EOD, truncated
[ 1418.454861] loop3: p150 start 1 is beyond EOD, truncated
[ 1418.460308] loop3: p151 start 1 is beyond EOD, truncated
[ 1418.465845] loop3: p152 start 1 is beyond EOD, truncated
[ 1418.471294] loop3: p153 start 1 is beyond EOD, truncated
[ 1418.476846] loop3: p154 start 1 is beyond EOD, truncated
[ 1418.482322] loop3: p155 start 1 is beyond EOD, truncated
[ 1418.487824] loop3: p156 start 1 is beyond EOD, truncated
[ 1418.493289] loop3: p157 start 1 is beyond EOD, truncated
[ 1418.498837] loop3: p158 start 1 is beyond EOD, truncated
[ 1418.504294] loop3: p159 start 1 is beyond EOD, truncated
[ 1418.509790] loop3: p160 start 1 is beyond EOD, truncated
[ 1418.515287] loop3: p161 start 1 is beyond EOD, truncated
[ 1418.520726] loop3: p162 start 1 is beyond EOD, truncated
[ 1418.526247] loop3: p163 start 1 is beyond EOD, truncated
[ 1418.531702] loop3: p164 start 1 is beyond EOD, truncated
[ 1418.537212] loop3: p165 start 1 is beyond EOD, truncated
[ 1418.542685] loop3: p166 start 1 is beyond EOD, truncated
[ 1418.548183] loop3: p167 start 1 is beyond EOD, truncated
[ 1418.553645] loop3: p168 start 1 is beyond EOD, truncated
[ 1418.559446] loop3: p169 start 1 is beyond EOD, truncated
[ 1418.564994] loop3: p170 start 1 is beyond EOD, truncated
[ 1418.570469] loop3: p171 start 1 is beyond EOD, truncated
[ 1418.576016] loop3: p172 start 1 is beyond EOD, truncated
[ 1418.581515] loop3: p173 start 1 is beyond EOD, truncated
[ 1418.587102] loop3: p174 start 1 is beyond EOD, truncated
[ 1418.592571] loop3: p175 start 1 is beyond EOD, truncated
[ 1418.598097] loop3: p176 start 1 is beyond EOD, truncated
[ 1418.603605] loop3: p177 start 1 is beyond EOD, truncated
[ 1418.609159] loop3: p178 start 1 is beyond EOD, truncated
[ 1418.614682] loop3: p179 start 1 is beyond EOD, truncated
[ 1418.620138] loop3: p180 start 1 is beyond EOD, truncated
[ 1418.625660] loop3: p181 start 1 is beyond EOD, truncated
[ 1418.631124] loop3: p182 start 1 is beyond EOD, truncated
[ 1418.636725] loop3: p183 start 1 is beyond EOD, truncated
[ 1418.642206] loop3: p184 start 1 is beyond EOD, truncated
[ 1418.647719] loop3: p185 start 1 is beyond EOD, truncated
[ 1418.653180] loop3: p186 start 1 is beyond EOD, truncated
[ 1418.658750] loop3: p187 start 1 is beyond EOD, truncated
[ 1418.664206] loop3: p188 start 1 is beyond EOD, truncated
[ 1418.669736] loop3: p189 start 1 is beyond EOD, truncated
[ 1418.675305] loop3: p190 start 1 is beyond EOD, truncated
[ 1418.680759] loop3: p191 start 1 is beyond EOD, truncated
[ 1418.686266] loop3: p192 start 1 is beyond EOD, truncated
[ 1418.691734] loop3: p193 start 1 is beyond EOD, truncated
[ 1418.697238] loop3: p194 start 1 is beyond EOD, truncated
[ 1418.702713] loop3: p195 start 1 is beyond EOD, truncated
[ 1418.708281] loop3: p196 start 1 is beyond EOD, truncated
[ 1418.713752] loop3: p197 start 1 is beyond EOD, truncated
[ 1418.719379] loop3: p198 start 1 is beyond EOD, truncated
[ 1418.724906] loop3: p199 start 1 is beyond EOD, truncated
[ 1418.730385] loop3: p200 start 1 is beyond EOD, truncated
[ 1418.735980] loop3: p201 start 1 is beyond EOD, truncated
[ 1418.741434] loop3: p202 start 1 is beyond EOD, truncated
[ 1418.746954] loop3: p203 start 1 is beyond EOD, truncated
[ 1418.752430] loop3: p204 start 1 is beyond EOD, truncated
[ 1418.757978] loop3: p205 start 1 is beyond EOD, truncated
[ 1418.763450] loop3: p206 start 1 is beyond EOD, truncated
[ 1418.768984] loop3: p207 start 1 is beyond EOD, truncated
[ 1418.774461] loop3: p208 start 1 is beyond EOD, truncated
[ 1418.779958] loop3: p209 start 1 is beyond EOD, truncated
[ 1418.785450] loop3: p210 start 1 is beyond EOD, truncated
[ 1418.790904] loop3: p211 start 1 is beyond EOD, truncated
[ 1418.796510] loop3: p212 start 1 is beyond EOD, truncated
[ 1418.801969] loop3: p213 start 1 is beyond EOD, truncated
[ 1418.807463] loop3: p214 start 1 is beyond EOD, truncated
[ 1418.812930] loop3: p215 start 1 is beyond EOD, truncated
[ 1418.818430] loop3: p216 start 1 is beyond EOD, truncated
[ 1418.823895] loop3: p217 start 1 is beyond EOD, truncated
[ 1418.829391] loop3: p218 start 1 is beyond EOD, truncated
[ 1418.834881] loop3: p219 start 1 is beyond EOD, truncated
[ 1418.840321] loop3: p220 start 1 is beyond EOD, truncated
[ 1418.845834] loop3: p221 start 1 is beyond EOD, truncated
[ 1418.851307] loop3: p222 start 1 is beyond EOD, truncated
[ 1418.856795] loop3: p223 start 1 is beyond EOD, truncated
[ 1418.862267] loop3: p224 start 1 is beyond EOD, truncated
[ 1418.867775] loop3: p225 start 1 is beyond EOD, truncated
[ 1418.873241] loop3: p226 start 1 is beyond EOD, truncated
[ 1418.878783] loop3: p227 start 1 is beyond EOD, truncated
[ 1418.884266] loop3: p228 start 1 is beyond EOD, truncated
[ 1418.889786] loop3: p229 start 1 is beyond EOD, truncated
[ 1418.895302] loop3: p230 start 1 is beyond EOD, truncated
[ 1418.900750] loop3: p231 start 1 is beyond EOD, truncated
[ 1418.906247] loop3: p232 start 1 is beyond EOD, truncated
[ 1418.911704] loop3: p233 start 1 is beyond EOD, truncated
[ 1418.917215] loop3: p234 start 1 is beyond EOD, truncated
[ 1418.922689] loop3: p235 start 1 is beyond EOD, truncated
[ 1418.928222] loop3: p236 start 1 is beyond EOD, truncated
[ 1418.933691] loop3: p237 start 1 is beyond EOD, truncated
[ 1418.939195] loop3: p238 start 1 is beyond EOD, truncated
[ 1418.944730] loop3: p239 start 1 is beyond EOD, truncated
[ 1418.950173] loop3: p240 start 1 is beyond EOD, truncated
[ 1418.955723] loop3: p241 start 1 is beyond EOD, truncated
[ 1418.961186] loop3: p242 start 1 is beyond EOD, truncated
[ 1418.966700] loop3: p243 start 1 is beyond EOD, truncated
[ 1418.972163] loop3: p244 start 1 is beyond EOD, truncated
[ 1418.977705] loop3: p245 start 1 is beyond EOD, truncated
[ 1418.983175] loop3: p246 start 1 is beyond EOD, truncated
[ 1418.988672] loop3: p247 start 1 is beyond EOD, truncated
[ 1418.994152] loop3: p248 start 1 is beyond EOD, truncated
[ 1418.999656] loop3: p249 start 1 is beyond EOD, truncated
[ 1419.005140] loop3: p250 start 1 is beyond EOD, truncated
[ 1419.010578] loop3: p251 start 1 is beyond EOD, truncated
[ 1419.016087] loop3: p252 start 1 is beyond EOD, truncated
[ 1419.021561] loop3: p253 start 1 is beyond EOD, truncated
[ 1419.027060] loop3: p254 start 1 is beyond EOD, truncated
[ 1419.032523] loop3: p255 start 1 is beyond EOD, truncated
21:38:30 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0xfffffffffffffe94, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

21:38:30 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x500]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:30 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x400000, 0x0)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000100)={0x57, 0xc5eb, 0x0, {0x80000000, 0x800}, {0x9, 0x5}, @const={0x8, {0xd39, 0x8, 0x3ff, 0x1f}}})
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0, 0x2001e, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x2, 0x0)
ioctl$UI_SET_PHYS(r2, 0x4008556c, &(0x7f0000000040)='syz0\x00')

21:38:30 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140))
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:30 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x7, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:30 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x8, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1)

[ 1419.242840] binder: 24932:24935 ioctl c0306201 20000000 returned -14
21:38:30 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x820a6a296000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1419.306342] binder: release 24932:24935 transaction 6452 out, still active
[ 1419.318349] binder: unexpected work type, 4, not freed
[ 1419.329937] binder_alloc: 24932: binder_alloc_buf, no vma
[ 1419.354879] binder: undelivered TRANSACTION_COMPLETE
[ 1419.362258] binder: 24932:24935 transaction failed 29189/-3, size 0-0 line 2973
21:38:30 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140))
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:30 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0xfffffffffffffe94, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

[ 1419.452510] binder: undelivered TRANSACTION_ERROR: 29189
[ 1419.458346] binder: send failed reply for transaction 6452, target dead
21:38:30 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x40)
getsockopt$inet6_tcp_buf(r1, 0x6, 0xe, &(0x7f00000001c0)=""/4096, &(0x7f0000000040)=0x1000)
ftruncate(r0, 0x4)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r2, 0x0)

21:38:30 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xb000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1419.545543] binder: 24950:24951 ioctl c0306201 20000000 returned -14
[ 1419.627443] binder: release 24950:24951 transaction 6457 out, still active
[ 1419.638639] binder: unexpected work type, 4, not freed
[ 1419.654880] binder_alloc: 24950: binder_alloc_buf, no vma
[ 1419.666626] binder: undelivered TRANSACTION_COMPLETE
21:38:30 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x9effffff]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1419.686550] binder: 24950:24951 transaction failed 29189/-3, size 0-0 line 2973
21:38:30 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

21:38:30 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

[ 1419.802581] binder: undelivered TRANSACTION_ERROR: 29189
[ 1419.808604] binder: send failed reply for transaction 6457, target dead
21:38:30 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xb00]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1420.003848] binder_alloc_mmap_handler: 6 callbacks suppressed
[ 1420.003867] binder_alloc: binder_alloc_mmap_handler: 24969 20ffd000-21000000 already mapped failed -16
[ 1420.119853] binder_alloc: binder_alloc_mmap_handler: 24969 20001000-20004000 already mapped failed -16
[ 1420.131010] binder_alloc: binder_alloc_mmap_handler: 24969 20ffd000-21000000 already mapped failed -16
21:38:31 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:31 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c12")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:31 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x8, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:31 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x1300]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:31 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x9, 0x80001)
ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000040))

21:38:31 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x200000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

[ 1420.397530] binder_alloc: binder_alloc_mmap_handler: 24986 20ffd000-21000000 already mapped failed -16
[ 1420.429218] binder_alloc: binder_alloc_mmap_handler: 24986 20001000-20004000 already mapped failed -16
[ 1420.439193] binder_alloc: binder_alloc_mmap_handler: 24986 20ffd000-21000000 already mapped failed -16
21:38:31 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xffffff9e]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:31 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x4, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:31 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x3, 0x2)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="61c8974d4c2a46c36bcc80d8aece196becfe073edda5531b9c83e51e940b2e85186a21fa5336f6efd549e9ef49a8e03517acdd5f25ccaf8548e0058359c0beb0d2920b8f27389c75e64531ad29a0ab81235464e3e501172fef2cc720fa5ad4dde8f6100d18803fdc3e7e5025b205f0c1975609cbbf1bfff72203438f7d94790617f457d69c1ad547927be649cdc6f3122c89e6a448b8a7bf2ddbd6783a832cc2b236460f6990df628aa7c1721d12cce6ca877d4440af7dcfadc2cbee82b0062b6a466163e7da234182eb1f37", 0xcc)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xb199, 0x0)
ioctl$DRM_IOCTL_AUTH_MAGIC(r2, 0x40046411, &(0x7f0000000040)=0xffff)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000002c0)={{0x4, 0x1}, 'port1\x00', 0x20, 0x20000, 0x2, 0x9, 0x81, 0x6, 0xffffffffffffffff, 0x0, 0x3, 0x8})
recvmsg$kcm(r2, &(0x7f0000000680)={&(0x7f0000000380)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/179, 0xb3}, {&(0x7f00000004c0)=""/118, 0x76}, {&(0x7f0000000540)=""/227, 0xe3}], 0x3, &(0x7f0000000640)=""/43, 0x2b}, 0x2)

21:38:31 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c12")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:31 executing program 3 (fault-call:2 fault-nth:0):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:31 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x300000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1420.970868] FAULT_INJECTION: forcing a failure.
[ 1420.970868] name failslab, interval 1, probability 0, space 0, times 0
[ 1421.044866] CPU: 1 PID: 25023 Comm: syz-executor3 Not tainted 4.20.0-rc7+ #157
[ 1421.052287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1421.061658] Call Trace:
[ 1421.064268]  dump_stack+0x244/0x39d
[ 1421.067922]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1421.073172]  should_fail.cold.4+0xa/0x17
[ 1421.077257]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1421.082389]  ? lock_downgrade+0x900/0x900
[ 1421.086560]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1421.092114]  ? proc_fail_nth_write+0x9e/0x210
[ 1421.096623]  ? proc_cwd_link+0x1d0/0x1d0
[ 1421.100712]  ? find_held_lock+0x36/0x1c0
[ 1421.104896]  ? f2fs_ioctl+0x9338/0x9830
[ 1421.108907]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1421.114378]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1421.119938]  __should_failslab+0x124/0x180
[ 1421.124188]  should_failslab+0x9/0x14
[ 1421.127999]  __kmalloc+0x2e0/0x760
[ 1421.131552]  ? strncpy_from_user+0x5a0/0x5a0
[ 1421.135975]  ? fput+0x130/0x1a0
[ 1421.139269]  ? do_syscall_64+0x9a/0x820
[ 1421.143256]  ? __x64_sys_memfd_create+0x142/0x4f0
[ 1421.148109]  ? do_syscall_64+0x9a/0x820
[ 1421.152100]  __x64_sys_memfd_create+0x142/0x4f0
[ 1421.156779]  ? memfd_fcntl+0x1910/0x1910
[ 1421.160868]  do_syscall_64+0x1b9/0x820
[ 1421.164765]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1421.170146]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1421.175088]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1421.179946]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1421.184976]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1421.190004]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1421.195038]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1421.199904]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1421.205101] RIP: 0033:0x457669
[ 1421.208307] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1421.227248] RSP: 002b:00007f4ea061ea18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[ 1421.234980] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457669
21:38:32 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x14000, 0x2, &(0x7f0000000000/0x14000)=nil)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x20011, r1, 0x0)
getgid()
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xfffffffffffffffc, 0x102014, r0, 0x0)

21:38:32 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:32 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xffff0000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:32 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c12")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1421.242255] RDX: 0000000020000018 RSI: 0000000000000000 RDI: 00000000004bc5a2
[ 1421.249530] RBP: 0000000000000001 R08: 0000000008100000 R09: 0000000000000000
[ 1421.256809] R10: 0000000020000018 R11: 0000000000000246 R12: 0000000000000340
[ 1421.264089] R13: 00000000004bc5a2 R14: 00000000004da0e0 R15: 0000000000000005
[ 1421.335638] binder_alloc: binder_alloc_mmap_handler: 25027 20000000-20004000 already mapped failed -16
21:38:32 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x9000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:32 executing program 3 (fault-call:2 fault-nth:1):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:32 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x9, 0x1c9080)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f00000000c0)=""/120, &(0x7f0000000040)=0x78)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f00000001c0)=0x9, 0x4)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000200))

[ 1421.551377] FAULT_INJECTION: forcing a failure.
[ 1421.551377] name failslab, interval 1, probability 0, space 0, times 0
[ 1421.573559] CPU: 0 PID: 25042 Comm: syz-executor3 Not tainted 4.20.0-rc7+ #157
[ 1421.580949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1421.590311] Call Trace:
[ 1421.592930]  dump_stack+0x244/0x39d
[ 1421.596615]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1421.601864]  should_fail.cold.4+0xa/0x17
[ 1421.605960]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1421.611097]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1421.616700]  ? check_preemption_disabled+0x48/0x280
[ 1421.621746]  ? zap_class+0x640/0x640
[ 1421.621765]  ? debug_smp_processor_id+0x1c/0x20
[ 1421.621784]  ? perf_trace_lock_acquire+0x15b/0x800
[ 1421.635111]  ? lock_downgrade+0x900/0x900
[ 1421.639279]  ? check_preemption_disabled+0x48/0x280
[ 1421.644341]  ? find_held_lock+0x36/0x1c0
[ 1421.648523]  ? ata_eh_report+0x1fb8/0x2260
[ 1421.652799]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1421.658316]  ? find_held_lock+0x36/0x1c0
[ 1421.662417]  __should_failslab+0x124/0x180
[ 1421.666707]  should_failslab+0x9/0x14
[ 1421.670520]  kmem_cache_alloc+0x2be/0x730
[ 1421.674700]  ? shmem_destroy_callback+0xc0/0xc0
[ 1421.679391]  shmem_alloc_inode+0x1b/0x40
[ 1421.683474]  alloc_inode+0x63/0x190
[ 1421.687122]  new_inode_pseudo+0x71/0x1a0
[ 1421.691235]  ? prune_icache_sb+0x1c0/0x1c0
[ 1421.695513]  ? _raw_spin_unlock+0x2c/0x50
[ 1421.699691]  new_inode+0x1c/0x40
[ 1421.703072]  shmem_get_inode+0xf1/0x920
[ 1421.707081]  ? shmem_encode_fh+0x340/0x340
[ 1421.711357]  ? lock_downgrade+0x900/0x900
[ 1421.715562]  ? lock_release+0xa00/0xa00
[ 1421.719567]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1421.725041]  ? usercopy_warn+0x110/0x110
[ 1421.729135]  __shmem_file_setup.part.50+0x83/0x2a0
[ 1421.734113]  shmem_file_setup+0x65/0x90
[ 1421.738108]  __x64_sys_memfd_create+0x2af/0x4f0
[ 1421.742796]  ? memfd_fcntl+0x1910/0x1910
[ 1421.746893]  do_syscall_64+0x1b9/0x820
[ 1421.750798]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1421.756178]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1421.761126]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1421.763730] binder_alloc: binder_alloc_mmap_handler: 25044 20ffd000-21000000 already mapped failed -16
[ 1421.765984]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1421.766005]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1421.766027]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1421.790517]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1421.795379]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1421.800600] RIP: 0033:0x457669
[ 1421.803804] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1421.822715] RSP: 002b:00007f4ea061ea18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[ 1421.830438] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457669
[ 1421.837712] RDX: 0000000020000018 RSI: 0000000000000000 RDI: 00000000004bc5a2
[ 1421.837723] RBP: 0000000000000001 R08: 0000000008100000 R09: 0000000000000000
[ 1421.837733] R10: 0000000020000018 R11: 0000000000000246 R12: 0000000000000340
[ 1421.837744] R13: 00000000004bc5a2 R14: 00000000004da0e0 R15: 0000000000000005
[ 1421.848027] binder_alloc: binder_alloc_mmap_handler: 25044 20001000-20004000 already mapped failed -16
[ 1421.918882] binder_alloc: binder_alloc_mmap_handler: 25044 20ffd000-21000000 already mapped failed -16
21:38:33 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000000c0))
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x34b, 0x20002804, &(0x7f0000000000)={0x2, 0x4000004e23, @broadcast}, 0x10)

21:38:33 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xebffffff00000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:33 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c12628571")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:33 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x1200]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:33 executing program 3 (fault-call:2 fault-nth:2):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:33 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="848ee4449d0dc18bb73e143a27886a5a8da8751d421b0daea1ea5d9fead21f1cce5a382246305469dd019c376417bfcf08d63c1e17001d89e3cf4f883f33e8d86900f0917dae9d21", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f00000000c0)=0x20)

[ 1422.136308] FAULT_INJECTION: forcing a failure.
[ 1422.136308] name failslab, interval 1, probability 0, space 0, times 0
[ 1422.173663] CPU: 1 PID: 25060 Comm: syz-executor3 Not tainted 4.20.0-rc7+ #157
21:38:33 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x4002, 0x0)
io_setup(0x5b3, &(0x7f0000000040)=<r1=>0x0)
munmap(&(0x7f0000364000/0x2000)=nil, 0x2000)
r2 = getpid()
perf_event_open(&(0x7f0000000080)={0x7, 0x70, 0x1, 0x1, 0x0, 0xc90c, 0x0, 0x7, 0x80, 0x2, 0x5, 0x8001, 0x7, 0x10, 0x4, 0x0, 0x5, 0xfffffffffffffff8, 0x2, 0xe8, 0x2, 0xac01, 0x7, 0x8, 0xf1, 0x100, 0x3, 0x7, 0x1, 0x9, 0x2, 0x7fffffff, 0x401, 0x3, 0x1, 0x4, 0x659, 0x5, 0x0, 0x5, 0x6, @perf_config_ext={0x81, 0x1}, 0xa000, 0x9, 0x2671, 0x3, 0x7, 0xa8, 0x8}, r2, 0x4, r0, 0x8)
io_submit(r1, 0x111, &(0x7f0000001540)=[&(0x7f0000000140)={0x0, 0x0, 0xf0000000000000, 0x1, 0x0, r0, &(0x7f0000000000), 0xfffffce4}])

21:38:33 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x2000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1422.181053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1422.190429] Call Trace:
[ 1422.193043]  dump_stack+0x244/0x39d
[ 1422.196698]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1422.201911]  ? find_held_lock+0x36/0x1c0
[ 1422.206004]  should_fail.cold.4+0xa/0x17
[ 1422.210088]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1422.215213]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1422.220161]  ? kasan_check_read+0x11/0x20
[ 1422.224324]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1422.229623]  ? rcu_softirq_qs+0x20/0x20
[ 1422.233619]  ? rcu_softirq_qs+0x20/0x20
[ 1422.237613]  ? unwind_dump+0x190/0x190
[ 1422.241532]  ? is_bpf_text_address+0xd3/0x170
[ 1422.246050]  ? kernel_text_address+0x79/0xf0
[ 1422.250498]  ? __kernel_text_address+0xd/0x40
[ 1422.255008]  ? unwind_get_return_address+0x61/0xa0
[ 1422.259958]  ? __save_stack_trace+0x8d/0xf0
[ 1422.264309]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1422.269785]  ? save_stack+0x43/0xd0
[ 1422.273432]  ? kasan_kmalloc+0xc7/0xe0
[ 1422.277334]  ? kasan_slab_alloc+0x12/0x20
[ 1422.281498]  ? kmem_cache_alloc+0x12e/0x730
[ 1422.285836]  ? shmem_alloc_inode+0x1b/0x40
[ 1422.290093]  __should_failslab+0x124/0x180
[ 1422.294343]  should_failslab+0x9/0x14
[ 1422.298173]  kmem_cache_alloc+0x2be/0x730
[ 1422.302333]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1422.307367]  ? map_id_range_down+0x1ee/0x430
[ 1422.311799]  new_inode_smack+0x20/0xb0
[ 1422.315700]  smack_inode_alloc_security+0x92/0x100
[ 1422.320657]  security_inode_alloc+0x73/0xd0
[ 1422.325043]  inode_init_always+0x68f/0xd80
[ 1422.329326]  ? get_nr_inodes+0x120/0x120
[ 1422.333424]  ? rcu_pm_notify+0xc0/0xc0
[ 1422.337350]  ? rcu_read_lock_sched_held+0x14f/0x180
[ 1422.342378]  ? kmem_cache_alloc+0x33a/0x730
[ 1422.346740]  ? shmem_alloc_inode+0x1b/0x40
[ 1422.350987]  ? shmem_destroy_callback+0xc0/0xc0
[ 1422.355704]  alloc_inode+0x80/0x190
[ 1422.359387]  new_inode_pseudo+0x71/0x1a0
[ 1422.363479]  ? prune_icache_sb+0x1c0/0x1c0
[ 1422.367743]  ? _raw_spin_unlock+0x2c/0x50
[ 1422.372036]  new_inode+0x1c/0x40
[ 1422.375420]  shmem_get_inode+0xf1/0x920
[ 1422.379432]  ? shmem_encode_fh+0x340/0x340
[ 1422.383687]  ? lock_downgrade+0x900/0x900
[ 1422.387856]  ? lock_release+0xa00/0xa00
[ 1422.391841]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1422.397323]  ? usercopy_warn+0x110/0x110
[ 1422.401418]  __shmem_file_setup.part.50+0x83/0x2a0
[ 1422.406372]  shmem_file_setup+0x65/0x90
[ 1422.410367]  __x64_sys_memfd_create+0x2af/0x4f0
[ 1422.415049]  ? memfd_fcntl+0x1910/0x1910
[ 1422.419143]  do_syscall_64+0x1b9/0x820
[ 1422.423044]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1422.428432]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1422.433376]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1422.438240]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1422.443278]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1422.448359]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1422.453400]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1422.455559] IPVS: ftp: loaded support on port[0] = 21
[ 1422.458271]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1422.458286] RIP: 0033:0x457669
21:38:33 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c12628571")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1422.458305] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1422.468674] RSP: 002b:00007f4ea061ea18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[ 1422.490766] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457669
[ 1422.490777] RDX: 0000000020000018 RSI: 0000000000000000 RDI: 00000000004bc5a2
[ 1422.490786] RBP: 0000000000000001 R08: 0000000008100000 R09: 0000000000000000
[ 1422.490796] R10: 0000000020000018 R11: 0000000000000246 R12: 0000000000000340
[ 1422.490806] R13: 00000000004bc5a2 R14: 00000000004da0e0 R15: 0000000000000005
21:38:33 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xf]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:33 executing program 2:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x900, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f00000000c0)=ANY=[@ANYBLOB="0800000000000000000000000ddd93a722555000000000004b653406568b6f11a54dd4ed00000000000000000000000000000066"])
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)

21:38:33 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c12628571")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1422.772490] Unknown ioctl -1073208310
21:38:33 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x1200000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1422.795797] device bridge_slave_1 left promiscuous mode
[ 1422.801377] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1422.819278] Unknown ioctl -1073208310
[ 1422.877255] device bridge_slave_0 left promiscuous mode
[ 1422.883459] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1423.093750] team0 (unregistering): Port device team_slave_1 removed
[ 1423.114090] team0 (unregistering): Port device team_slave_0 removed
[ 1423.139417] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1423.208585] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1423.288506] bond0 (unregistering): Released all slaves
[ 1423.988527] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1423.995184] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1424.002662] device bridge_slave_0 entered promiscuous mode
[ 1424.050437] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1424.056954] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1424.064369] device bridge_slave_1 entered promiscuous mode
[ 1424.112251] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 1424.160895] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 1424.302934] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1424.353210] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1424.399755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 1424.407037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1424.455825] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 1424.462692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1424.585627] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 1424.592794] team0: Port device team_slave_0 added
[ 1424.632495] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 1424.640522] team0: Port device team_slave_1 added
[ 1424.681471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1424.712822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1424.762676] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 1424.770064] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1424.787345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1424.819990] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 1424.827069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1424.835958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1425.141934] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1425.148327] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1425.155064] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1425.161440] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1425.168690] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 1425.404801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1425.565966] device bridge_slave_1 left promiscuous mode
[ 1425.571576] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1425.635397] device bridge_slave_0 left promiscuous mode
[ 1425.640867] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1425.713137] team0 (unregistering): Port device team_slave_1 removed
[ 1425.723189] team0 (unregistering): Port device team_slave_0 removed
[ 1425.736871] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1425.785599] bond0 (unregistering): Released all slaves
[ 1426.835573] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1426.999920] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 1427.144087] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 1427.150816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1427.159198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1427.285681] 8021q: adding VLAN 0 to HW filter on device team0
21:38:41 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x3f00000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:41 executing program 3 (fault-call:2 fault-nth:3):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:41 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x5000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:41 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c1262857180")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:41 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x5, 0x80040)
execveat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000000380)=[&(0x7f00000000c0)='/dev/binder#\x00', &(0x7f0000000100)='ppp0#\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='/dev/binder#\x00', &(0x7f0000000240)='/dev/binder#\x00', &(0x7f0000000280)='/dev/binder#\x00', &(0x7f00000002c0)='-#mime_typecpusetbdev\x00', &(0x7f0000000300)='/dev/binder#\x00', &(0x7f0000000340)='/dev/binder#\x00'], &(0x7f0000000440)=[&(0x7f0000000400)='\xd7\x00'], 0xc00)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)

21:38:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:38:42 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x3f00]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1430.973585] binder_alloc_mmap_handler: 5 callbacks suppressed
[ 1430.973602] binder_alloc: binder_alloc_mmap_handler: 25365 20ffd000-21000000 already mapped failed -16
[ 1430.992927] FAULT_INJECTION: forcing a failure.
[ 1430.992927] name failslab, interval 1, probability 0, space 0, times 0
[ 1431.044059] binder_alloc: binder_alloc_mmap_handler: 25365 20001000-20004000 already mapped failed -16
[ 1431.060768] CPU: 1 PID: 25369 Comm: syz-executor3 Not tainted 4.20.0-rc7+ #157
[ 1431.068154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1431.077522] Call Trace:
[ 1431.080134]  dump_stack+0x244/0x39d
[ 1431.083798]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1431.089022]  ? debug_smp_processor_id+0x1c/0x20
[ 1431.093725]  ? perf_trace_lock+0x14d/0x7a0
[ 1431.098175]  should_fail.cold.4+0xa/0x17
[ 1431.102264]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1431.107382]  ? check_preemption_disabled+0x48/0x280
[ 1431.112450]  ? perf_trace_lock+0x14d/0x7a0
[ 1431.116710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1431.122262]  ? check_preemption_disabled+0x48/0x280
[ 1431.127291]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1431.132843]  ? lock_is_held_type+0x210/0x210
[ 1431.137265]  ? debug_smp_processor_id+0x1c/0x20
[ 1431.141975]  ? perf_trace_lock+0x14d/0x7a0
[ 1431.146247]  ? find_held_lock+0x36/0x1c0
[ 1431.150360]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1431.155839]  __should_failslab+0x124/0x180
[ 1431.160090]  should_failslab+0x9/0x14
[ 1431.163912]  kmem_cache_alloc+0x2be/0x730
[ 1431.168075]  ? mpol_shared_policy_init+0x235/0x650
[ 1431.173026]  ? current_time+0x72/0x1b0
[ 1431.176936]  __d_alloc+0xc8/0xb90
[ 1431.180418]  ? shrink_dcache_for_umount+0x2b0/0x2b0
[ 1431.185449]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1431.186952] binder_alloc: binder_alloc_mmap_handler: 25365 20ffd000-21000000 already mapped failed -16
[ 1431.190495]  ? ktime_get_coarse_real_ts64+0x22e/0x370
[ 1431.190514]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1431.190533]  ? timespec64_trunc+0xea/0x180
[ 1431.190551]  ? inode_init_owner+0x340/0x340
[ 1431.190575]  ? _raw_spin_unlock+0x2c/0x50
[ 1431.223466]  ? current_time+0x131/0x1b0
[ 1431.223485]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1431.223502]  ? __lockdep_init_map+0x105/0x590
[ 1431.223524]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1431.223539]  ? lockdep_annotate_inode_mutex_key+0x5b/0x70
[ 1431.223561]  d_alloc_pseudo+0x1d/0x30
[ 1431.223581]  alloc_file_pseudo+0x158/0x3f0
[ 1431.223602]  ? alloc_file+0x4d0/0x4d0
[ 1431.223625]  ? usercopy_warn+0x110/0x110
[ 1431.233153]  __shmem_file_setup.part.50+0x110/0x2a0
[ 1431.233179]  shmem_file_setup+0x65/0x90
[ 1431.233198]  __x64_sys_memfd_create+0x2af/0x4f0
[ 1431.233216]  ? memfd_fcntl+0x1910/0x1910
[ 1431.233248]  do_syscall_64+0x1b9/0x820
[ 1431.233267]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1431.291609]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1431.296543]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1431.301397]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1431.306430]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1431.311455]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1431.316511]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1431.321384]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1431.326578] RIP: 0033:0x457669
21:38:42 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c1262857180")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:42 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x3]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1431.329776] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1431.348694] RSP: 002b:00007f4ea061ea18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[ 1431.356440] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457669
[ 1431.363706] RDX: 0000000020000018 RSI: 0000000000000000 RDI: 00000000004bc5a2
[ 1431.370990] RBP: 0000000000000001 R08: 0000000008100000 R09: 0000000000000000
[ 1431.378257] R10: 0000000020000018 R11: 0000000000000246 R12: 0000000000000340
[ 1431.385523] R13: 00000000004bc5a2 R14: 00000000004da0e0 R15: 0000000000000005
21:38:42 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x3f00000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1431.509092] IPVS: ftp: loaded support on port[0] = 21
21:38:42 executing program 3 (fault-call:2 fault-nth:4):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:42 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c1262857180")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x100000001)

[ 1431.697681] FAULT_INJECTION: forcing a failure.
[ 1431.697681] name failslab, interval 1, probability 0, space 0, times 0
[ 1431.727191] CPU: 1 PID: 25391 Comm: syz-executor3 Not tainted 4.20.0-rc7+ #157
[ 1431.734607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1431.743993] Call Trace:
[ 1431.746596]  dump_stack+0x244/0x39d
[ 1431.750258]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1431.755468]  ? __save_stack_trace+0x8d/0xf0
[ 1431.759820]  should_fail.cold.4+0xa/0x17
[ 1431.763908]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1431.769026]  ? smack_d_instantiate+0x136/0xea0
[ 1431.773627]  ? save_stack+0x43/0xd0
[ 1431.777276]  ? kasan_kmalloc+0xc7/0xe0
[ 1431.781188]  ? find_held_lock+0x36/0x1c0
[ 1431.786013]  ? zap_class+0x640/0x640
[ 1431.789747]  ? find_held_lock+0x36/0x1c0
[ 1431.793844]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1431.799311]  ? lock_downgrade+0x900/0x900
[ 1431.803510]  __should_failslab+0x124/0x180
[ 1431.807760]  should_failslab+0x9/0x14
[ 1431.811575]  kmem_cache_alloc+0x2be/0x730
[ 1431.815750]  ? d_set_d_op+0x31d/0x410
[ 1431.819576]  __alloc_file+0xa8/0x470
[ 1431.823301]  ? file_free_rcu+0xd0/0xd0
[ 1431.827200]  ? d_instantiate+0x79/0xa0
[ 1431.831119]  ? lock_downgrade+0x900/0x900
[ 1431.835284]  ? kasan_check_read+0x11/0x20
[ 1431.839441]  ? do_raw_spin_unlock+0xa7/0x330
[ 1431.843856]  ? do_raw_spin_trylock+0x270/0x270
[ 1431.848457]  alloc_empty_file+0x72/0x170
[ 1431.852556]  alloc_file+0x5e/0x4d0
[ 1431.856122]  ? _raw_spin_unlock+0x2c/0x50
[ 1431.860289]  alloc_file_pseudo+0x261/0x3f0
[ 1431.864562]  ? alloc_file+0x4d0/0x4d0
[ 1431.868383]  ? usercopy_warn+0x110/0x110
[ 1431.872485]  __shmem_file_setup.part.50+0x110/0x2a0
[ 1431.877518]  shmem_file_setup+0x65/0x90
[ 1431.881506]  __x64_sys_memfd_create+0x2af/0x4f0
[ 1431.886185]  ? memfd_fcntl+0x1910/0x1910
[ 1431.890270]  do_syscall_64+0x1b9/0x820
[ 1431.894173]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1431.899553]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1431.904496]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1431.909350]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1431.914390]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1431.919445]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1431.924478]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1431.929339]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1431.934539] RIP: 0033:0x457669
[ 1431.937746] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1431.956675] RSP: 002b:00007f4ea061ea18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[ 1431.964394] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457669
[ 1431.971686] RDX: 0000000020000018 RSI: 0000000000000000 RDI: 00000000004bc5a2
[ 1431.978963] RBP: 0000000000000001 R08: 0000000008100000 R09: 0000000000000000
[ 1431.986243] R10: 0000000020000018 R11: 0000000000000246 R12: 0000000000000340
[ 1431.993520] R13: 00000000004bc5a2 R14: 00000000004da0e0 R15: 0000000000000005
[ 1432.311447] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1432.318136] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1432.325549] device bridge_slave_0 entered promiscuous mode
[ 1432.353880] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1432.360370] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1432.367612] device bridge_slave_1 entered promiscuous mode
[ 1432.395469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 1432.423820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 1432.504967] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1432.535747] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1432.663381] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 1432.671160] team0: Port device team_slave_0 added
[ 1432.699373] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 1432.706556] team0: Port device team_slave_1 added
[ 1432.733563] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1432.762753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1432.793296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1432.825256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1433.099766] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1433.106157] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1433.112771] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1433.119169] bridge0: port 1(bridge_slave_0) entered forwarding state
21:38:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xe, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:45 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$dspn(&(0x7f00000003c0)='/dev/dsp#\x00', 0x2, 0x100)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0)
write$vnet(r1, &(0x7f00000000c0)={0x1, {&(0x7f00000001c0)=""/207, 0xcf, &(0x7f00000002c0)=""/169, 0x3}}, 0x68)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
accept$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000380)=0x14)

21:38:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x13000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:45 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r2 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(0xffffffffffffffff, r1, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:45 executing program 3 (fault-call:2 fault-nth:5):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1434.122442] FAULT_INJECTION: forcing a failure.
[ 1434.122442] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1434.178455] CPU: 0 PID: 25577 Comm: syz-executor3 Not tainted 4.20.0-rc7+ #157
[ 1434.185853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1434.195211] Call Trace:
[ 1434.195254]  dump_stack+0x244/0x39d
[ 1434.195282]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1434.195310]  ? __lock_acquire+0x62f/0x4c20
[ 1434.201529]  should_fail.cold.4+0xa/0x17
[ 1434.201546]  ? print_usage_bug+0xc0/0xc0
[ 1434.201568]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1434.201587]  ? zap_class+0x640/0x640
[ 1434.209001] binder_alloc: binder_alloc_mmap_handler: 25573 20ffd000-21000000 already mapped failed -16
[ 1434.211007]  ? zap_class+0x640/0x640
[ 1434.211024]  ? __lock_is_held+0xb5/0x140
[ 1434.211072]  ? __lock_is_held+0xb5/0x140
[ 1434.224283]  ? check_preemption_disabled+0x48/0x280
[ 1434.224305]  ? lock_release+0xa00/0xa00
[ 1434.224327]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1434.240794] binder_alloc: binder_alloc_mmap_handler: 25573 20001000-20004000 already mapped failed -16
[ 1434.241183]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1434.241201]  ? rcu_softirq_qs+0x20/0x20
[ 1434.241225]  ? __might_sleep+0x95/0x190
[ 1434.241247]  __alloc_pages_nodemask+0x366/0xea0
[ 1434.249361]  ? __alloc_pages_slowpath+0x2de0/0x2de0
[ 1434.249378]  ? filemap_map_pages+0x1a20/0x1a20
[ 1434.249406]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1434.306228]  ? check_preemption_disabled+0x48/0x280
[ 1434.311261]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1434.316823]  ? percpu_counter_add_batch+0x141/0x190
[ 1434.321856]  ? mpol_shared_policy_lookup+0xf7/0x150
[ 1434.326889]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1434.332439]  alloc_pages_vma+0x13d/0x690
[ 1434.336522]  shmem_alloc_page+0xa8/0x190
[ 1434.340591]  ? shmem_swapin+0x230/0x230
[ 1434.344689]  shmem_alloc_and_acct_page+0x248/0xdb0
[ 1434.349633]  ? shmem_getattr+0x2c0/0x2c0
[ 1434.353712]  ? print_usage_bug+0xc0/0xc0
[ 1434.357792]  ? mark_held_locks+0x130/0x130
[ 1434.362031]  ? lock_release+0xa00/0xa00
[ 1434.366010]  ? rcu_softirq_qs+0x20/0x20
[ 1434.369985]  ? rcu_softirq_qs+0x20/0x20
[ 1434.374194]  ? unwind_dump+0x190/0x190
[ 1434.378095]  ? __lock_acquire+0x62f/0x4c20
[ 1434.382350]  ? lock_unpin_lock+0x4a0/0x4a0
[ 1434.386590]  ? __lock_acquire+0x62f/0x4c20
[ 1434.390833]  ? __mutex_lock+0x85e/0x16f0
[ 1434.394901]  ? print_usage_bug+0xc0/0xc0
[ 1434.398978]  shmem_getpage_gfp+0x71d/0x4840
[ 1434.403324]  ? find_held_lock+0x36/0x1c0
[ 1434.407394]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 1434.412501]  ? print_usage_bug+0xc0/0xc0
[ 1434.416577]  ? mark_held_locks+0xc7/0x130
[ 1434.420731]  ? print_usage_bug+0xc0/0xc0
[ 1434.424794]  ? print_usage_bug+0xc0/0xc0
[ 1434.428865]  ? print_usage_bug+0xc0/0xc0
[ 1434.432932]  ? mark_held_locks+0x130/0x130
[ 1434.437175]  ? print_usage_bug+0xc0/0xc0
[ 1434.441324]  ? ima_match_policy+0x848/0x1560
[ 1434.445784]  ? __lock_acquire+0x62f/0x4c20
[ 1434.450043]  ? __lock_acquire+0x62f/0x4c20
[ 1434.454291]  ? print_usage_bug+0xc0/0xc0
[ 1434.458363]  ? mark_held_locks+0x130/0x130
[ 1434.462617]  ? print_usage_bug+0xc0/0xc0
[ 1434.466728]  ? print_usage_bug+0xc0/0xc0
[ 1434.470816]  ? mark_held_locks+0x130/0x130
[ 1434.475072]  ? lock_unpin_lock+0x4a0/0x4a0
[ 1434.479319]  ? __lock_acquire+0x62f/0x4c20
[ 1434.483558]  ? mark_held_locks+0x130/0x130
[ 1434.487794]  ? print_usage_bug+0xc0/0xc0
[ 1434.491867]  ? __lock_acquire+0x62f/0x4c20
[ 1434.496121]  ? mark_held_locks+0x130/0x130
[ 1434.500391]  ? mark_held_locks+0x130/0x130
[ 1434.504638]  ? print_usage_bug+0xc0/0xc0
[ 1434.508729]  ? print_usage_bug+0xc0/0xc0
[ 1434.512810]  ? __lock_acquire+0x62f/0x4c20
[ 1434.517053]  ? print_usage_bug+0xc0/0xc0
[ 1434.521133]  ? find_held_lock+0x36/0x1c0
[ 1434.525224]  ? __lock_acquire+0x62f/0x4c20
[ 1434.529469]  ? __lock_acquire+0x62f/0x4c20
[ 1434.533711]  ? zap_class+0x640/0x640
[ 1434.537433]  ? __lock_acquire+0x62f/0x4c20
[ 1434.541682]  ? zap_class+0x640/0x640
[ 1434.545408]  ? print_usage_bug+0xc0/0xc0
[ 1434.549475]  ? find_held_lock+0x36/0x1c0
[ 1434.553550]  ? find_held_lock+0x36/0x1c0
[ 1434.557671]  ? mark_held_locks+0xc7/0x130
[ 1434.561829]  ? ktime_get_coarse_real_ts64+0x273/0x370
[ 1434.567023]  ? ktime_get_coarse_real_ts64+0x273/0x370
[ 1434.572220]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1434.576814]  ? trace_hardirqs_on+0xbd/0x310
[ 1434.581141]  ? current_time+0x72/0x1b0
[ 1434.585033]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1434.590146]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1434.595710]  ? iov_iter_fault_in_readable+0x22a/0x450
[ 1434.600908]  ? _copy_from_iter_flushcache+0xfc0/0xfc0
[ 1434.606109]  ? __sanitizer_cov_trace_cmp2+0x20/0x20
[ 1434.611148]  ? ktime_get_coarse_real_ts64+0x22e/0x370
[ 1434.616380]  shmem_write_begin+0x10a/0x1e0
[ 1434.620626]  generic_perform_write+0x3aa/0x6a0
[ 1434.625244]  ? add_page_wait_queue+0x400/0x400
[ 1434.629830]  ? file_update_time+0xe4/0x640
[ 1434.634075]  ? current_time+0x1b0/0x1b0
[ 1434.638065]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1434.643083]  ? generic_write_check_limits+0x28d/0x370
[ 1434.648285]  __generic_file_write_iter+0x26e/0x630
[ 1434.653233]  generic_file_write_iter+0x34d/0x6b0
[ 1434.658002]  ? __generic_file_write_iter+0x630/0x630
[ 1434.663110]  ? do_truncate+0x1ee/0x2d0
[ 1434.667000]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1434.672536]  ? iov_iter_init+0xe5/0x210
[ 1434.676519]  __vfs_write+0x6b8/0x9f0
[ 1434.680242]  ? kernel_read+0x120/0x120
[ 1434.684158]  ? __lock_is_held+0xb5/0x140
[ 1434.688271]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1434.693826]  ? __sb_start_write+0x1b2/0x370
[ 1434.698157]  vfs_write+0x1fc/0x560
[ 1434.701756]  ksys_pwrite64+0x181/0x1b0
[ 1434.705650]  ? __ia32_sys_pread64+0xf0/0xf0
[ 1434.710001]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1434.715564]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1434.720946]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1434.726065]  ? do_sys_ftruncate+0x449/0x550
[ 1434.730397]  __x64_sys_pwrite64+0x97/0xf0
[ 1434.734554]  do_syscall_64+0x1b9/0x820
[ 1434.738461]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1434.743833]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1434.748764]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1434.753643]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1434.758748]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1434.763801]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1434.768833]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1434.773694]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1434.778888] RIP: 0033:0x411307
[ 1434.782099] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 51 17 00 00 c3 48 83 ec 08 e8 27 fa ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 6d fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 1434.801003] RSP: 002b:00007f4ea061ea10 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[ 1434.808712] RAX: ffffffffffffffda RBX: 0000000020000010 RCX: 0000000000411307
[ 1434.815984] RDX: 0000000000000060 RSI: 0000000020000040 RDI: 0000000000000006
[ 1434.823272] RBP: 0000000000000001 R08: 0000000008100000 R09: 0000000000000000
[ 1434.830547] R10: 00000000000001a0 R11: 0000000000000293 R12: 00007f4ea061f6d4
[ 1434.837820] R13: 0000000000000006 R14: 0000000000000006 R15: 0000000000000000
[ 1434.919407] Dev loop3: unable to read RDB block 1
[ 1434.924341]  loop3: unable to read partition table
[ 1434.953758] loop3: partition table beyond EOD, truncated
[ 1434.966474] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
[ 1435.027184] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1435.145795] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 1435.241572] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 1435.248523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1435.256454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1435.347400] 8021q: adding VLAN 0 to HW filter on device team0
21:38:47 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x3f00000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:47 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r2 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, 0xffffffffffffffff, &(0x7f0000000080)=0x85e20, 0x100000001)

21:38:47 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x460a0000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:47 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x12400, 0x0)
ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f00000001c0)="b35685785ac8c02e05939bbe5ed9a0156a248d0eaedacfd79b25823cfafd1af8ffc03e15b921e6d0cac555447c5db71cb8c5b81d694db663237515992759b10bf34d3a592ecb6d10a034e828f2df322d9448563dbf603f1e84e2a9b6fd1341ed3bcee1a0522fbf47e309e78fcf4286b26bea7e0328983ca253644dd2727afa4ecaea3f68acb6a96121181f090069c38d36a5c1bdc6a3a27fe72a6280276f43b66541c1a488b3c9b3122be84930718a09cca0c4d63a78bd77cb408fcd3075e5da186279a0ba425a2e6d398eb13177b619388531d25c576de9153bc8cf917586ffcdb859f6256ff9872de7a11f900bcac308e62b610b9ec3c9cab943b1c586249bc61909288a72ce9cd5623197f34c7ad5d2aa14882bcc9064433fba2429b8674998ab823542eabfd174d28999fcca06f0351ed73e324305b51f5205882c55c7b80d4a4266ba8b96afae375a042c1adee1db045f8238b4635afba3074e8d7209ff504d609e269647e6a89518cd7fd1600c25863415a6a9bb2f598956bc7c1215ad1c0fff32458888d24db258e0047ff041d06ccc0e5fb8983b910e2a81f02e99587f708f51844a441525ceaefed4c454bc7019bda5d1fc6fd5eb67bd486b118e699f4e846c76537071c1ea390e8813924521271e22fd7ef247365dd2baf2f9fd58ef777fdcc26332e9277c4a7e5d415d91ebae5d31152bd454807248c0b0cfde042481b72a3ae70ed5c75fb6a361c4d62dcff1e9c0d734dc8f3553d946d7393fa9d1509e0c6f31db1d672e8782e2a7a31e1d00ebad91bc561bbb56ed7722a4c53e7aacccd61629eea22a83fa77d203613de5e62bd9380ca4f45b249087a0fa4c9138607cb94bf8e369ee976265282e887323de5b0f79f66ee30c2ad213cb9aca60cd639ced378d7985f5aecdd31a332fce72d42d6980fbebac47634b7f3ab58be38f0bc6fadacdc8397079371c60225b2ea0d5ad4eb2c368c9f7cf85ab1216b18f8b51b90fd5914352ded2f78d8bf2c4fa541d52ac05b2f5c3d50ebcab8983625d30608fcad8a6e0145f5667d224b68734fdb134458064e31a1389fc72eda0f7c3d2ac52e5e4dedee78068bb78313ad9aba5e957f1a2f85fd915562de719469fef904992a40232634ac9c3050abe8d52772e0323fa63dd1bf15930fe19f768a671d777f6111d8a4384025c757d83ec68ce25a60dd875daf2b95b6d34bffef79e2757ef0fb64c07a97a568dbb83d41acf1f3c4de9a885db5d26a8a9bc8b1d9077201fa6149ef938c7e3b596c4ceded18aff7ea5a2cf313c4399d7fa37fa28e1ec3d19b53be8f417ab9ae3a167779a189766e7ee8efeaf3d27c4dc77c8c58f6922ac7b0174d4e5f9aa105f109d047d7222d716bf6660b891c09cdb358f73a0a19fe00a535097358e8442752eeec02b79c532cafc6fee8271e272238ad75700bd0f06a48d03b990c47a09e8c288d037425d68dc8f5224e154b3c94f3db12789c0a478f92955cd44136920c34e65b5faab8cc016ae6b9023f47999a79b7ef704bce542efaee0e55e96c7426da3ae5b5a55fa911f35a80b3cf2dfc4f64a1d264d61f18d4fdcd048bf83afba1912119683d5256e1941afe6ea2896dece30d492bd13c3a16fda5958da61f8c555302b9e32c1af95210a54a55a4f548239a30de673a31005ac4a7cb9f820de6e1cd2720afd8a1fd123448f73f4990c07be73290772e6aad0c764a7d9f792a7165b3edcf1f317dd468ad710edca54ddb73b3124689e48d3f03bb3ad9eed3216b64ba908aaa7d06f12b437bdd193213acba5c0ae2976b75d543e90f749bb4baa53ec5aa6387a5cecb0db52dcb57df88e72d86d6d9be6e9d2e8b9969f27b525a6929c46cb3c1a4dbaf9964bd65b803ad63f2e80faee395c08bc21a57944370409d9ef0f6ea3ae8bf0e3f324f3604a42b0dbcc69159cfc5218cd3e721a8dea1bd95f2db2c34e61260c9676a7cd73401f5dc41046f92adc22c4b6b8abe5b1194d7260a2d33b92200f8af2a593d5bd36f55351f553492207d932860c171b71309ed456dfae2191d3db7236acb923f193ebda3adb519270029cb177c032fbdb7a9d1462947af7fd224105e71db00d2db554b94fbf17cafa816a38fced9e7509269237934d0000023a29475195de82dedb31ccedb082a3318b930d89c8f01fb2e93ebc1e6d0d3848410d1d4542cc8fa687e30f86cab51f36a19d0867b15026c2af2809ed827672eb0e09c0e9a720f758b876c182c72cba6bddb92ec44de7e30ce9057d4c6e1d412668fe8fd2b89094fcb51a762c63c7666f61bd919571f7dd8425c44b999d543a4cdf59baf45d9096fce19de5299dded94c0f059f06c0cc751287aa3f201276fcf4d669e3db65243c08a692e71afc21cb3f4f06527aa085783454fd38c0f5a4afa378026b52bbb52358631062cba1fcd56ef2c569c1137d02e37542a5f34dece71545280bcab87019e503117ce293680db410e6e375c17709e78fae190e80eab6fcbb300059074144d0597a1470365be773a64b2ff49c12977affb99fe9bf238ca1bbab6531ce5763134bf5457a929714aa2fecdee4a9eaa686392ef96ac5a7a6134d7fe3933ec23ef1168cdf451ea6df1133e1f9fc9c55bee48acf2c0d2bd0d6623b4dcce3fc0ab8762d23d1230d1c47b7ddc552ce63b0da50475f6d63870affe1cb4d6d6de74dac5b7cb33624070bef2035b142738bfcb84c21882f8270681bf39acaff35529627f64c5dea6ea10d643651de260481de68730caf6bd7296bc479cb40ea469e94e6c37605d8042a0a40acf690cfa9c4d6420d733d708f7d644b3694ff5cdf69e0f14202d206b63a4717c4380adec4769e22323375711fb6cffb2dc49bd8880896343fdde2000f62c90dbdd6eeb70c7123b2756e2ed1f41f57ecbb4f1881dbaebf032a66d9f47a3a51938f3e6d232664c933ddb16058daf5899437ec35d3fb95b6185bdbf27eb8828fa1287e857cd032b4cb64834e1f2d451fa9193b7b328fda1e34991656bcdd8fcf0262f648d794d31bbca1b5e9413f30456489c5fa0a959af256613456e63818a740a17ed4b41fbd0e0f5b8386a1b99a79f6fd2af69aea94825571c3e30af7ae2ad3f8adc88f4c1d35a310fbc9aa588ce233cd34e1b1df9515da1e8d83dcce9e90da26375cd55b3d7b180b88c19e755964571f05b0852d395bd323ab58660e6d57b15a3c34061cacdef378ec41f3192c373bed2d1ce544e8b2a7c9c51b906e41810e4b341615780e81ca883c15a2f5b3116c85bf414073c2947b1686d0f972f0f4c6df80b8da9458b0a3786d0bcd41672167d9b74938db977eaf36ef2e43eb43033da51dcfaa95729e9da70af500fea3388c5d597ede8311778425df98be56882c934f656a70cfa172993353b53f7c001c70bd0e5b7aa5ec362f0896fb64d4d644f09475a3dfb47f417890902dc1abdfbfba8d206268f2e1fbff26e763cbbf60798b2ade24f2363f5367df40f0f136c7858c0f4679ab8b56d5acd034ccecb774d39a119387af158f6f66217dfbe663d89e71a673a4cabda8e9d795bfbfe6a68048858cd14824102af1a8f5acdbdbd676884b4c253b6958b3d3d540d6d6b09426916d8dcc542066225126b47831f2b9d906fbda8b1e5db30df445418e1419cd00f4bd63158fea054904a2ee53f66077d73b2b5adfdc98437549f2a54a73c107887fe5a0e3950eae7ab9b1e2ac604ef9ba3f310240f558b32ba7de7b890a0463c7b0f6624c108a50a7c4ecf353b08cdeae75e7e267e6461e8fa59cff0d48307ace94abaf2b3182de6f1f14e168efd65a5d6a7bdcc9499f756a979d53820ee6433a81e838139d329aa6ad608374079010df0993c6a611b4cd5573ed7d36fdcd8005c9e883581d0e7ea6127762ba760c1dfdd95c5f0b9e1c4a07e6d19a786333fe0a193fef7a27c488cbb7445b1b607881207746b0836b32b8927f636cd9b6d28a014a81f814b487878e56e4d00a802f3c775a5ea16f7e33b67cfd6fb33755ff9149b32c323761799a2f2500cd032c8a72325714c3139bbc24611c284e47ba04cdce8996678ee5f9442269c2dfe73e8dee3ec46c13bdc9d9f661228276fd3dce8f7bc98a6519566e6735f6301a902cffb8743436b6a38c844de522da73c44d237dd27454689a417b9fce321e090bda8a989b366d62f9630d195c1e56030fabda195d9b0f99ac74de1114083fa749830c8a7cc7df41b6f22144112bd33f1c325d193d7258f83116e0563feea74032767ace9d7687f7ded2c3fbb5d51a0e5d1f4ae261ed6dd103eb529c8b807661c7390f13bec4a66051e21aa583cbdd2cbee620d8fbaba225d476a2710cfa5ea35ccaec9a0f8e59c872c03fdd5c3b27199df738a40f116bf1291e93c225e21fedaf1eb8d82fbb599fd7011e218306babf8ce9d20abbb7e4e50c38abe6150912d42923907b561ad5bba3f83eac18f7a998b697d2b37fac523867de2ffc4887d6fba7f0f6a79576a31583760a7b5b7a38be2faaf9ffac32974c468d92ce5187112e6924c5fbb8fece33443384f1e9c1d8697dcde1131781d751f8071187d20e0003645da595598f9d508f05280ab9f283c8b14de7d43a72292b524142c809fe1e27f0a8110b8e2554c0df77356ffbdceeb48962f048624925b22861b1321bcab782fd347aa74dddc9371aa261bd3428d4f96fae7c4a95a6fcb9fd847dc053e44f52344ff7ffe28e7249368843f7e5f97795a02a4af264f811b2e6813fe5f0d49de18fa914357e6b71778f46699ba8f67c9751e31dc2f16eabd4c79b89ead9c862d51f056bf382026767513ef13e667875eb8bfcad91c5d812ea702a7fcd02fcc8b318e5d34a0edd4ec1b69b94acfab73b0e50a781405bc1a8db76fc1039a15c483bebb91d2b57c1f6abe702b1f3eb7ad559e86ef294854f655d193e77a75aaba0bfa70bbb20d78395941ad2fd73aa5484fe4032ed205fe3f4b6a6fd6c5d00e90d14f4b1065c087129ccb8d68e27eae472e3741425e37fe38def015a1603a21ae6f98e13fa8b7fcfab1e15367a0e5072cdc62ed84dd8435d7776abf8b475c573d01d7d7c38f81174e7b3ac1ec98fec26246b85916834713b87a36017de83e68c3aa90b1bf8e868ebeff085a97cf4bb0ae3fb01da8c7523ec3d7463e2e2f51b1f5744d060f6db8798cefcb7e1410db5b7f520bc40de669e24273cddf4b0fd39c41cd2b57896bd1f1fa185abaf08dc08291665aa5189e25b79cf77e0495db98e19a5ea2c0880b0fcb56180dd951e94405c1bd425bec4d9e33ba602e393e9c7fcfd4eff7c79e949ae5b0b095658ea8f9e034356577abf3acc29bbfc724acf46fa80502cee37da829602f9782cb079c8d839a83dbfeeb0b28ea0bd6f5a4aa4e0aefc12dc073a10dee14e16d222864cffc47a8364c67026110d5720a42527be4d1c51763124d36da667e0ad067bd3026e68493c816b6450736b3aa03af4eee7d28e0b4e1513969df759c6fb671b9587da5fd440c30cfb645b318d9e185136dc98be728de12f7b82d953ec235717c49f171def18c7f24dab8c828352cc8134a295f204092970b33fc0f5116d5ec421ec95f6b05abdfc006afbb531d28706ea95f9b1a50ba50fbe86074ecdf05fbd49e406b00ab1f6cd4acb711ea789281c667ff75da2313bd990b147db4ba3f841d4d2504072e8dafb290aaf21c0467b33d625ec8c66b75c3c2bc4cd181beb719807f6c9fe358ea0d36f7836443fde70753dea1b24207493f7dc1a0873854ba4720c3d8f5a8455fb4aface952e47ac30109a2da6")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'eql\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="4b00000000000100ffffffffff20317f0100010070d4000004000000020000007b0000000400000010040000"]})

21:38:47 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:47 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xa000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1436.092350] binder_alloc: binder_alloc_mmap_handler: 25681 20ffd000-21000000 already mapped failed -16
[ 1436.149056]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
[ 1436.149068] loop3: partition table partially beyond EOD, 
[ 1436.242314] truncated
21:38:47 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, 0x0, 0x100000001)

[ 1436.246014] loop3: p1 start 1 is beyond EOD, truncated
[ 1436.256584] binder_alloc: binder_alloc_mmap_handler: 25681 20001000-20004000 already mapped failed -16
[ 1436.284786] loop3: p2 size 2 extends beyond EOD, truncated
[ 1436.295991] binder_alloc: binder_alloc_mmap_handler: 25681 20ffd000-21000000 already mapped failed -16
[ 1436.315966] loop3: p3 start 201 is beyond EOD, truncated
[ 1436.349263] loop3: p4 start 301 is beyond EOD, truncated
[ 1436.368372] loop3: p5 start 1 is beyond EOD, truncated
[ 1436.406715] loop3: p6 start 1 is beyond EOD, truncated
[ 1436.440804] loop3: p7 start 1 is beyond EOD, truncated
[ 1436.446398] loop3: p8 start 1 is beyond EOD, truncated
[ 1436.465774] loop3: p9 start 1 is beyond EOD, truncated
[ 1436.474388] loop3: p10 start 1 is beyond EOD, truncated
[ 1436.480104] loop3: p11 start 1 is beyond EOD, truncated
[ 1436.492193] loop3: p12 start 1 is beyond EOD, truncated
[ 1436.498700] loop3: p13 start 1 is beyond EOD, truncated
[ 1436.506272] loop3: p14 start 1 is beyond EOD, truncated
[ 1436.513036] loop3: p15 start 1 is beyond EOD, truncated
[ 1436.518646] loop3: p16 start 1 is beyond EOD, truncated
[ 1436.524216] loop3: p17 start 1 is beyond EOD, truncated
[ 1436.530074] loop3: p18 start 1 is beyond EOD, truncated
[ 1436.535685] loop3: p19 start 1 is beyond EOD, truncated
[ 1436.541240] loop3: p20 start 1 is beyond EOD, truncated
[ 1436.546857] loop3: p21 start 1 is beyond EOD, truncated
[ 1436.552427] loop3: p22 start 1 is beyond EOD, truncated
[ 1436.558024] loop3: p23 start 1 is beyond EOD, truncated
[ 1436.563533] loop3: p24 start 1 is beyond EOD, truncated
[ 1436.569088] loop3: p25 start 1 is beyond EOD, truncated
[ 1436.574714] loop3: p26 start 1 is beyond EOD, truncated
[ 1436.580248] loop3: p27 start 1 is beyond EOD, truncated
[ 1436.586041] loop3: p28 start 1 is beyond EOD, truncated
[ 1436.591573] loop3: p29 start 1 is beyond EOD, truncated
[ 1436.597169] loop3: p30 start 1 is beyond EOD, truncated
[ 1436.602689] loop3: p31 start 1 is beyond EOD, truncated
[ 1436.609810] loop3: p32 start 1 is beyond EOD, truncated
[ 1436.615389] loop3: p33 start 1 is beyond EOD, truncated
[ 1436.620912] loop3: p34 start 1 is beyond EOD, truncated
[ 1436.627367] loop3: p35 start 1 is beyond EOD, truncated
[ 1436.633117] loop3: p36 start 1 is beyond EOD, truncated
[ 1436.640834] loop3: p37 start 1 is beyond EOD, truncated
[ 1436.646480] loop3: p38 start 1 is beyond EOD, truncated
[ 1436.651989] loop3: p39 start 1 is beyond EOD, truncated
[ 1436.657604] loop3: p40 start 1 is beyond EOD, truncated
[ 1436.662985] loop3: p41 start 1 is beyond EOD, truncated
[ 1436.668529] loop3: p42 start 1 is beyond EOD, truncated
[ 1436.673927] loop3: p43 start 1 is beyond EOD, truncated
[ 1436.679425] loop3: p44 start 1 is beyond EOD, truncated
[ 1436.684848] loop3: p45 start 1 is beyond EOD, truncated
[ 1436.690199] loop3: p46 start 1 is beyond EOD, truncated
[ 1436.695634] loop3: p47 start 1 is beyond EOD, truncated
[ 1436.701034] loop3: p48 start 1 is beyond EOD, truncated
[ 1436.706454] loop3: p49 start 1 is beyond EOD, truncated
[ 1436.711829] loop3: p50 start 1 is beyond EOD, truncated
[ 1436.717741] loop3: p51 start 1 is beyond EOD, truncated
[ 1436.723098] loop3: p52 start 1 is beyond EOD, truncated
[ 1436.728528] loop3: p53 start 1 is beyond EOD, truncated
[ 1436.733907] loop3: p54 start 1 is beyond EOD, truncated
[ 1436.739319] loop3: p55 start 1 is beyond EOD, truncated
[ 1436.744717] loop3: p56 start 1 is beyond EOD, truncated
[ 1436.750068] loop3: p57 start 1 is beyond EOD, truncated
[ 1436.756217] loop3: p58 start 1 is beyond EOD, truncated
[ 1436.761597] loop3: p59 start 1 is beyond EOD, truncated
[ 1436.767043] loop3: p60 start 1 is beyond EOD, truncated
[ 1436.772429] loop3: p61 start 1 is beyond EOD, truncated
[ 1436.777876] loop3: p62 start 1 is beyond EOD, truncated
[ 1436.783255] loop3: p63 start 1 is beyond EOD, truncated
[ 1436.788706] loop3: p64 start 1 is beyond EOD, truncated
[ 1436.794074] loop3: p65 start 1 is beyond EOD, truncated
[ 1436.799897] loop3: p66 start 1 is beyond EOD, truncated
[ 1436.805353] loop3: p67 start 1 is beyond EOD, truncated
[ 1436.810722] loop3: p68 start 1 is beyond EOD, truncated
[ 1436.816141] loop3: p69 start 1 is beyond EOD, truncated
[ 1436.821525] loop3: p70 start 1 is beyond EOD, truncated
[ 1436.826936] loop3: p71 start 1 is beyond EOD, truncated
[ 1436.832315] loop3: p72 start 1 is beyond EOD, truncated
[ 1436.837725] loop3: p73 start 1 is beyond EOD, truncated
[ 1436.843111] loop3: p74 start 1 is beyond EOD, truncated
[ 1436.848525] loop3: p75 start 1 is beyond EOD, truncated
[ 1436.853911] loop3: p76 start 1 is beyond EOD, truncated
[ 1436.859322] loop3: p77 start 1 is beyond EOD, truncated
[ 1436.864765] loop3: p78 start 1 is beyond EOD, truncated
[ 1436.870117] loop3: p79 start 1 is beyond EOD, truncated
[ 1436.875901] loop3: p80 start 1 is beyond EOD, truncated
[ 1436.881277] loop3: p81 start 1 is beyond EOD, truncated
[ 1436.887680] loop3: p82 start 1 is beyond EOD, truncated
[ 1436.893075] loop3: p83 start 1 is beyond EOD, truncated
[ 1436.898617] loop3: p84 start 1 is beyond EOD, truncated
[ 1436.903995] loop3: p85 start 1 is beyond EOD, truncated
[ 1436.909404] loop3: p86 start 1 is beyond EOD, truncated
[ 1436.914819] loop3: p87 start 1 is beyond EOD, truncated
[ 1436.920170] loop3: p88 start 1 is beyond EOD, truncated
[ 1436.925571] loop3: p89 start 1 is beyond EOD, truncated
[ 1436.930962] loop3: p90 start 1 is beyond EOD, truncated
[ 1436.936387] loop3: p91 start 1 is beyond EOD, truncated
[ 1436.941762] loop3: p92 start 1 is beyond EOD, truncated
[ 1436.947167] loop3: p93 start 1 is beyond EOD, truncated
[ 1436.952552] loop3: p94 start 1 is beyond EOD, truncated
[ 1436.958261] loop3: p95 start 1 is beyond EOD, truncated
[ 1436.963634] loop3: p96 start 1 is beyond EOD, truncated
[ 1436.969075] loop3: p97 start 1 is beyond EOD, truncated
[ 1436.974442] loop3: p98 start 1 is beyond EOD, truncated
[ 1436.979905] loop3: p99 start 1 is beyond EOD, truncated
[ 1436.985303] loop3: p100 start 1 is beyond EOD, truncated
[ 1436.990742] loop3: p101 start 1 is beyond EOD, truncated
[ 1436.996234] loop3: p102 start 1 is beyond EOD, truncated
[ 1437.001702] loop3: p103 start 1 is beyond EOD, truncated
[ 1437.007191] loop3: p104 start 1 is beyond EOD, truncated
[ 1437.012672] loop3: p105 start 1 is beyond EOD, truncated
[ 1437.018873] loop3: p106 start 1 is beyond EOD, truncated
[ 1437.024313] loop3: p107 start 1 is beyond EOD, truncated
[ 1437.029834] loop3: p108 start 1 is beyond EOD, truncated
[ 1437.035559] loop3: p109 start 1 is beyond EOD, truncated
[ 1437.041003] loop3: p110 start 1 is beyond EOD, truncated
[ 1437.046530] loop3: p111 start 1 is beyond EOD, truncated
[ 1437.051994] loop3: p112 start 1 is beyond EOD, truncated
[ 1437.057512] loop3: p113 start 1 is beyond EOD, truncated
[ 1437.062982] loop3: p114 start 1 is beyond EOD, truncated
[ 1437.068509] loop3: p115 start 1 is beyond EOD, truncated
[ 1437.073977] loop3: p116 start 1 is beyond EOD, truncated
[ 1437.079475] loop3: p117 start 1 is beyond EOD, truncated
[ 1437.085024] loop3: p118 start 1 is beyond EOD, truncated
[ 1437.090551] loop3: p119 start 1 is beyond EOD, truncated
[ 1437.096066] loop3: p120 start 1 is beyond EOD, truncated
[ 1437.101549] loop3: p121 start 1 is beyond EOD, truncated
[ 1437.107067] loop3: p122 start 1 is beyond EOD, truncated
[ 1437.112570] loop3: p123 start 1 is beyond EOD, truncated
[ 1437.118400] loop3: p124 start 1 is beyond EOD, truncated
[ 1437.124264] loop3: p125 start 1 is beyond EOD, truncated
[ 1437.129837] loop3: p126 start 1 is beyond EOD, truncated
[ 1437.135351] loop3: p127 start 1 is beyond EOD, truncated
21:38:48 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x1000000000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:48 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffff9c, 0x10, &(0x7f0000000040)={&(0x7f00000002c0)=""/169, 0xa9, <r2=>0xffffffffffffffff}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r1, 0x10, &(0x7f0000000100)={&(0x7f00000001c0)=""/230, 0xe6, r2}}, 0x10)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
prctl$PR_SET_TSC(0x1a, 0x0)

21:38:48 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x8000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:48 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, 0x0, 0x100000001)

21:38:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xebffffff00000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

[ 1437.140807] loop3: p128 start 1 is beyond EOD, truncated
[ 1437.147234] loop3: p129 start 1 is beyond EOD, truncated
[ 1437.152699] loop3: p130 start 1 is beyond EOD, truncated
[ 1437.158229] loop3: p131 start 1 is beyond EOD, truncated
[ 1437.163688] loop3: p132 start 1 is beyond EOD, truncated
[ 1437.163701] loop3: p133 start 1 is beyond EOD, truncated
[ 1437.163713] loop3: p134 start 1 is beyond EOD, truncated
[ 1437.163724] loop3: p135 start 1 is beyond EOD, truncated
[ 1437.163740] loop3: p136 start 1 is beyond EOD, truncated
[ 1437.215821] loop3: p137 start 1 is beyond EOD, truncated
[ 1437.239763] loop3: p138 start 1 is beyond EOD, truncated
[ 1437.258579] binder_alloc: binder_alloc_mmap_handler: 25707 20ffd000-21000000 already mapped failed -16
[ 1437.269219] loop3: p139 start 1 is beyond EOD, truncated
[ 1437.279990] binder_alloc: binder_alloc_mmap_handler: 25707 20001000-20004000 already mapped failed -16
[ 1437.289979] loop3: p140 start 1 is beyond EOD, truncated
[ 1437.295926] loop3: p141 start 1 is beyond EOD, truncated
[ 1437.308072] binder_alloc: binder_alloc_mmap_handler: 25707 20ffd000-21000000 already mapped failed -16
[ 1437.322267] loop3: p142 start 1 is beyond EOD, truncated
[ 1437.349388] loop3: p143 start 1 is beyond EOD, truncated
21:38:48 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xb00000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1437.363210] loop3: p144 start 1 is beyond EOD, truncated
21:38:48 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0xf7ffffffffffff81, 0x240000)
write$P9_RREMOVE(r1, &(0x7f0000000040)={0x7, 0x7b, 0x1}, 0x7)

[ 1437.407498] loop3: p145 start 1 is beyond EOD, truncated
[ 1437.413000] loop3: p146 start 1 is beyond EOD, truncated
[ 1437.482941] loop3: p147 start 1 is beyond EOD, truncated
[ 1437.518746] loop3: p148 start 1 is beyond EOD, truncated
21:38:48 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x600000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1437.539591] binder_alloc: binder_alloc_mmap_handler: 25725 20ffd000-21000000 already mapped failed -16
[ 1437.563121] loop3: p149 start 1 is beyond EOD, truncated
[ 1437.584181] loop3: p150 start 1 is beyond EOD, truncated
21:38:48 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, 0x0, 0x100000001)

[ 1437.610389] binder_alloc: binder_alloc_mmap_handler: 25725 20001000-20004000 already mapped failed -16
[ 1437.611713] loop3: p151 start 1 is beyond EOD, truncated
[ 1437.652118] loop3: p152 start 1 is beyond EOD, truncated
[ 1437.663439] loop3: p153 start 1 is beyond EOD, truncated
[ 1437.671858] loop3: p154 start 1 is beyond EOD, truncated
[ 1437.677781] loop3: p155 start 1 is beyond EOD, truncated
[ 1437.683254] loop3: p156 start 1 is beyond EOD, truncated
[ 1437.689358] loop3: p157 start 1 is beyond EOD, truncated
[ 1437.695301] loop3: p158 start 1 is beyond EOD, truncated
[ 1437.695789] binder_alloc: binder_alloc_mmap_handler: 25725 20ffd000-21000000 already mapped failed -16
[ 1437.700766] loop3: p159 start 1 is beyond EOD, truncated
[ 1437.700779] loop3: p160 start 1 is beyond EOD, truncated
[ 1437.700791] loop3: p161 start 1 is beyond EOD, truncated
[ 1437.700803] loop3: p162 start 1 is beyond EOD, truncated
[ 1437.700815] loop3: p163 start 1 is beyond EOD, truncated
[ 1437.700827] loop3: p164 start 1 is beyond EOD, truncated
[ 1437.774729] loop3: p165 start 1 is beyond EOD, truncated
[ 1437.780693] loop3: p166 start 1 is beyond EOD, truncated
[ 1437.802539] loop3: p167 start 1 is beyond EOD, truncated
[ 1437.816347] loop3: p168 start 1 is beyond EOD, truncated
[ 1437.825802] loop3: p169 start 1 is beyond EOD, truncated
[ 1437.831444] loop3: p170 start 1 is beyond EOD, truncated
[ 1437.837442] loop3: p171 start 1 is beyond EOD, truncated
[ 1437.843189] loop3: p172 start 1 is beyond EOD, truncated
[ 1437.852285] loop3: p173 start 1 is beyond EOD, truncated
[ 1437.864417] loop3: p174 start 1 is beyond EOD, truncated
[ 1437.870669] loop3: p175 start 1 is beyond EOD, truncated
[ 1437.879223] loop3: p176 start 1 is beyond EOD, truncated
[ 1437.890376] loop3: p177 start 1 is beyond EOD, truncated
[ 1437.897505] loop3: p178 start 1 is beyond EOD, truncated
[ 1437.902995] loop3: p179 start 1 is beyond EOD, truncated
[ 1437.909140] loop3: p180 start 1 is beyond EOD, truncated
[ 1437.915948] loop3: p181 start 1 is beyond EOD, truncated
[ 1437.921517] loop3: p182 start 1 is beyond EOD, truncated
[ 1437.927606] loop3: p183 start 1 is beyond EOD, truncated
[ 1437.933052] loop3: p184 start 1 is beyond EOD, truncated
[ 1437.938579] loop3: p185 start 1 is beyond EOD, truncated
[ 1437.944034] loop3: p186 start 1 is beyond EOD, truncated
[ 1437.949547] loop3: p187 start 1 is beyond EOD, truncated
[ 1437.955031] loop3: p188 start 1 is beyond EOD, truncated
[ 1437.960477] loop3: p189 start 1 is beyond EOD, truncated
[ 1437.965964] loop3: p190 start 1 is beyond EOD, truncated
[ 1437.971853] loop3: p191 start 1 is beyond EOD, truncated
[ 1437.977338] loop3: p192 start 1 is beyond EOD, truncated
[ 1437.982803] loop3: p193 start 1 is beyond EOD, truncated
[ 1437.988356] loop3: p194 start 1 is beyond EOD, truncated
[ 1437.993826] loop3: p195 start 1 is beyond EOD, truncated
[ 1437.999517] loop3: p196 start 1 is beyond EOD, truncated
[ 1438.005077] loop3: p197 start 1 is beyond EOD, truncated
[ 1438.010533] loop3: p198 start 1 is beyond EOD, truncated
[ 1438.016503] loop3: p199 start 1 is beyond EOD, truncated
[ 1438.021946] loop3: p200 start 1 is beyond EOD, truncated
[ 1438.027450] loop3: p201 start 1 is beyond EOD, truncated
[ 1438.032932] loop3: p202 start 1 is beyond EOD, truncated
[ 1438.038448] loop3: p203 start 1 is beyond EOD, truncated
[ 1438.043920] loop3: p204 start 1 is beyond EOD, truncated
[ 1438.049467] loop3: p205 start 1 is beyond EOD, truncated
[ 1438.055001] loop3: p206 start 1 is beyond EOD, truncated
[ 1438.060440] loop3: p207 start 1 is beyond EOD, truncated
[ 1438.065943] loop3: p208 start 1 is beyond EOD, truncated
[ 1438.071409] loop3: p209 start 1 is beyond EOD, truncated
[ 1438.077597] loop3: p210 start 1 is beyond EOD, truncated
[ 1438.083044] loop3: p211 start 1 is beyond EOD, truncated
[ 1438.088626] loop3: p212 start 1 is beyond EOD, truncated
[ 1438.094115] loop3: p213 start 1 is beyond EOD, truncated
[ 1438.099731] loop3: p214 start 1 is beyond EOD, truncated
[ 1438.105220] loop3: p215 start 1 is beyond EOD, truncated
[ 1438.110676] loop3: p216 start 1 is beyond EOD, truncated
[ 1438.116181] loop3: p217 start 1 is beyond EOD, truncated
[ 1438.121691] loop3: p218 start 1 is beyond EOD, truncated
[ 1438.127183] loop3: p219 start 1 is beyond EOD, truncated
[ 1438.132668] loop3: p220 start 1 is beyond EOD, truncated
[ 1438.138175] loop3: p221 start 1 is beyond EOD, truncated
[ 1438.143629] loop3: p222 start 1 is beyond EOD, truncated
[ 1438.149131] loop3: p223 start 1 is beyond EOD, truncated
[ 1438.154678] loop3: p224 start 1 is beyond EOD, truncated
[ 1438.160129] loop3: p225 start 1 is beyond EOD, truncated
[ 1438.165615] loop3: p226 start 1 is beyond EOD, truncated
[ 1438.171091] loop3: p227 start 1 is beyond EOD, truncated
[ 1438.176611] loop3: p228 start 1 is beyond EOD, truncated
[ 1438.182075] loop3: p229 start 1 is beyond EOD, truncated
[ 1438.187693] loop3: p230 start 1 is beyond EOD, truncated
[ 1438.193151] loop3: p231 start 1 is beyond EOD, truncated
[ 1438.198636] loop3: p232 start 1 is beyond EOD, truncated
[ 1438.204128] loop3: p233 start 1 is beyond EOD, truncated
[ 1438.209620] loop3: p234 start 1 is beyond EOD, truncated
[ 1438.215167] loop3: p235 start 1 is beyond EOD, truncated
[ 1438.220627] loop3: p236 start 1 is beyond EOD, truncated
[ 1438.226257] loop3: p237 start 1 is beyond EOD, truncated
[ 1438.231727] loop3: p238 start 1 is beyond EOD, truncated
[ 1438.237329] loop3: p239 start 1 is beyond EOD, truncated
[ 1438.242797] loop3: p240 start 1 is beyond EOD, truncated
[ 1438.248285] loop3: p241 start 1 is beyond EOD, truncated
[ 1438.253762] loop3: p242 start 1 is beyond EOD, truncated
[ 1438.259287] loop3: p243 start 1 is beyond EOD, truncated
[ 1438.264800] loop3: p244 start 1 is beyond EOD, truncated
[ 1438.270255] loop3: p245 start 1 is beyond EOD, truncated
[ 1438.275748] loop3: p246 start 1 is beyond EOD, truncated
[ 1438.281217] loop3: p247 start 1 is beyond EOD, truncated
[ 1438.286729] loop3: p248 start 1 is beyond EOD, truncated
[ 1438.292200] loop3: p249 start 1 is beyond EOD, truncated
[ 1438.297724] loop3: p250 start 1 is beyond EOD, truncated
[ 1438.303193] loop3: p251 start 1 is beyond EOD, truncated
[ 1438.308723] loop3: p252 start 1 is beyond EOD, truncated
[ 1438.314185] loop3: p253 start 1 is beyond EOD, truncated
[ 1438.319730] loop3: p254 start 1 is beyond EOD, truncated
[ 1438.325253] loop3: p255 start 1 is beyond EOD, truncated
21:38:49 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x7400000000000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:49 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x10]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0xe, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

[ 1438.479281]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
21:38:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x8000000, 0x81)
ioctl$KVM_DEASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae75, 0x0)
r5 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400)
sendmsg$alg(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000640)="628671435790a82a4ddb5fbb0bdf62a709916f146370a6ecc13cee67a93d6a0f5226c536dde403337d95294394a86faaff37c03561727dd124418ea0057e50b69a58d9125237f582eade7b0f7f5293cc7ac2eedf8c33a20816dd6309bf52555e4bcc5d7ee4475e68799dcbde9a989f32e22b3b36e5f82fd8006f29abc6a72b019b85fd1fb9851693a92f9a71eade33b40a9fb0b5d93d895e1ae182b7c5b76da18a1ef4db2236bacd56e5772ae4cecc507614dc8a92c599fee07f70681decac9ba6", 0xc1}], 0x1, 0x0, 0x0, 0x10}, 0x4000010)
r6 = gettid()
getgid()
writev(r0, &(0x7f0000000500)=[{&(0x7f0000000480)="2b1cbccc40004dd548226dbf7865af0dc9725484e5699dfe9f02d29fd620910b60499e1aaf7d636cf32399ed1ff8ec7e26c97b9f42be07a0eb907d11cdb44393ae5f3fa533acef1f26301abd3d0fdf80fe8018bbf20ac0", 0x57}], 0x1)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r6, 0x1004000000016)
fgetxattr(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374066d2e3a916b0f7972695bb3a5d9704867c53acbb31553e2dd133e0610105b4b812ec2b022faa0ea49bb6476218f4f47d74743dc16f37bb64f9038889580d24d7630f280d3b950fcf61d2d9f7306d1915b1efb34a3ed2dff5902fdc69768c6018000000000000011cb2b21991f00785d0b342dadee7568a9088d1fd09e78b2e8278fe8ac2887f644af7621d666ca41d98979e8025745ad9c53b761129be15d1cce78a5be0a010000000e77ce30456a71750cc35f9f12faa6a4386b3a9b00000000002852a9f5bfdd0e10db31f4dcaaf640b2477326"], 0x0, 0x0)
close(r4)
ioctl$TIOCMBIS(r5, 0x5416, &(0x7f00000001c0)=0x8)
r7 = dup2(r3, r4)
ioctl$EVIOCGSW(r5, 0x8040451b, &(0x7f0000000100)=""/33)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000580), &(0x7f0000000600)=0xc)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
dup3(r2, r1, 0x0)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
timer_delete(0x0)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video0\x00', 0x2, 0x0)

21:38:51 executing program 2:
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_KEEPCAPS(0x8, 0x1)
r1 = socket$inet6(0xa, 0x3, 0x3)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$unix(0x1, 0x801, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xfffffffffffffe20)
fcntl$getownex(r2, 0x10, &(0x7f0000000080))
lstat(0x0, &(0x7f0000000140))
signalfd(r2, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
accept4(0xffffffffffffffff, &(0x7f0000b17000)=@generic, &(0x7f0000dbd000)=0x80, 0x0)
connect(r2, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'team_slave_0\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'team_slave_0\x00', 0x200008000005})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x8010, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2068, 0x0, 0x12, r0, 0x0)
lsetxattr$security_smack_transmute(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x2)

21:38:51 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x9]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:51 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080), 0x100000001)

21:38:51 executing program 4:
r0 = socket$inet6(0xa, 0x1, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
r1 = getpid()
bind$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfd}, 0xc)
sched_setscheduler(r1, 0x5, &(0x7f0000000000))
r2 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x100000001, 0x280)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000180)={<r3=>0x0, 0x9}, &(0x7f00000001c0)=0x8)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000200)=@assoc_value={r3, 0x8}, 0x8)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/mixer\x00', 0x4000, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x3d, &(0x7f0000000040)={@loopback}, &(0x7f0000000080)=0x10)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)

21:38:51 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0xff0f000000000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

21:38:51 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x11]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:52 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_read_part_table(0x7400000000000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}])

[ 1440.879806]  loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
21:38:52 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x500000000000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1441.359761]  loop4: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
21:38:52 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r3 = socket$inet6(0xa, 0x803, 0x200000003)
ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
sendfile(r1, r2, &(0x7f0000000080)=0x85e20, 0x0)

21:38:52 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x20000000]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

21:38:53 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0xa]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1443.513800]  loop4: p137 could not be added: 12
[ 1443.861937]  loop4: p159 could not be added: 12
21:38:54 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000580)=@newsa={0x140, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast2={0xff, 0x2, [0x0, 0x0, 0x6]}}, {@in6=@dev, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @extra_flags={0x8, 0x18, 0x22}]}, 0x140}}, 0x0)

[ 1463.686117] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 1463.693959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1480.519802] blkid invoked oom-killer: gfp_mask=0x6280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=-1000
[ 1480.633035] blkid cpuset=/ mems_allowed=0
[ 1480.670160] CPU: 1 PID: 26171 Comm: blkid Not tainted 4.20.0-rc7+ #157
[ 1480.676870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1480.686226] Call Trace:
[ 1480.688827]  dump_stack+0x244/0x39d
[ 1480.692473]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1480.697684]  ? mark_held_locks+0x130/0x130
[ 1480.701933]  ? mark_held_locks+0x130/0x130
[ 1480.706222]  dump_header+0x27b/0xf72
[ 1480.709953]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1480.715501]  ? check_preemption_disabled+0x48/0x280
[ 1480.720527]  ? pagefault_out_of_memory+0x197/0x197
[ 1480.725471]  ? debug_smp_processor_id+0x1c/0x20
[ 1480.730147]  ? perf_trace_lock+0x14d/0x7a0
[ 1480.734388]  ? debug_smp_processor_id+0x1c/0x20
[ 1480.739074]  ? lock_is_held_type+0x210/0x210
[ 1480.743517]  ? debug_smp_processor_id+0x1c/0x20
[ 1480.748227]  ? perf_trace_lock+0x14d/0x7a0
[ 1480.752471]  ? zap_class+0x640/0x640
[ 1480.756196]  ? print_usage_bug+0xc0/0xc0
[ 1480.760265]  ? lock_is_held_type+0x210/0x210
[ 1480.764688]  ? perf_trace_lock+0x14d/0x7a0
[ 1480.768942]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1480.774489]  ? find_held_lock+0x36/0x1c0
[ 1480.778565]  ? mark_held_locks+0xc7/0x130
[ 1480.782725]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 1480.787840]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 1480.792967]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1480.797564]  ? trace_hardirqs_on+0xbd/0x310
[ 1480.801925]  ? kasan_check_read+0x11/0x20
[ 1480.806082]  ? ___ratelimit+0x3b4/0x672
[ 1480.810068]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1480.815193]  ? trace_hardirqs_on+0x310/0x310
[ 1480.819610]  ? lock_downgrade+0x900/0x900
[ 1480.823774]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 1480.828891]  ? ___ratelimit+0x3b9/0x672
[ 1480.832877]  ? idr_get_free+0xf70/0xf70
[ 1480.836863]  ? lock_is_held_type+0x210/0x210
[ 1480.841292]  oom_kill_process.cold.27+0x10/0x903
[ 1480.846057]  ? zap_class+0x640/0x640
[ 1480.849781]  ? _raw_spin_unlock+0x2c/0x50
[ 1480.853939]  ? oom_badness+0xe6/0xaa0
[ 1480.857756]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1480.862707]  ? kasan_check_read+0x11/0x20
[ 1480.866879]  ? oom_evaluate_task+0x540/0x540
[ 1480.871310]  ? find_held_lock+0x36/0x1c0
[ 1480.875393]  ? out_of_memory+0x974/0x1430
[ 1480.879574]  ? lock_downgrade+0x900/0x900
[ 1480.883746]  ? check_preemption_disabled+0x48/0x280
[ 1480.888774]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1480.893715]  ? kasan_check_read+0x11/0x20
[ 1480.897873]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1480.903162]  ? rcu_softirq_qs+0x20/0x20
[ 1480.907152]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1480.912705]  ? oom_evaluate_task+0x302/0x540
[ 1480.917132]  out_of_memory+0xa84/0x1430
[ 1480.921129]  ? oom_killer_disable+0x3a0/0x3a0
[ 1480.925633]  ? __alloc_pages_slowpath+0xf5c/0x2de0
[ 1480.930591]  ? __ww_mutex_check_waiters+0x160/0x160
[ 1480.935630]  __alloc_pages_slowpath+0x232c/0x2de0
[ 1480.940491]  ? debug_smp_processor_id+0x1c/0x20
[ 1480.945204]  ? warn_alloc+0x120/0x120
[ 1480.949014]  ? mark_held_locks+0x130/0x130
[ 1480.953263]  ? zap_class+0x640/0x640
[ 1480.956996]  ? find_held_lock+0x36/0x1c0
[ 1480.961070]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1480.966626]  ? check_preemption_disabled+0x48/0x280
[ 1480.971678]  ? debug_smp_processor_id+0x1c/0x20
[ 1480.976361]  ? perf_trace_lock+0x14d/0x7a0
[ 1480.980609]  ? _raw_spin_unlock_irq+0x27/0x80
[ 1480.985123]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1480.990682]  ? should_fail+0x22d/0xd01
[ 1480.994586]  ? print_usage_bug+0xc0/0xc0
[ 1480.998659]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1481.003784]  ? compat_start_thread+0x80/0x80
[ 1481.008207]  ? zap_class+0x640/0x640
[ 1481.011936]  ? _raw_spin_unlock_irq+0x60/0x80
[ 1481.016453]  ? finish_task_switch+0x1f4/0x910
[ 1481.020972]  ? __switch_to_asm+0x34/0x70
[ 1481.025073]  ? __lock_is_held+0xb5/0x140
[ 1481.029160]  ? lock_release+0xa00/0xa00
[ 1481.033145]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1481.038618]  ? __might_sleep+0x95/0x190
[ 1481.042609]  __alloc_pages_nodemask+0xad8/0xea0
[ 1481.047290]  ? retint_kernel+0x2d/0x2d
[ 1481.051198]  ? __alloc_pages_slowpath+0x2de0/0x2de0
[ 1481.056229]  ? debug_smp_processor_id+0x1c/0x20
[ 1481.060911]  ? perf_trace_lock+0x14d/0x7a0
[ 1481.065161]  ? __lock_acquire+0x62f/0x4c20
[ 1481.069445]  ? mark_held_locks+0x130/0x130
[ 1481.073694]  ? mark_held_locks+0x130/0x130
[ 1481.077957]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1481.083512]  alloc_pages_vma+0x13d/0x690
[ 1481.087594]  __handle_mm_fault+0x27f8/0x5be0
[ 1481.092027]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1481.096922]  ? lock_is_held_type+0x210/0x210
[ 1481.101390]  ? zap_class+0x640/0x640
[ 1481.105127]  ? zap_class+0x640/0x640
[ 1481.108862]  ? find_held_lock+0x36/0x1c0
[ 1481.112947]  ? handle_mm_fault+0x42a/0xc70
[ 1481.117199]  ? lock_downgrade+0x900/0x900
[ 1481.121372]  ? check_preemption_disabled+0x48/0x280
[ 1481.126400]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1481.131344]  ? kasan_check_read+0x11/0x20
[ 1481.135497]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1481.140800]  ? rcu_softirq_qs+0x20/0x20
[ 1481.144816]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1481.149935]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1481.155489]  ? check_preemption_disabled+0x48/0x280
[ 1481.160533]  handle_mm_fault+0x54f/0xc70
[ 1481.164609]  ? __handle_mm_fault+0x5be0/0x5be0
[ 1481.169224]  ? find_vma+0x34/0x190
[ 1481.172799]  __do_page_fault+0x5e8/0xe60
[ 1481.176871]  ? trace_hardirqs_off+0xb8/0x310
[ 1481.181301]  do_page_fault+0xf2/0x7e0
[ 1481.185114]  ? vmalloc_sync_all+0x30/0x30
[ 1481.189275]  ? error_entry+0x70/0xd0
[ 1481.193000]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 1481.198026]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 1481.202969]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1481.207911]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1481.212765]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1481.217790]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 1481.223252]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1481.228284]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1481.233320]  ? page_fault+0x8/0x30
[ 1481.236904]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1481.241802]  ? page_fault+0x8/0x30
[ 1481.245352]  page_fault+0x1e/0x30
[ 1481.248815] RIP: 0033:0x7f02f4491c0e
[ 1481.252542] Code: Bad RIP value.
[ 1481.255913] RSP: 002b:00007ffcb7cc3540 EFLAGS: 00010246
[ 1481.261280] RAX: 0000000000000000 RBX: 00007f02f3d6cf10 RCX: 0000000000000002
[ 1481.268560] RDX: 000000000001def0 RSI: 000000000001df00 RDI: 00007f02f3d6d000
[ 1481.275841] RBP: 000000000096eeb0 R08: 0000000000000000 R09: 000000000096f116
[ 1481.283136] R10: 0000000000000001 R11: 0000000000000100 R12: 0000000000000001
[ 1481.290432] R13: 0000000000000064 R14: 000000000096f320 R15: 000000000096f0e6
[ 1481.786995] Mem-Info:
[ 1481.789525] active_anon:1345967 inactive_anon:15636 isolated_anon:0
[ 1481.789525]  active_file:239 inactive_file:238 isolated_file:64
[ 1481.789525]  unevictable:2560 dirty:0 writeback:1 unstable:0
[ 1481.789525]  slab_reclaimable:14096 slab_unreclaimable:112925
[ 1481.789525]  mapped:49621 shmem:473 pagetables:9139 bounce:0
[ 1481.789525]  free:24198 free_pcp:383 free_cma:0
[ 1481.861699] Node 0 active_anon:5384468kB inactive_anon:62544kB active_file:840kB inactive_file:924kB unevictable:10240kB isolated(anon):0kB isolated(file):124kB mapped:198384kB dirty:0kB writeback:4kB shmem:1892kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 221184kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1481.899746] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1481.990003] lowmem_reserve[]: 0 2818 6321 6321
[ 1481.994701] Node 0 DMA32 free:43912kB min:30052kB low:37564kB high:45076kB active_anon:2784996kB inactive_anon:320kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:4416kB pagetables:8404kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1482.025826] lowmem_reserve[]: 0 0 3503 3503
[ 1482.030186] Node 0 Normal free:36924kB min:37364kB low:46704kB high:56044kB active_anon:2600588kB inactive_anon:62224kB active_file:360kB inactive_file:700kB unevictable:10240kB writepending:4kB present:4718592kB managed:3587816kB mlocked:10240kB kernel_stack:16832kB pagetables:28152kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1482.135283] lowmem_reserve[]: 0 0 0 0
[ 1482.154933] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[ 1482.169946] Node 0 DMA32: 575*4kB (UE) 208*8kB (UME) 77*16kB (UE) 19*32kB (UME) 2*64kB (U) 1*128kB (U) 0*256kB 2*512kB (UE) 2*1024kB (UM) 1*2048kB (E) 8*4096kB (M) = 43948kB
[ 1482.186031] Node 0 Normal: 1100*4kB (UEH) 2354*8kB (UEH) 673*16kB (UMEH) 85*32kB (UME) 8*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 37232kB
[ 1482.202223] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1482.213525] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1482.223574] 594 total pagecache pages
[ 1482.228830] 0 pages in swap cache
[ 1482.232293] Swap cache stats: add 0, delete 0, find 0/0
[ 1482.239286] Free swap  = 0kB
[ 1482.242359] Total swap = 0kB
[ 1482.247795] 1965979 pages RAM
[ 1482.250909] 0 pages HighMem/MovableOnly
[ 1482.255250] 342853 pages reserved
[ 1482.258801] 0 pages cma reserved
[ 1482.262179] Out of memory: Kill process 8745 (syz-executor2) score 1007 or sacrifice child
[ 1482.287678] Killed process 8745 (syz-executor2) total-vm:70728kB, anon-rss:18308kB, file-rss:32640kB, shmem-rss:0kB
[ 1482.361331] oom_reaper: reaped process 8745 (syz-executor2), now anon-rss:0kB, file-rss:32768kB, shmem-rss:0kB
[ 1482.507168] blkid invoked oom-killer: gfp_mask=0x6280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=-1000
[ 1482.622558] blkid cpuset=/ mems_allowed=0
[ 1482.651812] CPU: 1 PID: 26265 Comm: blkid Not tainted 4.20.0-rc7+ #157
[ 1482.658503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1482.667863] Call Trace:
[ 1482.670481]  dump_stack+0x244/0x39d
[ 1482.674121]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1482.679333]  ? mark_held_locks+0x130/0x130
[ 1482.683601]  ? mark_held_locks+0x130/0x130
[ 1482.687848]  dump_header+0x27b/0xf72
[ 1482.691582]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1482.697126]  ? check_preemption_disabled+0x48/0x280
[ 1482.702151]  ? pagefault_out_of_memory+0x197/0x197
[ 1482.707089]  ? debug_smp_processor_id+0x1c/0x20
[ 1482.711763]  ? perf_trace_lock+0x14d/0x7a0
[ 1482.716003]  ? debug_smp_processor_id+0x1c/0x20
[ 1482.720685]  ? perf_trace_lock+0x14d/0x7a0
[ 1482.724927]  ? lock_is_held_type+0x210/0x210
[ 1482.729346]  ? debug_smp_processor_id+0x1c/0x20
[ 1482.734016]  ? perf_trace_lock+0x14d/0x7a0
[ 1482.738251]  ? zap_class+0x640/0x640
[ 1482.742001]  ? print_usage_bug+0xc0/0xc0
[ 1482.746061]  ? lock_is_held_type+0x210/0x210
[ 1482.750466]  ? perf_trace_lock+0x14d/0x7a0
[ 1482.754728]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1482.760299]  ? find_held_lock+0x36/0x1c0
[ 1482.764385]  ? mark_held_locks+0xc7/0x130
[ 1482.768537]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 1482.773654]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 1482.778769]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1482.783371]  ? trace_hardirqs_on+0xbd/0x310
[ 1482.787704]  ? kasan_check_read+0x11/0x20
[ 1482.791852]  ? ___ratelimit+0x3b4/0x672
[ 1482.795842]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1482.800950]  ? trace_hardirqs_on+0x310/0x310
[ 1482.805373]  ? lock_downgrade+0x900/0x900
[ 1482.809546]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 1482.814651]  ? ___ratelimit+0x3b9/0x672
[ 1482.818638]  ? idr_get_free+0xf70/0xf70
[ 1482.822618]  ? lock_is_held_type+0x210/0x210
[ 1482.827033]  oom_kill_process.cold.27+0x10/0x903
[ 1482.831792]  ? zap_class+0x640/0x640
[ 1482.835509]  ? _raw_spin_unlock+0x2c/0x50
[ 1482.839656]  ? oom_badness+0xe6/0xaa0
[ 1482.843464]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1482.848393]  ? kasan_check_read+0x11/0x20
[ 1482.852561]  ? oom_evaluate_task+0x540/0x540
[ 1482.856975]  ? find_held_lock+0x36/0x1c0
[ 1482.861061]  ? out_of_memory+0x974/0x1430
[ 1482.865217]  ? lock_downgrade+0x900/0x900
[ 1482.869411]  ? check_preemption_disabled+0x48/0x280
[ 1482.874441]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1482.879383]  ? kasan_check_read+0x11/0x20
[ 1482.883532]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1482.888824]  ? rcu_softirq_qs+0x20/0x20
[ 1482.892804]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1482.898342]  ? oom_evaluate_task+0x302/0x540
[ 1482.902766]  out_of_memory+0xa84/0x1430
[ 1482.906773]  ? oom_killer_disable+0x3a0/0x3a0
[ 1482.911273]  ? __alloc_pages_slowpath+0xf5c/0x2de0
[ 1482.916213]  ? __ww_mutex_check_waiters+0x160/0x160
[ 1482.921242]  __alloc_pages_slowpath+0x232c/0x2de0
[ 1482.926118]  ? debug_smp_processor_id+0x1c/0x20
[ 1482.930819]  ? warn_alloc+0x120/0x120
[ 1482.934625]  ? mark_held_locks+0x130/0x130
[ 1482.938861]  ? zap_class+0x640/0x640
[ 1482.942587]  ? find_held_lock+0x36/0x1c0
[ 1482.946657]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1482.952208]  ? check_preemption_disabled+0x48/0x280
[ 1482.957236]  ? debug_smp_processor_id+0x1c/0x20
[ 1482.961907]  ? perf_trace_lock+0x14d/0x7a0
[ 1482.966150]  ? _raw_spin_unlock_irq+0x27/0x80
[ 1482.970655]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1482.976215]  ? should_fail+0x22d/0xd01
[ 1482.980110]  ? print_usage_bug+0xc0/0xc0
[ 1482.984177]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1482.989285]  ? compat_start_thread+0x80/0x80
[ 1482.993708]  ? zap_class+0x640/0x640
[ 1482.997438]  ? _raw_spin_unlock_irq+0x60/0x80
[ 1483.001942]  ? finish_task_switch+0x1f4/0x910
[ 1483.006470]  ? __switch_to_asm+0x34/0x70
[ 1483.010574]  ? __lock_is_held+0xb5/0x140
[ 1483.014677]  ? lock_release+0xa00/0xa00
[ 1483.018677]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1483.024172]  ? __might_sleep+0x95/0x190
[ 1483.028159]  __alloc_pages_nodemask+0xad8/0xea0
[ 1483.032832]  ? retint_kernel+0x2d/0x2d
[ 1483.036752]  ? __alloc_pages_slowpath+0x2de0/0x2de0
[ 1483.041776]  ? debug_smp_processor_id+0x1c/0x20
[ 1483.046459]  ? perf_trace_lock+0x14d/0x7a0
[ 1483.050735]  ? __lock_acquire+0x62f/0x4c20
[ 1483.055011]  ? mark_held_locks+0x130/0x130
[ 1483.059247]  ? mark_held_locks+0x130/0x130
[ 1483.063482]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1483.069021]  alloc_pages_vma+0x13d/0x690
[ 1483.073089]  __handle_mm_fault+0x27f8/0x5be0
[ 1483.077524]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1483.082399]  ? lock_is_held_type+0x210/0x210
[ 1483.086837]  ? zap_class+0x640/0x640
[ 1483.090551]  ? zap_class+0x640/0x640
[ 1483.094292]  ? find_held_lock+0x36/0x1c0
[ 1483.098368]  ? handle_mm_fault+0x42a/0xc70
[ 1483.102606]  ? lock_downgrade+0x900/0x900
[ 1483.106770]  ? check_preemption_disabled+0x48/0x280
[ 1483.111793]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1483.116743]  ? kasan_check_read+0x11/0x20
[ 1483.120922]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1483.126201]  ? rcu_softirq_qs+0x20/0x20
[ 1483.130183]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1483.135290]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1483.140836]  ? check_preemption_disabled+0x48/0x280
[ 1483.145869]  handle_mm_fault+0x54f/0xc70
[ 1483.149935]  ? __handle_mm_fault+0x5be0/0x5be0
[ 1483.154521]  ? find_vma+0x34/0x190
[ 1483.158066]  __do_page_fault+0x5e8/0xe60
[ 1483.162139]  ? trace_hardirqs_off+0xb8/0x310
[ 1483.166563]  do_page_fault+0xf2/0x7e0
[ 1483.170367]  ? vmalloc_sync_all+0x30/0x30
[ 1483.174534]  ? error_entry+0x70/0xd0
[ 1483.178251]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 1483.183266]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 1483.188199]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1483.193129]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1483.197977]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1483.203030]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 1483.208518]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1483.213544]  ? page_fault+0x8/0x30
[ 1483.217106]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1483.221958]  ? page_fault+0x8/0x30
[ 1483.225506]  page_fault+0x1e/0x30
[ 1483.228958] RIP: 0033:0x7fbb441ebc0e
[ 1483.232689] Code: Bad RIP value.
[ 1483.236073] RSP: 002b:00007ffd91e48890 EFLAGS: 00010246
[ 1483.241440] RAX: 0000000000000000 RBX: 00007fbb43046f10 RCX: 0000000000000002
[ 1483.248711] RDX: 00000000000136f0 RSI: 0000000000013700 RDI: 00007fbb43047000
[ 1483.255985] RBP: 00000000025a0eb0 R08: 0000000000000000 R09: 00000000025a1116
[ 1483.263257] R10: 0000000000000001 R11: 0000000000000100 R12: 0000000000000001
[ 1483.270529] R13: 0000000000000064 R14: 00000000025a1320 R15: 00000000025a10e6
[ 1483.399863] Mem-Info:
[ 1483.402370] active_anon:1350663 inactive_anon:11363 isolated_anon:0
[ 1483.402370]  active_file:95 inactive_file:141 isolated_file:34
[ 1483.402370]  unevictable:2560 dirty:1 writeback:0 unstable:0
[ 1483.402370]  slab_reclaimable:14096 slab_unreclaimable:112933
[ 1483.402370]  mapped:49326 shmem:473 pagetables:9154 bounce:0
[ 1483.402370]  free:24228 free_pcp:24 free_cma:0
[ 1483.508602] Node 0 active_anon:5402752kB inactive_anon:45452kB active_file:348kB inactive_file:516kB unevictable:10240kB isolated(anon):0kB isolated(file):140kB mapped:197404kB dirty:4kB writeback:0kB shmem:1892kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 210944kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1483.551956] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1483.633979] lowmem_reserve[]: 0 2818 6321 6321
[ 1483.647954] Node 0 DMA32 free:43996kB min:30052kB low:37564kB high:45076kB active_anon:2784992kB inactive_anon:320kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:4416kB pagetables:8360kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1483.688914] lowmem_reserve[]: 0 0 3503 3503
[ 1483.693388] Node 0 Normal free:36980kB min:37364kB low:46704kB high:56044kB active_anon:2618284kB inactive_anon:45132kB active_file:368kB inactive_file:576kB unevictable:10240kB writepending:8kB present:4718592kB managed:3587816kB mlocked:10240kB kernel_stack:16832kB pagetables:28160kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB
[ 1483.734215] lowmem_reserve[]: 0 0 0 0
[ 1483.743090] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[ 1483.758389] Node 0 DMA32: 577*4kB (UME) 211*8kB (UME) 76*16kB (UE) 20*32kB (UME) 2*64kB (U) 1*128kB (U) 0*256kB 2*512kB (UE) 2*1024kB (UM) 1*2048kB (E) 8*4096kB (M) = 43996kB
[ 1483.774299] Node 0 Normal: 1153*4kB (UMEH) 2356*8kB (UEH) 675*16kB (UMEH) 78*32kB (UME) 6*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 37268kB
[ 1483.789737] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1483.812330] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1483.822314] 683 total pagecache pages
[ 1483.839521] 0 pages in swap cache
[ 1483.843089] Swap cache stats: add 0, delete 0, find 0/0
[ 1483.868770] Free swap  = 0kB
[ 1483.871845] Total swap = 0kB
[ 1483.877762] 1965979 pages RAM
[ 1483.886038] 0 pages HighMem/MovableOnly
[ 1483.890040] 342853 pages reserved
[ 1483.893491] 0 pages cma reserved
[ 1483.896938] Out of memory: Kill process 8690 (syz-executor2) score 1007 or sacrifice child
[ 1483.905863] Killed process 8690 (syz-executor2) total-vm:70472kB, anon-rss:18068kB, file-rss:32640kB, shmem-rss:0kB
[ 1484.070781] blkid invoked oom-killer: gfp_mask=0x6280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=-1000
[ 1484.174756] blkid cpuset=/ mems_allowed=0
[ 1484.178993] CPU: 1 PID: 26076 Comm: blkid Not tainted 4.20.0-rc7+ #157
[ 1484.185677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1484.195046] Call Trace:
[ 1484.197657]  dump_stack+0x244/0x39d
[ 1484.201319]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1484.206530]  ? mark_held_locks+0x130/0x130
[ 1484.210778]  ? mark_held_locks+0x130/0x130
[ 1484.215064]  dump_header+0x27b/0xf72
[ 1484.218826]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1484.224393]  ? check_preemption_disabled+0x48/0x280
[ 1484.229441]  ? pagefault_out_of_memory+0x197/0x197
[ 1484.234396]  ? debug_smp_processor_id+0x1c/0x20
[ 1484.239087]  ? perf_trace_lock+0x14d/0x7a0
[ 1484.243337]  ? debug_smp_processor_id+0x1c/0x20
[ 1484.248020]  ? perf_trace_lock+0x14d/0x7a0
[ 1484.252286]  ? lock_is_held_type+0x210/0x210
[ 1484.256721]  ? debug_smp_processor_id+0x1c/0x20
[ 1484.261402]  ? perf_trace_lock+0x14d/0x7a0
[ 1484.265695]  ? zap_class+0x640/0x640
[ 1484.269441]  ? print_usage_bug+0xc0/0xc0
[ 1484.273512]  ? lock_is_held_type+0x210/0x210
[ 1484.277939]  ? perf_trace_lock+0x14d/0x7a0
[ 1484.282197]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1484.287758]  ? find_held_lock+0x36/0x1c0
[ 1484.291849]  ? mark_held_locks+0xc7/0x130
[ 1484.296031]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 1484.301168]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 1484.306294]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1484.310895]  ? trace_hardirqs_on+0xbd/0x310
[ 1484.315231]  ? kasan_check_read+0x11/0x20
[ 1484.319396]  ? ___ratelimit+0x3b4/0x672
[ 1484.323394]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1484.328521]  ? trace_hardirqs_on+0x310/0x310
[ 1484.332959]  ? lock_downgrade+0x900/0x900
[ 1484.337139]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 1484.342275]  ? ___ratelimit+0x3b9/0x672
[ 1484.346287]  ? idr_get_free+0xf70/0xf70
[ 1484.350285]  ? lock_is_held_type+0x210/0x210
[ 1484.356380]  oom_kill_process.cold.27+0x10/0x903
[ 1484.361167]  ? zap_class+0x640/0x640
[ 1484.364903]  ? _raw_spin_unlock+0x2c/0x50
[ 1484.369071]  ? oom_badness+0xe6/0xaa0
[ 1484.373149]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1484.378096]  ? kasan_check_read+0x11/0x20
[ 1484.382265]  ? oom_evaluate_task+0x540/0x540
[ 1484.386721]  ? find_held_lock+0x36/0x1c0
[ 1484.390813]  ? out_of_memory+0x974/0x1430
[ 1484.394980]  ? lock_downgrade+0x900/0x900
[ 1484.399145]  ? check_preemption_disabled+0x48/0x280
[ 1484.404182]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1484.409130]  ? kasan_check_read+0x11/0x20
[ 1484.413292]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1484.418581]  ? rcu_softirq_qs+0x20/0x20
[ 1484.422577]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1484.428124]  ? oom_evaluate_task+0x302/0x540
[ 1484.432548]  out_of_memory+0xa84/0x1430
[ 1484.436530]  ? oom_killer_disable+0x3a0/0x3a0
[ 1484.441011]  ? __alloc_pages_slowpath+0xf5c/0x2de0
[ 1484.445934]  ? __ww_mutex_check_waiters+0x160/0x160
[ 1484.450948]  __alloc_pages_slowpath+0x232c/0x2de0
[ 1484.455798]  ? warn_alloc+0x120/0x120
[ 1484.459588]  ? mark_held_locks+0x130/0x130
[ 1484.463831]  ? print_usage_bug+0xc0/0xc0
[ 1484.467885]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1484.473411]  ? check_preemption_disabled+0x48/0x280
[ 1484.478422]  ? debug_smp_processor_id+0x1c/0x20
[ 1484.483082]  ? perf_trace_lock+0x14d/0x7a0
[ 1484.487303]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1484.492220]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1484.497743]  ? should_fail+0x22d/0xd01
[ 1484.501619]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 1484.506711]  ? zap_class+0x640/0x640
[ 1484.510411]  ? mark_held_locks+0x130/0x130
[ 1484.514637]  ? __save_stack_trace+0x8d/0xf0
[ 1484.518948]  ? __lock_is_held+0xb5/0x140
[ 1484.523001]  ? kmem_cache_alloc+0x12e/0x730
[ 1484.527310]  ? lock_release+0xa00/0xa00
[ 1484.531268]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1484.536708]  ? __might_sleep+0x95/0x190
[ 1484.540677]  __alloc_pages_nodemask+0xad8/0xea0
[ 1484.545339]  ? __alloc_pages_slowpath+0x2de0/0x2de0
[ 1484.550337]  ? find_held_lock+0x36/0x1c0
[ 1484.554397]  ? __pte_alloc+0x1c7/0x350
[ 1484.558296]  ? kasan_check_read+0x11/0x20
[ 1484.562430]  ? do_raw_spin_unlock+0xa7/0x330
[ 1484.566821]  ? do_raw_spin_trylock+0x270/0x270
[ 1484.571391]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1484.576916]  alloc_pages_vma+0x13d/0x690
[ 1484.580972]  __handle_mm_fault+0x27f8/0x5be0
[ 1484.585371]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1484.590197]  ? lock_is_held_type+0x210/0x210
[ 1484.594614]  ? zap_class+0x640/0x640
[ 1484.598314]  ? zap_class+0x640/0x640
[ 1484.602013]  ? find_held_lock+0x36/0x1c0
[ 1484.606063]  ? handle_mm_fault+0x42a/0xc70
[ 1484.610282]  ? lock_downgrade+0x900/0x900
[ 1484.614416]  ? check_preemption_disabled+0x48/0x280
[ 1484.619419]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1484.624336]  ? kasan_check_read+0x11/0x20
[ 1484.628466]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1484.633728]  ? rcu_softirq_qs+0x20/0x20
[ 1484.637693]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1484.642781]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1484.648305]  ? check_preemption_disabled+0x48/0x280
[ 1484.653310]  handle_mm_fault+0x54f/0xc70
[ 1484.657360]  ? __handle_mm_fault+0x5be0/0x5be0
[ 1484.661931]  ? find_vma+0x34/0x190
[ 1484.665461]  __do_page_fault+0x5e8/0xe60
[ 1484.669506]  ? trace_hardirqs_off+0xb8/0x310
[ 1484.673936]  do_page_fault+0xf2/0x7e0
[ 1484.677722]  ? vmalloc_sync_all+0x30/0x30
[ 1484.681854]  ? error_entry+0x70/0xd0
[ 1484.685553]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 1484.690549]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 1484.695491]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1484.700415]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1484.705247]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1484.710251]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 1484.715695]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1484.721217]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1484.726214]  ? page_fault+0x8/0x30
[ 1484.729740]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1484.734626]  ? page_fault+0x8/0x30
[ 1484.738154]  page_fault+0x1e/0x30
[ 1484.741591] RIP: 0033:0x7f57ddda4c0e
[ 1484.745314] Code: Bad RIP value.
[ 1484.748659] RSP: 002b:00007fff083e9880 EFLAGS: 00010246
[ 1484.754005] RAX: 0000000000000000 RBX: 00007f57dbdfff10 RCX: 0000000000000002
[ 1484.761264] RDX: 0000000000024da0 RSI: 0000000000024da0 RDI: 00007f57dbe00000
[ 1484.768516] RBP: 00000000021c3eb0 R08: 0000000000000000 R09: 00000000021c4116
[ 1484.775767] R10: 0000000000000001 R11: 0000000000000100 R12: 0000000000000001
[ 1484.783018] R13: 0000000000000064 R14: 00000000021c4320 R15: 00000000021c40e6
[ 1484.994834] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[ 1485.003329] CPU: 0 PID: 25929 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #157
[ 1485.010707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1485.020074] Call Trace:
[ 1485.022707]  dump_stack+0x244/0x39d
[ 1485.026363]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 1485.031599]  panic+0x2ad/0x55c
[ 1485.034819]  ? add_taint.cold.5+0x16/0x16
[ 1485.039000]  ? lock_downgrade+0x900/0x900
[ 1485.043173]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1485.048731]  ? check_preemption_disabled+0x48/0x280
[ 1485.053771]  ? check_preemption_disabled+0x3a/0x280
[ 1485.058824]  __schedule+0x21c6/0x21d0
[ 1485.062685]  ? ___preempt_schedule+0x16/0x18
[ 1485.063856] Mem-Info:
[ 1485.067166]  ? __sched_text_start+0x8/0x8
[ 1485.067249]  ? _raw_spin_unlock+0x3f/0x50
[ 1485.067281]  ? mark_held_locks+0xc7/0x130
[ 1485.067306]  ? preempt_schedule_irq+0x90/0x140
[ 1485.067325]  ? preempt_schedule_irq+0x90/0x140
[ 1485.067346]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1485.067369]  ? trace_hardirqs_on+0xbd/0x310
[ 1485.067388]  ? retint_kernel+0x1b/0x2d
[ 1485.067410]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1485.067437]  ? mark_held_locks+0xc7/0x130
[ 1485.067463]  preempt_schedule_irq+0xb9/0x140
[ 1485.067488]  retint_kernel+0x1b/0x2d
[ 1485.067508] RIP: 0010:queue_work_on+0x17a/0x1e0
[ 1485.105735] active_anon:1355073 inactive_anon:8384 isolated_anon:0
[ 1485.105735]  active_file:32 inactive_file:38 isolated_file:38
[ 1485.105735]  unevictable:1024 dirty:0 writeback:0 unstable:0
[ 1485.105735]  slab_reclaimable:14078 slab_unreclaimable:112809
[ 1485.105735]  mapped:49205 shmem:473 pagetables:9109 bounce:0
[ 1485.105735]  free:24179 free_pcp:100 free_cma:0
[ 1485.109436] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 73 48 83 3d e2 b7 00 08 00 74 44 e8 5b 3b 2e 00 48 89 df 57 9d <0f> 1f 44 00 00 eb a6 e8 4a 3b 2e 00 8b 7d d4 4c 89 e2 4c 89 fe 41
[ 1485.113602] Node 0 active_anon:5420292kB inactive_anon:33536kB active_file:128kB inactive_file:152kB unevictable:4096kB isolated(anon):0kB isolated(file):152kB mapped:196820kB dirty:0kB writeback:0kB shmem:1892kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 194560kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1485.117970] RSP: 0018:ffff888181a54c30 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 1485.117990] RAX: ffff888184ec8540 RBX: 0000000000000293 RCX: 1ffff110309d91cb
[ 1485.118002] RDX: 0000000000000000 RSI: ffffffff81514915 RDI: 0000000000000293
[ 1485.118013] RBP: ffff888181a54c60 R08: ffff888184ec8e58 R09: 0000000000000007
[ 1485.118025] R10: 0000000000000000 R11: ffff888184ec8540 R12: 0000000000000200
[ 1485.118037] R13: 0000000000000001 R14: 0000000000000000 R15: ffff8881da8177c0
[ 1485.118083]  ? queue_work_on+0x175/0x1e0
[ 1485.118124]  vmpressure+0x271/0x340
[ 1485.134194] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1485.160100]  vmpressure_prio+0x44/0x50
[ 1485.160126]  do_try_to_free_pages+0x1ff/0x1290
[ 1485.160212]  ? shrink_node+0x16b0/0x16b0
[ 1485.160251]  ? __lock_is_held+0xb5/0x140
[ 1485.160325]  try_to_free_pages+0x4d0/0xb90
[ 1485.160354]  ? do_try_to_free_pages+0x1290/0x1290
[ 1485.160441]  ? _raw_spin_unlock_irq+0x56/0x80
[ 1485.160462]  ? _raw_spin_unlock_irq+0x60/0x80
[ 1485.160483]  ? psi_memstall_enter+0x24f/0x2c0
[ 1485.270217] lowmem_reserve[]: 0 2818 6321 6321
[ 1485.285598]  ? psi_memstall_tick+0x230/0x230
[ 1485.285641]  __alloc_pages_slowpath+0xa48/0x2de0
[ 1485.285721]  ? check_preemption_disabled+0x48/0x280
[ 1485.285744]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1485.289719] Node 0 DMA32 free:44004kB min:30052kB low:37564kB high:45076kB active_anon:2784992kB inactive_anon:320kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2888780kB mlocked:0kB kernel_stack:4416kB pagetables:8352kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1485.294332]  ? warn_alloc+0x120/0x120
[ 1485.378964] lowmem_reserve[]: 0 0 3503 3503
[ 1485.381466]  ? perf_trace_lock+0x4a7/0x7a0
[ 1485.385847] Node 0 Normal free:37204kB min:37364kB low:46704kB high:56044kB active_anon:2635200kB inactive_anon:33216kB active_file:128kB inactive_file:0kB unevictable:4096kB writepending:0kB present:4718592kB managed:3587816kB mlocked:4096kB kernel_stack:16832kB pagetables:28084kB bounce:0kB free_pcp:68kB local_pcp:0kB free_cma:0kB
[ 1485.390034]  ? lock_is_held_type+0x210/0x210
[ 1485.422766] lowmem_reserve[]: 0 0 0 0
[ 1485.424021]  ? print_usage_bug+0xc0/0xc0
[ 1485.431865]  ? zap_class+0x640/0x640
[ 1485.435616]  ? zap_class+0x640/0x640
[ 1485.439356]  ? print_usage_bug+0xc0/0xc0
[ 1485.439788] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[ 1485.443432]  ? zap_class+0x640/0x640
[ 1485.460681]  ? check_preemption_disabled+0x48/0x280
[ 1485.465758]  ? mark_held_locks+0xc7/0x130
[ 1485.469940]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1485.474821]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1485.479463]  ? retint_kernel+0x2d/0x2d
[ 1485.483372]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1485.488164]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 1485.493652]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 1485.498610]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1485.503546]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1485.508328] Node 0 
[ 1485.508342]  ? retint_kernel+0x2d/0x2d
[ 1485.508346] DMA32: 575*4kB (UME) 213*8kB (UME) 76*16kB (UE) 20*32kB (UME) 2*64kB (U) 1*128kB (U) 0*256kB 2*512kB (UE) 2*1024kB (UM) 1*2048kB (E) 8*4096kB (M) = 44004kB
[ 1485.510626]  ? __next_zones_zonelist+0x28/0x1a0
[ 1485.514473] Node 0 Normal: 1205*4kB (UMEH) 2365*8kB (UMEH) 679*16kB (UMEH) 80*32kB (UME) 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 37484kB
[ 1485.534246]  __alloc_pages_nodemask+0xad8/0xea0
[ 1485.553475]  ? __alloc_pages_slowpath+0x2de0/0x2de0
[ 1485.556976] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1485.558551]  ? print_usage_bug+0xc0/0xc0
[ 1485.571450]  ? __lock_acquire+0x62f/0x4c20
[ 1485.575752]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1485.578176] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1485.581319]  ? pagecache_get_page+0x2d8/0xf00
[ 1485.594391]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1485.599972]  alloc_pages_current+0x173/0x350
[ 1485.604415]  __page_cache_alloc+0x38c/0x5c0
[ 1485.608785]  ? print_usage_bug+0xc0/0xc0
[ 1485.612869]  ? perf_tp_event+0xc20/0xc20
[ 1485.613677] 539 total pagecache pages
[ 1485.616949]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1485.616973]  ? generic_perform_write+0x6a0/0x6a0
[ 1485.616991]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1485.617023]  ? check_preemption_disabled+0x48/0x280
[ 1485.617061]  pagecache_get_page+0x396/0xf00
[ 1485.617094]  ? add_to_page_cache_lru+0xdb0/0xdb0
[ 1485.617121]  ? __find_get_block+0x2f7/0xf20
[ 1485.617141]  ? __find_get_block+0x2f7/0xf20
[ 1485.617163]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1485.617186]  ? trace_hardirqs_on+0xbd/0x310
[ 1485.617207]  ? __getblk_gfp+0x2b3/0xd50
[ 1485.617229]  ? trace_hardirqs_off_caller+0x310/0x310
[ 1485.617245]  ? zap_class+0x640/0x640
[ 1485.617265]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1485.617284]  ? check_preemption_disabled+0x48/0x280
[ 1485.617298]  ? print_usage_bug+0xc0/0xc0
[ 1485.617332]  ? __find_get_block+0x3be/0xf20
[ 1485.631221] 0 pages in swap cache
[ 1485.631451]  ? try_to_free_buffers+0xc80/0xc80
[ 1485.640101] Swap cache stats: add 0, delete 0, find 0/0
[ 1485.642009]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1485.649371] Free swap  = 0kB
[ 1485.651056]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 1485.655424] Total swap = 0kB
[ 1485.659705]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1485.664270] 1965979 pages RAM
[ 1485.668589]  ? trace_hardirqs_on+0xbd/0x310
[ 1485.668615]  ? __might_sleep+0x95/0x190
[ 1485.668642]  __getblk_gfp+0x3aa/0xd50
[ 1485.668755]  ? __find_get_block+0xf20/0xf20
[ 1485.668789]  ? save_stack+0xa9/0xd0
[ 1485.668825]  ? save_stack+0x43/0xd0
[ 1485.668856]  ? kasan_kmalloc+0xc7/0xe0
[ 1485.668871]  ? __kmalloc+0x15b/0x760
[ 1485.668887]  ? ext4_find_extent+0x757/0x9b0
[ 1485.668903]  ? ext4_ext_map_blocks+0x291/0x48f0
[ 1485.668921]  ? ext4_da_get_block_prep+0xe46/0x1550
[ 1485.668959]  ? ext4_block_write_begin+0x6f9/0x1870
[ 1485.678418] 0 pages HighMem/MovableOnly
[ 1485.681762]  ? ext4_da_write_begin+0x43b/0x12c0
[ 1485.690029] 342853 pages reserved
[ 1485.692318]  ? generic_perform_write+0x3aa/0x6a0
[ 1485.692329]  ? __generic_file_write_iter+0x26e/0x630
[ 1485.692339]  ? ext4_file_write_iter+0x390/0x1420
[ 1485.692349]  ? __vfs_write+0x6b8/0x9f0
[ 1485.692357]  ? __kernel_write+0x10c/0x370
[ 1485.692369]  ? do_acct_process+0x1144/0x1660
[ 1485.692377]  ? acct_process+0x6b1/0x875
[ 1485.692389]  ? do_exit+0x1b89/0x26d0
[ 1485.692398]  ? do_group_exit+0x177/0x440
[ 1485.692406]  ? get_signal+0x8b0/0x1980
[ 1485.692415]  ? do_signal+0x9c/0x21c0
[ 1485.692426]  ? exit_to_usermode_loop+0x2e5/0x380
[ 1485.692440]  ? do_syscall_64+0x6be/0x820
[ 1485.692457]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1485.692480]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 1485.700060] 0 pages cma reserved
[ 1485.700856]  ? zap_class+0x640/0x640
[ 1485.704293] Out of memory: Kill process 8756 (syz-executor2) score 1007 or sacrifice child
[ 1485.708887]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1485.708910]  ? check_preemption_disabled+0x48/0x280
[ 1485.708974]  __read_extent_tree_block+0x11d/0xab0
[ 1485.709006]  ? __ext4_ext_check+0x1330/0x1330
[ 1485.709043]  ? rcu_read_lock_sched_held+0x14f/0x180
[ 1485.709076]  ? __kmalloc+0x5ee/0x760
[ 1485.718402] Killed process 8756 (syz-executor2) total-vm:70472kB, anon-rss:18068kB, file-rss:32640kB, shmem-rss:0kB
[ 1485.719885]  ? ext4_find_extent+0x757/0x9b0
[ 1485.732527] oom_reaper: reaped process 8756 (syz-executor2), now anon-rss:0kB, file-rss:32640kB, shmem-rss:0kB
[ 1485.735575]  ext4_find_extent+0x38a/0x9b0
[ 1485.735615]  ext4_ext_map_blocks+0x291/0x48f0
[ 1485.735640]  ? mark_held_locks+0xc7/0x130
[ 1485.735695]  ? ext4_ext_release+0x10/0x10
[ 1485.735726]  ? zap_class+0x640/0x640
[ 1485.735749]  ? zap_class+0x640/0x640
[ 1485.735772]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1485.735794]  ? check_preemption_disabled+0x48/0x280
[ 1485.735838]  ? __lock_is_held+0xb5/0x140
[ 1485.974451]  ? lock_acquire+0x1ed/0x520
[ 1485.978434]  ? ext4_da_get_block_prep+0x80c/0x1550
[ 1485.983375]  ? lock_release+0xa00/0xa00
[ 1485.987355]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1485.992797]  ? ext4_es_cache_extent+0x6a0/0x6a0
[ 1485.997479]  ? down_read+0x8d/0x120
[ 1486.001106]  ? ext4_da_get_block_prep+0x80c/0x1550
[ 1486.006042]  ? __down_interruptible+0x700/0x700
[ 1486.010702]  ? print_usage_bug+0xc0/0xc0
[ 1486.014754]  ? alloc_pages_current+0x17b/0x350
[ 1486.019331]  ext4_da_get_block_prep+0xe46/0x1550
[ 1486.024075]  ? __page_cache_alloc+0x191/0x5c0
[ 1486.028586]  ? ext4_inode_attach_jinode.part.70+0x150/0x150
[ 1486.034300]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.039056]  ext4_block_write_begin+0x6f9/0x1870
[ 1486.043829]  ? ext4_inode_attach_jinode.part.70+0x150/0x150
[ 1486.049544]  ? __check_block_validity.constprop.80+0x210/0x210
[ 1486.055513]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1486.060953]  ? retint_kernel+0x2d/0x2d
[ 1486.064861]  ? __lock_is_held+0xb5/0x140
[ 1486.068946]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1486.074474]  ? wait_for_stable_page+0x1a5/0x570
[ 1486.079136]  ? set_page_dirty_lock+0x190/0x190
[ 1486.083707]  ? retint_kernel+0x2d/0x2d
[ 1486.087591]  ? __might_sleep+0x95/0x190
[ 1486.091561]  ext4_da_write_begin+0x43b/0x12c0
[ 1486.096076]  ? ext4_write_begin+0x1830/0x1830
[ 1486.100566]  ? print_usage_bug+0xc0/0xc0
[ 1486.104639]  ? __inode_attach_wb+0x13f0/0x13f0
[ 1486.109254]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 1486.114727]  ? mark_held_locks+0xc7/0x130
[ 1486.118897]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.123644]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1486.128223]  ? retint_kernel+0x2d/0x2d
[ 1486.132101]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 1486.137023]  ? iov_iter_fault_in_readable+0x22a/0x450
[ 1486.142221]  ? _copy_from_iter_flushcache+0xfc0/0xfc0
[ 1486.147414]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.152168]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.156942]  generic_perform_write+0x3aa/0x6a0
[ 1486.161515]  ? file_remove_privs+0x540/0x540
[ 1486.165935]  ? add_page_wait_queue+0x400/0x400
[ 1486.170509]  ? file_update_time+0xe4/0x640
[ 1486.174738]  ? current_time+0x1b0/0x1b0
[ 1486.178715]  ? ext4_file_write_iter+0x344/0x1420
[ 1486.183469]  __generic_file_write_iter+0x26e/0x630
[ 1486.188396]  ext4_file_write_iter+0x390/0x1420
[ 1486.192967]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.197756]  ? ext4_file_mmap+0x410/0x410
[ 1486.201912]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 1486.207360]  ? print_usage_bug+0xc0/0xc0
[ 1486.211410]  ? perf_trace_lock+0x14d/0x7a0
[ 1486.215642]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.220442]  ? retint_kernel+0x2d/0x2d
[ 1486.224363]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1486.229893]  ? iov_iter_init+0xe5/0x210
[ 1486.233864]  __vfs_write+0x6b8/0x9f0
[ 1486.237600]  ? kernel_read+0x120/0x120
[ 1486.241544]  ? do_acct_process+0x1338/0x1660
[ 1486.245969]  ? lock_release+0xa00/0xa00
[ 1486.249941]  ? __lock_is_held+0xb5/0x140
[ 1486.254009]  __kernel_write+0x10c/0x370
[ 1486.258003]  do_acct_process+0x1144/0x1660
[ 1486.262252]  ? acct_on+0x940/0x940
[ 1486.265801]  ? acct_process+0x44c/0x875
[ 1486.269786]  ? lock_downgrade+0x900/0x900
[ 1486.273965]  ? check_preemption_disabled+0x48/0x280
[ 1486.278977]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 1486.283898]  ? kasan_check_read+0x11/0x20
[ 1486.288056]  acct_process+0x6b1/0x875
[ 1486.291858]  ? acct_collect+0x860/0x860
[ 1486.295829]  ? lock_downgrade+0x900/0x900
[ 1486.299971]  ? set_mm_exe_file+0x200/0x200
[ 1486.304199]  ? kasan_check_read+0x11/0x20
[ 1486.308341]  ? do_raw_spin_trylock+0x270/0x270
[ 1486.312914]  ? up_read_non_owner+0x100/0x100
[ 1486.317334]  do_exit+0x1b89/0x26d0
[ 1486.320873]  ? mm_update_next_owner+0x990/0x990
[ 1486.325546]  ? print_usage_bug+0xc0/0xc0
[ 1486.329601]  ? wake_up_q+0xb3/0x100
[ 1486.333217]  ? wake_up_q+0xb9/0x100
[ 1486.336844]  ? __mutex_unlock_slowpath+0x43c/0x8c0
[ 1486.341776]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 1486.346712]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.351462]  ? __lock_acquire+0x62f/0x4c20
[ 1486.355735]  ? retint_kernel+0x2d/0x2d
[ 1486.359636]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.364432]  ? mark_held_locks+0x130/0x130
[ 1486.368665]  ? mutex_unlock+0xd/0x10
[ 1486.372599]  ? __rtnl_unlock+0x79/0x90
[ 1486.376483]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1486.382010]  ? check_preemption_disabled+0x48/0x280
[ 1486.387024]  ? debug_smp_processor_id+0x1c/0x20
[ 1486.391696]  ? perf_trace_lock+0x14d/0x7a0
[ 1486.395933]  ? raw_notifier_call_chain+0x2d/0x40
[ 1486.400687]  ? lock_is_held_type+0x210/0x210
[ 1486.405117]  ? __dev_notify_flags+0x1ed/0x480
[ 1486.409636]  ? dev_change_name+0xbc0/0xbc0
[ 1486.413885]  ? zap_class+0x640/0x640
[ 1486.417594]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1486.422168]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.426919]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1486.431490]  ? retint_kernel+0x2d/0x2d
[ 1486.435367]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 1486.440283]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.445032]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 1486.450496]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.455268]  do_group_exit+0x177/0x440
[ 1486.459218]  ? __ia32_sys_exit+0x50/0x50
[ 1486.463280]  get_signal+0x8b0/0x1980
[ 1486.467011]  ? ptrace_notify+0x130/0x130
[ 1486.471085]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 1486.476273]  ? sock_ioctl+0x334/0x690
[ 1486.480068]  ? dlci_ioctl_set+0x40/0x40
[ 1486.484047]  ? ksys_dup3+0x680/0x680
[ 1486.487755]  ? __might_fault+0x12b/0x1e0
[ 1486.491814]  do_signal+0x9c/0x21c0
[ 1486.495340]  ? perf_trace_sched_process_exec+0x860/0x860
[ 1486.500778]  ? dlci_ioctl_set+0x40/0x40
[ 1486.504746]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1486.510273]  ? do_vfs_ioctl+0x201/0x1790
[ 1486.514323]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1486.519082]  ? setup_sigcontext+0x7d0/0x7d0
[ 1486.523393]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1486.527962]  ? retint_kernel+0x2d/0x2d
[ 1486.531839]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 1486.536761]  ? memset+0x31/0x40
[ 1486.540043]  ? exit_to_usermode_loop+0x8c/0x380
[ 1486.544717]  ? exit_to_usermode_loop+0x8c/0x380
[ 1486.549375]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 1486.553948]  ? trace_hardirqs_on+0xbd/0x310
[ 1486.558260]  ? do_syscall_64+0x6be/0x820
[ 1486.562324]  exit_to_usermode_loop+0x2e5/0x380
[ 1486.566937]  ? __bpf_trace_sys_exit+0x30/0x30
[ 1486.571427]  ? do_syscall_64+0x2c7/0x820
[ 1486.575480]  do_syscall_64+0x6be/0x820
[ 1486.579381]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 1486.584780]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1486.589697]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1486.594527]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1486.599535]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 1486.604542]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1486.609391]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1486.614581] RIP: 0033:0x457669
[ 1486.617787] Code: Bad RIP value.
[ 1486.621138] RSP: 002b:00007fb052941c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1486.628834] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000457669
[ 1486.636092] RDX: 0000000020000040 RSI: 0000000000008914 RDI: 000000000000000c
[ 1486.643384] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[ 1486.650656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb0529426d4
[ 1486.657931] R13: 00000000004c277c R14: 00000000004d4758 R15: 00000000ffffffff
[ 1486.666512] Kernel Offset: disabled
[ 1486.670531] Rebooting in 86400 seconds..